What happens to code review when AI writes 80% of the code?
Review shifts upstream — from diff to design. Humans review intents and policies; agents review diffs against policy. bRRAIn's review pipeline reflects this inversion.
Diff-level review no longer scales
When agents produce the majority of the code, diff-level review becomes a bottleneck that nobody can staff. A single engineer can read maybe 2,000 lines of careful diff per day; agents can generate that in an hour. The arithmetic forces a change. Diff review has to move to machines, and humans have to review something further upstream. bRRAIn's Code Sandbox is the mechanical reviewer — it runs every agent patch against policy, CVE checks, coverage thresholds, and pattern rules, blocking anything that fails before a human ever sees it.
Humans review intent and policy
Humans keep the part that requires judgment: intent and policy. Before an agent writes code, an engineer approves the design — the ADR, the interface change, the policy adjustment. Once the design is blessed, agents execute under it, and the Security Policy Engine enforces the rules on every patch. Humans also review new policies themselves: should this action class be allowed at all, under what role, with what audit trail. That kind of review is irreducibly human and high-leverage. One approved policy prevents thousands of downstream incidents.
Agents review diffs against policy
Agents handle the mechanical review work that used to consume senior engineers. A reviewer-agent running in the Code Sandbox checks each patch against the codified rules: no secret in a config file, no unreviewed dependency added, no coverage regression, no forbidden API call. It does this at machine speed, across every patch, without fatigue. When a patch fails, the reviewer-agent produces a structured report the human can act on. The inversion is complete — humans review policies; agents review code against those policies.
The review pipeline that results
Put together, the new pipeline has three stages. Stage one: a human designer approves intent in an ADR, stored in the Vault. Stage two: agents generate code; the Code Sandbox and reviewer-agents enforce every codified rule. Stage three: a human reviewer signs off on the final bundle, reading the ADR and the policy-check report rather than the raw diff. The Control Plane audits every step. This is slower to set up but radically faster in steady state, and it produces diffs that are safer than the human-only pipeline ever was.
Relevant bRRAIn products and services
- Code Sandbox — the mechanical reviewer that inspects every agent patch against codified policy.
- Security Policy Engine — the rulebook humans author and agents enforce on every change.
- bRRAIn Vault — the ADR store that anchors intent-level human review upstream of code.
- Control Plane — the audit trail that proves who approved what and when.
- Integration Engineer certification — the training for the humans who author policy and own intent review.