cd /news/artificial-intelligence/the-change-must-defend-itself-a-five… · home topics artificial-intelligence article
[ARTICLE · art-64354] src=dev.to ↗ pub= topic=artificial-intelligence verified=true sentiment=· neutral

The Change Must Defend Itself: A Five-R Review for AI-Generated Code

An engineer proposes a Five-R Review framework—Reason, Reach, Reversibility, Resilience, and Reviewability—for evaluating AI-generated code before production deployment. The framework addresses the gap between locally correct implementations and globally safe system behavior, emphasizing that faster code generation does not eliminate the need for thorough production justification. The engineer argues that AI-assisted development compresses implementation time but increases the decision evaluation burden on teams.

read9 min views1 publishedJul 18, 2026

How to evaluate reason, reach, reversibility, resilience and reviewability before an AI-assisted change reaches production.

AI-generated code often arrives looking complete.

It may compile, follow repository conventions, include unit tests, and present a confident explanation of its design. What it does not automatically provide is evidence that the change belongs in production.

The implementation cannot prove that the original problem was framed correctly. It cannot establish how far the change will travel through connected systems, whether its effects can be safely reversed, or how it will behave when its assumptions fail.

In large-scale distributed systems, I have repeatedly seen seemingly small changes—especially retries, schema updates, fallback logic and timeout adjustments—create consequences far beyond the service in which they were introduced.

A production change should therefore be treated as a technical claim that must defend itself. It should explain why it needs to exist, identify what it can affect, preserve a credible path to reversal, tolerate realistic failures, and remain understandable to the engineers who inherit it.

I organize that evaluation into five dimensions:

Reason, Reach, Reversibility, Resilience, and Reviewability.

Together, they form the Five-R Review.

When code becomes easier to generate, producing more code is no longer the central challenge. The harder problem becomes determining:

AI can compress implementation time, but it does not eliminate the obligation to justify a production change. The faster an implementation appears, the more explicitly its assumptions, reach, and failure behavior must be examined.

An AI assistant can generate a technically valid function without understanding the full environment in which that function will operate.

Consider a seemingly simple request:

Add automatic retries when the downstream inventory service times out.

The implementation may be straightforward. Add a retry library, configure exponential backoff, log failures, and return an error after the final attempt.

Passing local validation does not establish that the system-level behavior is safe. That difference is why implementation evidence compilation, tests, and style compliance is necessary but insufficient for production approval.

But an experienced engineer immediately sees additional questions:

None of these questions are syntax problems.

They are system judgment problems.

AI can help surface these concerns, but it cannot automatically guarantee that the organization has answered them correctly. The quality of the result still depends on the context supplied, the architecture surrounding the change, and the engineer evaluating the recommendation.

A locally correct implementation can still create a globally incorrect system.

AI-assisted development can produce implementations faster than teams can establish whether those implementations are appropriate for the systems around them.

This creates an evidence gap: the difference between showing that code works under controlled conditions and showing that the resulting change is safe, necessary, operable, and maintainable in production.

Every generated pull request still requires decisions about assumptions, dependencies, failure behavior, rollout strategy, ownership, and recovery. Producing the implementation faster does not eliminate those decisions. It compresses the time available to make them well.

A team can now produce more prototypes, more pull requests, more generated tests, and more alternative implementations. But every generated change still creates a decision:

As generation speed increases, the number of decisions can grow faster than the team’s ability to evaluate them.

As the volume of generated changes increases, the evaluation burden moves downstream. Architecture reviews, pull requests, testing environments, deployment controls, and production operations must absorb decisions that implementation speed did not remove.

A team may appear faster because it produces more code. At the same time, it may become slower at reviewing, integrating, validating, and operating that code.

The bottleneck has moved.

It is no longer only in the editor. It is now distributed across architecture reviews, pull requests, test environments, observability systems, deployment pipelines, and production operations.

Traditional productivity measurements become dangerous in an AI-assisted environment.

Lines of code were never a reliable measure of engineering value. They become even less meaningful when thousands of lines can be generated almost instantly.

The same problem applies to other output-oriented metrics:

These measurements describe activity. They do not necessarily describe improvement.

A generated feature that increases operational complexity is not automatically progress. A large test suite that validates mocked behavior but misses integration failures may create false confidence. A quickly produced abstraction may make one developer faster while making the entire system harder to understand.

The more efficiently implementation is generated, the more carefully teams must distinguish completed code from a defensible production change.

A better question is not:

How much code did the team create?

It is:

How many high-quality engineering decisions did the team successfully convert into reliable outcomes?

To evaluate AI-generated or AI-assisted changes, I use five dimensions: Reason, Reach, Reversibility, Resilience, and Reviewability.

Why should this change exist?

The answer should describe the problem, not merely the requested implementation.

Weak reasoning:

Add Redis caching to improve performance.

Stronger reasoning:

Product-detail requests repeatedly retrieve identical reference data from a high-latency dependency. The dependency contributes significantly to response time, and the data can tolerate five minutes of staleness.

