{"slug": "orchestrating-ai-code-review-at-scale", "title": "Orchestrating AI Code Review at scale", "summary": "The article describes how Cloudflare built a scalable AI code review system to address bottlenecks in their engineering workflow. Instead of using a single monolithic AI model, they developed a CI-native orchestration system that deploys up to seven specialized AI agents to review merge requests for security, performance, code quality, and other criteria. The system, which has processed tens of thousands of merge requests internally, uses a coordinator agent to deduplicate findings and post structured reviews, effectively catching real bugs and blocking merges with genuine security vulnerabilities.", "body_md": "Code review is a fantastic mechanism for catching bugs and sharing knowledge, but it is also one of the most reliable ways to bottleneck an engineering team. A merge request sits in a queue, a reviewer eventually context-switches to read the diff, they leave a handful of nitpicks about variable naming, the author responds, and the cycle repeats. Across our internal projects, the median wait time for a first review was often measured in hours.\n\nWhen we first started experimenting with AI code review, we took the path that most other people probably take: we tried out a few different AI code review tools and found that a lot of these tools worked pretty well, and a lot of them even offered a good amount of customisation and configurability! Unfortunately, though, the one recurring theme that kept coming up was that they just didn’t offer enough flexibility and customisation for an organisation the size of Cloudflare.\n\nSo, we jumped to the next most obvious path, which was to grab a git diff, shove it into a half-baked prompt, and ask a large language model to find bugs. The results were exactly as noisy as you might expect, with a flood of vague suggestions, hallucinated syntax errors, and helpful advice to \"consider adding error handling\" on functions that already had it. We realised pretty quickly that a naive summarisation approach wasn't going to give us the results we wanted, especially on complex codebases.\n\nInstead of building a monolithic code review agent from scratch, we decided to build a __CI-native__ orchestration system around __OpenCode__, an open-source coding agent. Today, when an engineer at Cloudflare opens a merge request, it gets an initial pass from a coordinated smörgåsbord of AI agents. Rather than relying on one model with a massive, generic prompt, we launch up to seven specialised reviewers covering security, performance, code quality, documentation, release management, and compliance with our internal Engineering Codex. These specialists are managed by a coordinator agent that deduplicates their findings, judges the actual severity of the issues, and posts a single structured review comment.\n\nWe've been running this system internally across tens of thousands of merge requests. It approves clean code, flags real bugs with impressive accuracy, and actively blocks merges when it finds genuine, serious problems or security vulnerabilities. This is just one of the many ways we’re improving our engineering resiliency as part of __Code Orange: Fail Small__.\n\nThis post is a deep dive into how we built it, the architecture we landed on, and the specific engineering problems you run into when you try to put LLMs in the critical path of your CI/CD pipeline, and more critically, in the way of engineers trying to ship code.\n\n## The architecture: plugins all the way to the moon\n\nWhen you are building internal tooling that has to run across thousands of repositories, hardcoding your version control system or your AI provider is a great way to ensure you'll be rewriting the whole thing in six months. We needed to support GitLab today and who knows what tomorrow, alongside different AI providers and different internal standards requirements, without any component needing to know about the others.\n\nWe built the system on a composable plugin architecture where the entry point delegates all configuration to plugins that compose together to define how a review runs. Here is what the execution flow looks like when a merge request triggers a review:\n\nEach plugin implements a `ReviewPlugin`\n\ninterface with three lifecycle phases. Bootstrap hooks run concurrently and are non-fatal, meaning if a template fetch fails, the review just continues without it. Configure hooks run sequentially and are fatal, because if the VCS provider can't connect to GitLab, there is no point in continuing the job. Finally, `postConfigure`\n\nruns after the configuration is assembled to handle asynchronous work like fetching remote model overrides.\n\nThe `ConfigureContext`\n\ngives plugins a controlled surface to affect the review. They can register agents, add AI providers, set environment variables, inject prompt sections, and alter fine-grained agent permissions. No plugin has direct access to the final configuration object. They contribute through the context API, and the core assembler merges everything into the `opencode.json`\n\nfile that OpenCode consumes.\n\nBecause of this isolation, the GitLab plugin doesn't read Cloudflare AI Gateway configurations, and the Cloudflare plugin doesn't know anything about GitLab API tokens. All VCS-specific coupling is isolated in a single `ci-config.ts`\n\nfile.\n\nHere is the plugin roster for a typical internal review:\n\n**Plugin**\n| **Responsibility**\n|\n|---|\n`@opencode-reviewer/gitlab`\n| GitLab VCS provider, MR data, MCP comment server |\n`@opencode-reviewer/cloudflare`\n| AI Gateway configuration, model tiers, failback chains |\n`@opencode-reviewer/codex`\n| Internal compliance checking against engineering RFCs |\n`@opencode-reviewer/braintrust`\n| Distributed tracing and observability |\n`@opencode-reviewer/agents-md`\n| Verifies the repo's AGENTS.md is up to date |\n`@opencode-reviewer/reviewer-config`\n| Remote per-reviewer model overrides from a Cloudflare Worker |\n`@opencode-reviewer/telemetry`\n| Fire-and-forget review tracking |\n\n## How we use OpenCode under the hood\n\nWe picked OpenCode as our coding agent of choice for a couple of reasons:\n\nWe use it extensively internally, meaning we were already very familiar with how it worked\n\nIt’s open source, so we can contribute features and bug fixes upstream as well as investigate issues really easily when we spot them (at the time of writing, Cloudflare engineers have landed over 45 pull requests upstream!)\n\nIt has a great __open source SDK__, allowing us to easily build plugins that work flawlessly\n\nBut most importantly, because it is structured as a server first, with its text-based user interface and desktop app acting as clients on top. This was a hard requirement for us because we needed to create sessions programmatically, send prompts via an SDK, and collect results from multiple concurrent sessions without hacking around a CLI interface.\n\nThe orchestration works in two distinct layers:\n\n**The Coordinator Process:** We spawn OpenCode as a child process using `Bun.spawn`\n\n. We pass the coordinator prompt via `stdin`\n\nrather than as a command-line argument, because if you have ever tried to pass a massive merge request description full of logs as a command-line argument, you have probably met the Linux kernel's `ARG_MAX`\n\nlimit. We learned this pretty quickly when `E2BIG`\n\nerrors started showing up on a small percentage of our CI jobs for incredibly large merge requests. The process runs with `--format json`\n\n, so all output arrives as JSONL events on `stdout`\n\n:\n\n``` js\nconst proc = Bun.spawn(\n [\"bun\", opencodeScript, \"--print-logs\", \"--log-level\", logLevel,\n \"--format\", \"json\", \"--agent\", \"review_coordinator\", \"run\"],\n {\n stdin: Buffer.from(prompt),\n env: {\n ...sanitizeEnvForChildProcess(process.env),\n OPENCODE_CONFIG: process.env.OPENCODE_CONFIG_PATH ?? \"\",\n BUN_JSC_gcMaxHeapSize: \"2684354560\", // 2.5 GB heap cap\n },\n stdout: \"pipe\",\n stderr: \"pipe\",\n },\n);\n```\n\n**The Review Plugin:** Inside the OpenCode process, a runtime plugin provides the `spawn_reviewers`\n\ntool. When the coordinator LLM decides it is time to review the code, it calls this tool, which launches the sub-reviewer sessions through OpenCode's SDK client:\n\n``` js\nconst createResult = await this.client.session.create({\n body: { parentID: input.parentSessionID },\n query: { directory: dir },\n});\n\n// Send the prompt asynchronously (non-blocking)\nthis.client.session.promptAsync({\n path: { id: task.sessionID },\n body: {\n parts: [{ type: \"text\", text: promptText }],\n agent: input.agent,\n model: { providerID, modelID },\n },\n});\n```\n\nEach sub-reviewer runs in its own OpenCode session with its own agent prompt. The coordinator doesn't see or control what tools the sub-reviewers use. They are free to read source files, run grep, or search the codebase as they see fit, and they simply return their findings as structured XML when they finish.\n\n### What’s JSONL, and what do we use it for?