AI code review checklist

Agent-generated patches can be surprisingly good—and still wrong in subtle ways. Treat them like a junior contributor with infinite stamina: fast, eager, and in need of structured review. Vibe Kanban’s code review view helps you scan diffs; this checklist helps you know what to look for.

Correctness and scope

• Does the change match the card description and acceptance criteria?
• Are edge cases and error paths handled—not only the happy path?
• Were unrelated files or behaviors touched (scope creep)?

Security and data handling

• No new secrets, tokens, or PII logged to stdout or committed.
• Input validation and authz checks on new surfaces.
• Dependencies introduced or upgraded are trustworthy and necessary.

For a security-focused pass, see secure review of AI-generated code.

Tests, style, and operations

• Unit or integration tests updated or added where behavior changed.
• Linters and formatters pass; naming matches project conventions.
• Observability (metrics, logs) still makes sense after the change.

Why parallel review matters

When you run multiple agents, review becomes the quality gate. Small, focused cards make this checklist faster to apply on each merge.