The stronger explanation makes the proposed solution testable. It also allows the team to consider alternatives such as local caching, request consolidation, precomputation, or dependency optimization.

AI is very effective at implementing a clearly defined solution. It is less reliable when the underlying problem has not been defined correctly.

How far can the change travel through the system?

A five-line configuration update can affect dozens of services. A schema change can influence producers, consumers, analytics jobs, data-retention policies, and incident-response procedures.

Reach includes:

The size of a code change does not determine its blast radius.

A short change can have enormous reach.

Can the change be safely undone?

Teams often discuss deployment but spend less time designing rollback.

A reversible change may require:

Rollback should not be treated as a button that magically restores the previous state. Once data has changed, events have been emitted, or customers have taken actions, returning to the previous software version may not restore the previous system state.

The safest changes are designed for reversal before deployment begins.

How does the change behave when its assumptions fail?

Happy-path implementation is becoming increasingly easy to generate. Production engineering is largely about everything outside the happy path.

Ask what happens when:

An AI-generated solution may include retries, fallbacks, or exception handling. That does not mean those mechanisms are correct for the business operation.

Resilience is not the presence of defensive code. It is the ability of the system to preserve acceptable behavior under failure.

Can another engineer understand and validate the change?

Generated code often looks polished. That can make it more dangerous, because readability may be mistaken for correctness.

A reviewable change should make its intent and assumptions visible.

It should answer:

The goal is not to create more documentation around every small change. The goal is to ensure that the complexity of the explanation matches the risk of the decision.

As AI contributes more of the implementation, the pull request should become more explicit about the engineering case behind the change. Reviewers should not have to reconstruct purpose, assumptions, blast radius, and recovery strategy from generated code alone.

A useful AI-assisted pull request could include structured information such as:

change_intent:
  problem: "Repeated latency from reference-data retrieval"
  expected_outcome: "Reduce p95 response time without affecting freshness requirements"

affected_components:
  - product-api
  - reference-data-service
  - cache-cluster

key_assumptions:
  - "Reference data can be five minutes stale"
  - "Cache misses can safely fall back to the source service"

failure_modes:
  - stale data
  - cache unavailability
  - request amplification during cache recovery

deployment:
  strategy: gradual
  feature_flag: true

rollback:
  method: disable_feature_flag
  data_repair_required: false

verification:
  - p95_latency
  - cache_hit_rate
  - source_service_request_volume
  - error_rate

This does not need to become mandatory bureaucracy for every repository.

However, for material production changes, information like this helps reviewers evaluate the decision instead of spending all their time reconstructing intent from generated code.

AI does not make experienced engineers irrelevant. It changes how their experience creates value.

Senior engineers will increasingly need to define:

In other words, senior engineers will spend less time explaining exactly how every function should be written and more time defining the environment within which implementation can happen safely.

This is a shift from writing instructions for code toward establishing policies for systems.

For example, rather than reviewing every retry implementation independently, an organization might establish that:

AI tools can then generate code within those boundaries. The purpose of these boundaries is not to limit AI-assisted development. It is to make the evidence required for approval predictable and repeatable.

The better the boundaries, the more useful the automation becomes.

Prompting is often discussed as a new technical skill. But the deeper capability is not learning a collection of prompt templates.

It is learning how to frame engineering problems precisely.

Compare these two requests:

Build a scalable order-processing service.

And:

Design an event-driven order-processing service that supports duplicate delivery, preserves per-order sequencing, isolates failures by seller, and allows individual workflow steps to be replayed without repeating completed financial operations.

The second request produces a better result because it contains better engineering thinking.

AI amplifies the quality or weakness of the engineering case presented to it.

When the question contains vague assumptions, missing constraints, or an incorrect understanding of the problem, the generated implementation may amplify those weaknesses as well.

The critical capability is not merely knowing what to ask AI.

It is knowing what the system requires.

As AI-assisted development expands, teams should pay closer attention to outcome and decision-quality metrics.

Useful measurements include:

AI should reduce mechanical work without increasing operational uncertainty.

A team that generates code faster but creates more incidents, more review congestion, and more architectural inconsistency has not improved its engineering system. It has moved work downstream.

AI-assisted development changes how quickly an implementation can appear. It does not change what production requires.

A change must still justify why it exists. It must identify how far its effects can travel, preserve a credible path to reversal, behave acceptably when assumptions fail, and remain understandable after the original author has moved on.

The Five-R Review is not intended to burden every pull request with unnecessary process. Its purpose is to match the depth of evaluation to the potential consequences of the change.

A low-risk update may defend itself with a few clear answers. A high-impact change may require architecture review, staged rollout, operational evidence, security analysis, and explicit recovery planning.

The implementation may come from an engineer, an AI assistant, or a combination of both. Production does not evaluate authorship.

It reveals whether the reasoning behind the change was strong enough.

Which part of the Five-R Review is most frequently missing from AI-assisted changes on your team: Reason, Reach, Reversibility, Resilience or Reviewability?

── more in #artificial-intelligence 4 stories · sorted by recency
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/the-change-must-defe…] indexed:0 read:9min 2026-07-18 ·