\n\nOne of the big challenges that you typically face when working with systems like this is the need for structured logging, and while JSON is a fantastic-structured format, it requires everything to be “closed out” to be a valid JSON blob. This is especially problematic if your application exits early before it has a chance to close everything out and write a valid JSON blob to disk — and this is often when you need the debug logs most.\n\nThis is why we use __JSONL (JSON Lines)__, which does exactly what it says in the tin: it’s a text format where every line is a valid, self-contained JSON object. Unlike a standard JSON array, you don't have to parse the whole document to read the first entry. You read a line, parse it, and move on. This means you don’t have to worry about buffering massive payloads into memory, or hoping for a closing `]`\n\nthat may never arrive because the child process ran out of memory.\n\nIn practice, it looks like this:\n\n```\nStripped: authorization, cf-access-token, host\nAdded: cf-aig-authorization: Bearer \n cf-aig-metadata: {\"userId\": \"\"}\n```\n\nEvery CI system that needs to parse structured output from a long-running process eventually lands on something like JSONL — but we didn’t want to reinvent the wheel. (And OpenCode already supports it!)\n\nWe process the coordinator's output in real-time, though we buffer and flush every 100 lines (or 50ms) to save our disks from a slow but painful `appendFileSync`\n\ndeath.\n\nWe watch for specific triggers as the stream flows in and pull out relevant data, like token usage out of `step_finish`\n\nevents to track costs, and we use `error`\n\nevents to kick off our retry logic. We also make sure to keep an eye out for output truncation — if a `step_finish`\n\narrives with `reason: \"length\"`\n\n, we know the model hit its `max_tokens`\n\nlimit and got cut off mid-sentence, so we should automatically retry.\n\nOne of the operational headaches we didn’t predict was that large, advanced models like Claude Opus 4.7 or GPT-5.4 can sometimes spend quite a while thinking through a problem, and to our users this can make it look exactly like a hung job. We found that users would frequently cancel jobs and complain that the reviewer wasn’t working as intended, when in reality it was working away in the background. To counter this, we added an extremely simple heartbeat log that prints \"Model is thinking... (Ns since last output)\" every 30 seconds which almost entirely eliminated the problem.\n\n## Specialised agents instead of one big prompt\n\nInstead of asking one model to review everything, we split the review into domain-specific agents. Each agent has a tightly scoped prompt telling it exactly what to look for, and more importantly, what to ignore.\n\nThe security reviewer, for example, has explicit instructions to only flag issues that are \"exploitable or concretely dangerous\":\n\n```\n## What to Flag\n- Injection vulnerabilities (SQL, XSS, command, path traversal)\n- Authentication/authorisation bypasses in changed code\n- Hardcoded secrets, credentials, or API keys\n- Insecure cryptographic usage\n- Missing input validation on untrusted data at trust boundaries\n\n## What NOT to Flag\n- Theoretical risks that require unlikely preconditions\n- Defense-in-depth suggestions when primary defenses are adequate\n- Issues in unchanged code that this MR doesn't affect\n- \"Consider using library X\" style suggestions\n```\n\nIt turns out that telling an LLM what **not** to do is where the actual prompt engineering value resides. Without these boundaries, you get a firehose of speculative theoretical warnings that developers will immediately learn to ignore.\n\nEvery reviewer produces findings in a structured XML format with a severity classification: `critical`\n\n(will cause an outage or is exploitable), `warning`\n\n(measurable regression or concrete risk), or `suggestion`\n\n(an improvement worth considering). This ensures we are dealing with structured data that drives downstream behavior, rather than parsing advisory text.\n\nBecause we split the review into specialised domains, we don't need to use a super expensive, highly capable model for every task. We assign models based on the complexity of the agent's job:\n\n**Top-tier: Claude Opus 4.7 and GPT-5.4:** Reserved exclusively for the Review Coordinator. The coordinator has the hardest job — reading the output of seven other models, deduplicating findings, filtering out false positives, and making a final judgment call. It needs the highest reasoning capability available.\n\n**Standard-tier: Claude Sonnet 4.6 and GPT-5.3 Codex:** The workhorse for our heavy-lifting sub-reviewers (Code Quality, Security, and Performance). These are fast, relatively cheap, and excellent at spotting logic errors and vulnerabilities in code.