Context
Cloudflare published a useful write-up on operating AI code review at scale: https://blog.cloudflare.com/ai-code-review/
The core idea worth tracking for Kodiai is that AI review should be treated as an orchestration and observability system, not as one large prompt. Their architecture uses risk-tiered review plans, specialist reviewers, a coordinator/reducer, structured outputs, failback, and explicit telemetry.
Why this matters for Kodiai
Recent production work exposed related failure modes in our current single-reviewer path:
- full reviews can exhaust turns before covering enough files;
- prompt/tool availability can drift when the remote workspace changes shape;
- degraded diff paths need explicit truth surfaces;
- retry/bounded-review state needs durable coverage evidence;
- noisy review findings need stronger filtering and traceability.
PR #130 addresses the immediate degraded-diff and handoff-latency issues. This issue tracks the broader architecture follow-up so it does not block the now-path.
Candidate improvements
-
First-class review plan object
- Represent tier, agents, prompt mode, tool surface, diff source, timeout/max-turn budget, retry policy, and publish policy in one explicit plan.
- Prevent drift between allowed tools and prompt instructions.
-
Specialist reviewer lanes
- Start small rather than copying Cloudflare's seven-agent setup.
- Candidate lanes:
- correctness/code-quality;
- security/safety;
- docs/config/runbook truthfulness.
- Run specialists only when risk tier or changed paths justify them.
-
Coordinator/reducer pass
- Specialists emit structured findings.
- Coordinator dedupes, validates, reclassifies severity, and publishes a single output.
- Preserve telemetry for kept/dropped/merged findings with reasons.
-
AGENTS/runbook/config freshness reviewer
- Flag material changes that should update
.kodiai.yml, runbooks, prompts, project instructions, or operator docs.
- This should catch drift when behavior changes but docs/config examples stay stale.
-
User-visible progress/heartbeat for long reviews
- Surface review phase progress and “still working” signals for long-running reviews.
- Tie this to existing phase timing and Review Details evidence.
-
Provider/model failback and circuit-breaker policy
- Classify retryable provider failures separately from auth/context/user aborts.
- Route around temporary provider failures without treating them as app correctness bugs.
-
Shared context and diff artifact strategy
- Evaluate storing shared review context and per-file diff artifacts to reduce duplicate prompt tokens.
- Keep path/symlink/snapshot safety explicit.
Non-goals
Acceptance shape
A future design should define:
- a typed review-plan contract;
- initial specialist lane boundaries;
- structured finding schema;
- coordinator/reducer telemetry;
- rollout gates and cost controls;
- production metrics proving lower latency/noise or better coverage.
Context
Cloudflare published a useful write-up on operating AI code review at scale: https://blog.cloudflare.com/ai-code-review/
The core idea worth tracking for Kodiai is that AI review should be treated as an orchestration and observability system, not as one large prompt. Their architecture uses risk-tiered review plans, specialist reviewers, a coordinator/reducer, structured outputs, failback, and explicit telemetry.
Why this matters for Kodiai
Recent production work exposed related failure modes in our current single-reviewer path:
PR #130 addresses the immediate degraded-diff and handoff-latency issues. This issue tracks the broader architecture follow-up so it does not block the now-path.
Candidate improvements
First-class review plan object
Specialist reviewer lanes
Coordinator/reducer pass
AGENTS/runbook/config freshness reviewer
.kodiai.yml, runbooks, prompts, project instructions, or operator docs.User-visible progress/heartbeat for long reviews
Provider/model failback and circuit-breaker policy
Shared context and diff artifact strategy
Non-goals
Acceptance shape
A future design should define: