// Section 9 — Skills and Subagents · 3 MIN READ

[✓] VERIFIED MANUAL ENTRY — This concept has been rewritten from primary sources and is legally cleared for production.

Automated Review

The process where a secondary model (with a fresh context window) reviews the diff generated by a working agent to catch design flaws, security risks, or contract breaks.

Automated review is the process of using an LLM to evaluate code modifications. Unlike deterministic Automated Checks (which test if code compiles), automated review is non-deterministic: it evaluates code design, security risks, documentation compliance, and naming conventions at machine cost.

You set up automated review whenever you:

  • Use a PR review bot that posts comments on GitHub diffs.
  • Configure a secondary model in your agent loop to check if the generated code matches your project specs.
  • Enforce a separate security audit prompt before merging code.

The Power of Context Separation

The defining rule of automated review is Context Separation: never ask the agent that wrote the code to review its own work.

If an agent has spent 20 turns writing a complex function:

  1. Confirmation Bias: The agent's context window is stuffed with its own reasoning logs. If you ask it "Is this correct?", it will re-read its own assumptions and confidently state that the code is flawless.
  2. The Solution: Spawn a secondary model with a completely clean context window. Feed it only the final git diff and the original spec. Because the reviewer has no attachment to the journey, it looks at the diff like a stranger, immediately catching logical gaps, missing edge cases, or redundant helper files.
Working Agent (Context Bloated) ──► Generates Diff ──► Reviewer Agent (Clean Context) ──► Unbiased Audit Report

Field Applications

In advanced agent pipelines, developers use different model tiers for review:

  • The Writer: A fast, low-cost model (e.g. Claude Haiku) writes the code.
  • The Judge: A larger, reasoning-heavy model (e.g. Claude Sonnet) runs the automated review on the git diff, checking for security vulnerabilities before the PR is created.

# AVOID

Do not use automated review as a final merge gate. Because LLMs are probabilistic, automated reviews can output false alerts or miss subtle bugs.

  • Avoid: Letting a review bot auto-merge pull requests into main without human inspection.
  • Write: Use automated review to filter out obvious styling or contract violations, raising the baseline quality before a developer looks at it.

# USAGE

Developer A: "Our agent is introducing structural bugs in its final PRs, even though it ran the tests successfully." Developer B: "Tests only verify what we asserted. Let's add an automated review step. We'll spawn a separate Sonnet session, give it a review prompt focusing on security, and feed it the agent's diff. It will catch those structural edge cases."

// SEE_ALSO

Automated CheckA deterministic verification tool run locally (lints, typechecks, builds, test suites) that gives the agent binary pass/fail logs to self-correct from.
Human ReviewThe final verification gate where a developer reads the primary code diff produced by an agent to judge its correctness, architecture, and safety.
SubagentA secondary agent spawned by a parent agent to execute a specific sub-task in a separate, isolated context window, returning a brief summary result.
Context WindowThe absolute maximum token limit (capacity) that a model can process, read, and write in a single API request.

// SOCRATIC_VALIDATION

Interactive Concept Quiz

QUESTION 1 OF 3SCORE: 0/3

[EDIT_THIS_TERM_ON_GITHUB ↗]