\n\n**Kimi K2.5:** Used for lightweight, text-heavy tasks like the Documentation Reviewer, Release Reviewer, and the AGENTS.md Reviewer.\n\nThese are the defaults, but every single model assignment can be overridden dynamically at runtime via our `reviewer-config`\n\nCloudflare Worker, which we'll cover in the control plane section below.\n\n### Prompt injection prevention\n\nAgent prompts are built at runtime by concatenating the agent-specific markdown file with a shared `REVIEWER_SHARED.md`\n\nfile containing mandatory rules. The coordinator's input prompt is assembled by stitching together MR metadata, comments, previous review findings, diff paths, and custom instructions into structured XML.\n\nWe also had to sanitise user-controlled content. If someone puts `Repository: evil-corp`\n\nin their MR description, they could theoretically break out of the XML structure and inject their own instructions into the coordinator's prompt. We strip these boundary tags out entirely, because we've learned over time to never underestimate the creativity of Cloudflare engineers when it comes to testing a new internal tool:\n\n``` js\nconst PROMPT_BOUNDARY_TAGS = [\n \"mr_input\", \"mr_body\", \"mr_comments\", \"mr_details\",\n \"changed_files\", \"existing_inline_findings\", \"previous_review\",\n \"custom_review_instructions\", \"agents_md_template_instructions\",\n];\nconst BOUNDARY_TAG_PATTERN = new RegExp(\n `]*>`, \"gi\"\n);\n```\n\n### Saving tokens with shared context\n\nThe system doesn't embed full diffs in the prompt. Instead, it writes per-file patch files to a `diff_directory`\n\nand passes the path. Each sub-reviewer reads only the patch files relevant to its domain.\n\nWe also extract a shared context file (`shared-mr-context.txt`\n\n) from the coordinator's prompt and write it to disk. Sub-reviewers read this file instead of having the full MR context duplicated in each of their prompts. This was a deliberate decision, as duplicating even a moderately-sized MR context across seven concurrent reviewers would multiply our token costs by 7x.\n\n## The coordinator helps keep things focused\n\nAfter spawning all sub-reviewers, the coordinator performs a judge pass to consolidate the results:\n\n**Deduplication:** If the same issue is flagged by both the security reviewer and the code quality reviewer, it gets kept once in the section where it fits best.\n\n**Re-categorisation:** A performance issue flagged by the code quality reviewer gets moved to the performance section.\n\n**Reasonableness filter:** Speculative issues, nitpicks, false positives, and convention-contradicted findings get dropped. If the coordinator isn't sure, it uses its tools to read the source code and verify.\n\nThe overall approval decision follows a strict rubric:\n\nCondition | Decision | GitLab Action |\n|---|\nAll LGTM (“looks good to me”), or only trivial suggestions | `approved`\n| `POST /approve`\n|\nOnly suggestion-severity items | `approved_with_comments`\n| `POST /approve`\n|\nSome warnings, no production risk | `approved_with_comments`\n| `POST /approve`\n|\nMultiple warnings suggesting a risk pattern | `minor_issues`\n| `POST /unapprove` (revoke prior bot approval)\n|\nAny critical item, or production safety risk | `significant_concerns`\n| `/submit_review requested_changes` (block merge)\n|\n\nThe bias is explicitly toward approval, meaning a single warning in an otherwise clean MR still gets `approved_with_comments`\n\nrather than a block.\n\nBecause this is a production system that directly sits between engineers shipping code, we made sure to build an escape hatch. If a human reviewer comments `break glass`\n\n, the system forces an approval regardless of what the AI found. Sometimes you just need to ship a hotfix, and the system detects this override before the review even starts, so we can track it in our telemetry and aren’t caught out by any latent bugs or LLM provider outages.\n\n## Risk tiers: don't send the dream team to review a typo fix\n\nYou don't need seven concurrent AI agents burning Opus-tier tokens to review a one-line typo fix in a README. The system classifies every MR into one of three risk tiers based on the size and nature of the diff:\n\n```\n// Simplified from packages/core/src/risk.ts\nfunction assessRiskTier(diffEntries: DiffEntry[]) {\n const totalLines = diffEntries.reduce(\n (sum, e) => sum + e.addedLines + e.removedLines, 0\n );\n const fileCount = diffEntries.length;\n const hasSecurityFiles = diffEntries.some(\n e => isSecuritySensitiveFile(e.newPath)\n );\n\n if (fileCount > 50 || hasSecurityFiles) return \"full\";\n if (totalLines <= 10 && fileCount <= 20) return \"trivial\";\n if (totalLines <= 100 && fileCount <= 20) return \"lite\";\n return \"full\";\n}\n```\n\nSecurity-sensitive files: anything touching `auth/`\n\n, `crypto/`\n\n, or file paths that sound even remotely security-related always trigger a full review, because we’d rather spend a bit extra on tokens than potentially miss a security vulnerability.\n\nEach tier gets a different set of agents:\n\nTier | Lines Changed | Files | Agents | What Runs |\n|---|\nTrivial | ≤10 | ≤20 | 2 | Coordinator + one generalised code reviewer |\nLite | ≤100 | ≤20 | 4 | Coordinator + code quality + documentation + (more) |\nFull | >100 or >50 files | Any | 7+ | All specialists, including security, performance, release |\n\nThe trivial tier also downgrades the coordinator from Opus to Sonnet, for example, as a two-reviewer check on a minor change doesn't require an extremely capable and expensive model to evaluate.\n\n## Diff filtering: getting rid of the noise\n\nBefore the agents see any code, the diff goes through a filtering pipeline that strips out noise like lock files, vendored dependencies, minified assets, and source maps:\n\n``` js\nconst NOISE_FILE_PATTERNS = [\n \"bun.lock\", \"package-lock.json\", \"yarn.lock\",\n \"pnpm-lock.yaml\", \"Cargo.lock\", \"go.sum\",\n \"poetry.lock\", \"Pipfile.lock\", \"flake.lock\",\n];\n\nconst NOISE_EXTENSIONS = [\".min.js\", \".min.css\", \".bundle.js\", \".map\"];\n```\n\nWe also filter out generated files by scanning the first few lines for markers like `// @generated`\n\nor `/* eslint-disable */`\n\n. However, we explicitly exempt database migrations from this rule, since migration tools often stamp files as generated even though they contain schema changes that absolutely need to be reviewed.\n\nThe `spawn_reviewers`\n\ntool manages the lifecycle of up to seven concurrent reviewer sessions with circuit breakers, failback chains, per-task timeouts, and retry logic. It acts essentially as a tiny scheduler for LLM sessions.\n\nDetermining when an LLM session is actually \"done\" is surprisingly tricky. We rely primarily on OpenCode's `session.idle`\n\nevents, but we back that up with a polling loop that checks the status of all running tasks every three seconds. This polling loop also implements inactivity detection. If a session has been running for 60 seconds with no output at all, it is killed early and marked as an error, which catches sessions that crash on startup before producing any JSONL.\n\nTimeouts operate at three levels:\n\n**Per-task:** 5 minutes (10 for code quality, which reads more files). This prevents one slow reviewer from blocking the rest.\n\n**Overall:** 25 minutes. A hard cap for the entire `spawn_reviewers`\n\ncall. When it hits, every remaining session is aborted.\n\n**Retry budget:** 2 minutes minimum. We don't bother retrying if there isn't enough time left in the overall budget.\n\n## Resilience: circuit breakers and failback chains\n\nRunning seven concurrent AI model calls means you are absolutely going to hit rate limits and provider outages. We implemented a circuit breaker pattern inspired by __Netflix's Hystrix__, adapted for AI model calls. Each model tier has independent health tracking with three states:\n\nWhen a model's circuit opens, the system walks a failback chain to find a healthy alternative. For example:\n\n``` js\nconst DEFAULT_FAILBACK_CHAIN = {\n \"opus-4-7\": \"opus-4-6\", // Fall back to previous generation\n \"opus-4-6\": null, // End of chain\n \"sonnet-4-6\": \"sonnet-4-5\",\n \"sonnet-4-5\": null,\n};\n```\n\nEach model family is isolated, so if one model is overloaded, we fall back to an older generation model rather than crossing streams. When a circuit opens, we allow exactly one probe request through after a two-minute cooldown to see if the provider has recovered, which prevents us from stampeding a struggling API.\n\nWhen a sub-reviewer session fails, the system needs to decide if it should trigger model failback or if it's a problem that a different model won't fix. The error classifier maps OpenCode's error union type to a `shouldFailback`\n\nboolean:\n\n```\nswitch (err.name) {\n case \"APIError\":\n // Only retryable API errors (429, 503) trigger failback\n return { shouldFailback: Boolean(data.isRetryable), ... };\n case \"ProviderAuthError\":\n // Auth failure (a different model won't fix bad credentials)\n return { shouldFailback: false, ... };\n case \"ContextOverflowError\":\n // Too many tokens (a different model has the same limit)\n return { shouldFailback: false, ... };\n case \"MessageAbortedError\":\n // User/system abort (not a model problem)\n return { shouldFailback: false, ... };\n}\n```\n\nOnly retryable API errors trigger failback. Auth errors, context overflow, aborts, and structured output errors do not.\n\n### Coordinator-level failback\n\nThe circuit breaker handles sub-reviewer failures, but the coordinator itself can also fail. The orchestration layer has a separate failback mechanism: if the OpenCode child process fails with a retryable error (detected by scanning `stderr`\n\nfor patterns like \"overloaded\" or \"503\"), it hot-swaps the coordinator model in the `opencode.json`\n\nconfig file and retries. This is a file-level swap that reads the config JSON, replaces the `review_coordinator.model`\n\nkey, and writes it back before the next attempt.\n\n## The control plane: Workers for config and telemetry\n\nIf a model provider goes down at 8 a.m. UTC when our colleagues in Europe are just waking up, we don’t want to wait for an on-call engineer to make a code change to switch out the models we’re using for the reviewer. Instead, the CI job fetches its model routing configuration from a __Cloudflare Worker__ backed by __Workers KV__.\n\nThe response contains per-reviewer model assignments and a providers block. When a provider is disabled, the plugin filters out all models from that provider before selecting the primary:\n\n```\nfunction filterModelsByProviders(models, providers) {\n return models.filter((m) => {\n const provider = extractProviderFromModel(m.model);\n if (!provider) return true; // Unknown provider → keep\n const config = providers[provider];\n if (!config) return true; // Not in config → keep\n return config.enabled; // Disabled → filter out\n });\n}\n```\n\nThis means we can flip a switch in KV to disable an entire provider, and every running CI job will route around it within five seconds. The config format also carries failback chain overrides, allowing us to reshape the entire model routing topology from a single Worker update.\n\nWe also use a fire-and-forget `TrackerClient`\n\nthat talks to a separate Cloudflare Worker to track job starts, completions, findings, token usage, and Prometheus metrics. The client is designed to never block the CI pipeline, using a 2-second `AbortSignal.timeout`\n\nand pruning pending requests if they exceed 50 entries. Prometheus metrics are batched on the next microtask and flushed right before the process exits, forwarding to our internal observability stack via Workers Logging, so we know exactly how many tokens we are burning in real time.\n\n## Re-reviews: not starting from scratch\n\nWhen a developer pushes new commits to an already-reviewed MR, the system runs an incremental re-review that is aware of its own previous findings. The coordinator receives the full text of its last review comment and a list of inline DiffNote comments it previously posted, along with their resolution status.\n\nThe re-review rules are strict:\n\n**Fixed findings:** Omit from the output, and the MCP server auto-resolves the corresponding DiffNote thread.\n\n**Unfixed findings:** Must be re-emitted even if unchanged, so the MCP server knows to keep the thread alive.\n\n**User-resolved findings:** Respected unless the issue has materially worsened.\n\n**User replies:** If a developer replies \"won't fix\" or \"acknowledged\", the AI treats the finding as resolved. If they reply \"I disagree\", the coordinator will read their justification and either resolve the thread or argue back.\n\nWe also made sure to build in a small Easter egg and made sure that the reviewer can also handle one lighthearted question per MR. We figured a little personality helps build rapport with developers who are being reviewed (sometimes brutally) by a robot, so the prompt instructs it to keep the answer brief and warm before politely redirecting back to the review.\n\n## Keeping AI context fresh: the AGENTS.md Reviewer\n\nAI coding agents rely heavily on `AGENTS.md`\n\nfiles to understand project conventions, but these files rot incredibly fast. If a team migrates from Jest to Vitest but forgets to update their instructions, the AI will stubbornly keep trying to write Jest tests.\n\nWe built a specific reviewer just to assess the materiality of an MR and yell at developers if they make a major architectural change without updating the AI instructions. It classifies changes into three tiers:\n\n**High materiality (strongly recommend update):** package manager changes, test framework changes, build tool changes, major directory restructures, new required env vars, CI/CD workflow changes.\n\n**Medium materiality (worth considering):** major dependency bumps, new linting rules, API client changes, state management changes.\n\n**Low materiality (no update needed):** bug fixes, feature additions using existing patterns, minor dependency updates, CSS changes.\n\nIt also penalizes anti-patterns in existing AGENTS.md files, like generic filler (\"write clean code\"), files over 200 lines that cause context bloat, and tool names without runnable commands. A concise, functional AGENTS.md with commands and boundaries is always better than a verbose one.\n\nThe system ships as a fully contained internal __GitLab CI component__. A team adds it to their `.gitlab-ci.yml`\n\n:\n\n```\ninclude:\n - component: $CI_SERVER_FQDN/ci/ai/opencode@~latest\n```\n\nThe component handles pulling the Docker image, setting up Vault secrets, running the review, and posting the comment. Teams can customise behavior by dropping an `AGENTS.md`\n\nfile in their repo root with project-specific review instructions, and teams can opt to provide a URL to an AGENTS.md template that gets injected into all agent prompts to ensure their standard conventions apply across all of their repositories without needing to keep multiple AGENTS.md files up to date.\n\nThe entire system also runs locally. The `@opencode-reviewer/local`\n\nplugin provides a `/fullreview`\n\ncommand inside OpenCode's TUI that generates diffs from the working tree, runs the same risk assessment and agent orchestration, and posts results inline. It's the exact same agents and prompts, just running on your laptop instead of in CI.\n\nWe have been running this system for about a month now, and we track everything through our review-tracker Worker. Here is what the data looks like across 5,169 repositories from March 10 to April 9, 2026.\n\nIn the first 30 days, the system completed **131,246 review runs** across **48,095 merge requests **in** 5,169 repositories**. The average merge request gets reviewed 2.7 times (the initial review, plus re-reviews as the engineer pushes fixes), and the median review completes in **3 minutes and 39 seconds**. That is fast enough that most engineers see the review comment before they have finished context-switching to another task. The metric we’re the proudest about, though, is that engineers have only needed to **“break glass” 288 times** (0.6% of merge requests).\n\nOn the cost side, the average review costs **$1.19** and the median is **$0.98**. The distribution has a long tail of expensive reviews – massive refactors that trigger full-tier orchestration. The P99 review costs $4.45, which means 99% of reviews come in under five dollars.\n\nPercentile | Cost per review | Review duration |\n|---|\nMedian | $0.98 | 3m 39s |\nP90 | $2.36 | 6m 27s |\nP95 | $2.93 | 7m 29s |\nP99 | $4.45 | 10m 21s |\n\nThe system produced **159,103 total findings** across all reviews, broken down as follows:\n\nThat is about **1.2 findings per review on average**, which is deliberately low. We biased hard for signal over noise, and the \"What NOT to Flag\" prompt sections are a big part of why the numbers look like this rather than 10+ findings per review of dubious quality.\n\nThe code quality reviewer is the most prolific, producing nearly half of all findings. Security and performance reviewers produce fewer findings but at higher average severity, but the absolute numbers tell the full story — code quality produces nearly half of all findings by volume, while the security reviewer flags the highest proportion of critical issues at 4%:\n\nReviewer | Critical | Warning | Suggestion | Total |\n|---|\nCode Quality | 6,460 | 29,974 | 38,464 | 74,898 |\nDocumentation | 155 | 9,438 | 16,839 | 26,432 |\nPerformance | 65 | 5,032 | 9,518 | 14,615 |\nSecurity | 484 | 5,685 | 5,816 | 11,985 |\nCodex (compliance) | 224 | 4,411 | 5,019 | 9,654 |\nAGENTS.md | 18 | 2,675 | 4,185 | 6,878 |\nRelease | 19 | 321 | 405 | 745 |\n\nOver the month, we processed approximately **120 billion tokens** in total. The vast majority of those are cache reads, which is exactly what we want to see — it means the prompt caching is working, and we are not paying full input pricing for repeated context across re-reviews.\n\nOur cache hit rate sits at **85.7%**, which saves us an estimated five figures compared to what we would pay at full input token pricing. This is partially thanks to the shared context file optimisation — sub-reviewers reading from a cached context file rather than each getting their own copy of the MR metadata, but also by using the exact same base prompts across all runs, across all merge requests.\n\nHere is how the token usage breaks down by model and by agent:\n\nModel | Input | Output | Cache Read | Cache Write | % of Total |\n|---|\nTop-tier models (Claude Opus 4.7, GPT-5.4) | 806M | 1,077M | 25,745M | 5,918M | 51.8% |\nStandard-tier models (Claude Sonnet 4.6, GPT-5.3 Codex) | 928M | 776M | 48,647M | 11,491M | 46.2% |\nKimi K2.5 | 11,734M | 267M | 0 | 0 | 0.0% |\n\nTop-tier models and Standard-tier models split the cost roughly 52/48, which makes sense given that the top-tier models have to do a lot more complex work (one session per review, but with expensive extended thinking and large output) while the standard-tier models handle three sub-reviewers per full review. Kimi processes the most raw input tokens (11.7B) but costs “nothing” since it runs through Workers AI.\n\nThe per-agent breakdown shows where the tokens actually go:\n\nAgent | Input | Output | Cache Read | Cache Write |\n|---|\nCoordinator | 513M | 1,057M | 20,683M | 5,099M |\nCode Quality | 428M | 264M | 19,274M | 3,506M |\nEngineering Codex | 409M | 236M | 18,296M | 3,618M |\nDocumentation | 8,275M | 216M | 8,305M | 616M |\nSecurity | 199M | 149M | 8,917M | 2,603M |\nPerformance | 157M | 124M | 6,138M | 2,395M |\nAGENTS.md | 4,036M | 119M | 2,307M | 342M |\nRelease | 183M | 5M | 231M | 15M |\n\nThe coordinator produces by far the most output tokens (1,057M) because it has to write the full structured review comment. The documentation reviewer has the highest raw input (8,275M) because it processes every file type, not just code. The release reviewer barely registers because it only runs when release-related files are in the diff.\n\nThe risk tier system is doing its job. Trivial reviews (typo fixes, small doc changes) cost 20 cents on average, while full reviews with all seven agents average $1.68. The spread is exactly what we designed for:\n\nTier | Reviews | Avg Cost | Median | P95 | P99 |\n|---|\nTrivial | 24,529 | $0.20 | $0.17 | $0.39 | $0.74 |\nLite | 27,558 | $0.67 | $0.61 | $1.15 | $1.95 |\nFull | 78,611 | $1.68 | $1.47 | $3.35 | $5.05 |\n\n## So, what does a review look like?\n\nWe’re glad you asked! Here’s an example of what a particularly egregious review looks like:\n\nAs you can see, the reviewer doesn’t beat around the bush and calls out problems when it sees them.\n\n## Limitations we're honest about\n\nThis isn't a replacement for human code review, at least not yet with today’s models. AI reviewers regularly struggle with:\n\n**Architectural awareness:** The reviewers see the diff and surrounding code, but they don't have the full context of why a system was designed a certain way or whether a change is moving the architecture in the right direction.\n\n**Cross-system impact:** A change to an API contract might break three downstream consumers. The reviewer can flag the contract change, but it can't verify that all consumers have been updated.\n\n**Subtle concurrency bugs:** Race conditions that depend on specific timing or ordering are hard to catch from a static diff. The reviewer can spot missing locks, but not all the ways a system can deadlock.\n\n**Cost scales with diff size:** A 500-file refactor with seven concurrent frontier model calls costs real money. The risk tier system manages this, but when the coordinator's prompt exceeds 50% of the estimated context window, we emit a warning. Large MRs are inherently expensive to review.\n\n## We’re just getting started\n\nFor more on how we’re using AI at Cloudflare, read our post on __our internal AI engineering stack__. And check out __everything we shipped during Agents Week__.\n\nHave you integrated AI into your code review? We’d love to hear about it. Find us on __Discord__, __X__, and __Bluesky__.\n\nInterested in building cutting edge projects like this, on cutting edge technology? __Come build with us!__", "url": "https://wpnews.pro/news/orchestrating-ai-code-review-at-scale", "canonical_source": "https://blog.cloudflare.com/ai-code-review/", "published_at": "2026-04-20 13:00:00+00:00", "updated_at": "2026-05-24 03:12:41.123095+00:00", "lang": "en", "topics": ["artificial-intelligence", "large-language-models", "developer-tools", "enterprise-software"], "entities": ["Cloudflare"], "alternates": {"html": "https://wpnews.pro/news/orchestrating-ai-code-review-at-scale", "markdown": "https://wpnews.pro/news/orchestrating-ai-code-review-at-scale.md", "text": "https://wpnews.pro/news/orchestrating-ai-code-review-at-scale.txt", "jsonld": "https://wpnews.pro/news/orchestrating-ai-code-review-at-scale.jsonld"}}