HomeJournalThis post

Review depth should follow consequence

Code review should follow consequence: local presentation, shared behavior, and trust boundaries need different evidence and scrutiny.

JP
JP Casabianca
Designer/Engineer · Bogotá

Not every diff deserves the same review, but every diff deserves review that matches its consequence.

A copy edit and an authentication migration should not move through the same checklist. A plausible diff can compile while changing ownership boundaries, weakening an error state, overwriting metadata, adding a dependency the repository does not need, or testing only its own happy path. AI makes that mismatch easier to produce at speed, but the review problem is broader than generated code.

I want every meaningful AI-assisted change to leave a review receipt. The receipt maps the request to the files, explains the risky decisions, records the commands and browser states checked, and names anything the reviewer still needs to decide.

The agent can accelerate implementation. Accountability stays human.

This journal batch is a useful small example. The prose needed an editorial review; the migration needed source parity; the social images needed dimension checks; and the rendered routes needed figure, resource, and metadata checks. Running one generic test command would have left the riskiest claims unproved. Review depth followed the consequence of each layer.

01 · ScopeChange is bounded

Request, non-goals, files, dependencies, data, and user-facing behavior are explicit.

02 · UnderstandDecisions are legible

The reviewer can explain patterns, ownership, edge cases, and why the diff belongs.

03 · EvidenceBehavior is proved

Tests, build, browser, database, security, and production checks match the risk.

Figure 1: AI code earns trust through scope, understanding, and evidence.

Review the request before the diff

The quality bar begins with whether the task had a clear promise, scope, and non-goals.

I would pressure-test that decision with four questions:

  • What was requested?
  • What was intentionally excluded?
  • Which user behavior should change?
  • What evidence was expected?

The failure mode here is judging code against an ambiguous prompt. In software delivery where human-authored and AI-assisted changes need review depth matched to product consequence, ownership boundaries, security, data risk, and recovery, that can hide the exact boundary a reviewer or teammate needs to understand. My working artifact would be a request-to-diff scope map. I want it close enough to the implementation that it can change the work, not created afterward to decorate the story.

The result I would look for is a review anchored in intended behavior. That is a narrower claim than saying the whole system improved, but it is also one I can verify and defend.

In practice, I would put a request-to-diff scope map beside the question “What was requested?” before the first implementation review. The next pass would use “What was intentionally excluded?” to test the boundary, then “Which user behavior should change?” to expose the state most likely to be missed. I would keep “What evidence was expected?” for the release check because it asks whether the decision still holds outside the ideal path. The work is ready to move when the artifact can explain the choice and the observed result supports a review anchored in intended behavior.

Map every touched ownership boundary

Generated changes can spread across content, UI, data, build tooling, and deployment without making the expansion obvious.

The practical review starts here:

  • Which modules changed?
  • Who owns them?
  • Did a schema or API contract move?
  • Did the task cross an unnecessary boundary?

Those questions keep reviewing files independently without seeing cross-system impact from becoming the default. I would capture the decision in a touched-systems map, then use it while the work is still cheap to change. For evidence-based code review for AI-assisted and human-authored changes, the artifact should make ownership, constraint, and next action visible without requiring a private explanation.

Success would look like a clearer blast radius. If I cannot point to that evidence, I have a direction, not a finished decision.

The implementation move is to make a touched-systems map part of the working surface. I would use it to answer “Which modules changed?” while scope is still flexible, and “Who owns them?” before code or content becomes expensive to unwind. During QA, “Did a schema or API contract move?” and “Did the task cross an unnecessary boundary?” become concrete checks rather than discussion prompts. That sequence turns evidence-based code review for AI-assisted and human-authored changes into something the team can operate and gives me a specific outcome to report: a clearer blast radius.

  1. LowLocal presentation

    Copy, isolated style, or static content with focused render and regression checks.

  2. MediumShared behavior

    Reusable component, routing, state logic, analytics, or dependency contract.

  3. HighTrust boundary

    Auth, money, permissions, migrations, secrets, destructive actions, or external side effects.

Figure 2: Review depth should follow consequence, not line count.

Ask the agent to explain risky decisions

A useful explanation should name local patterns, alternatives, and consequences rather than paraphrase the diff.

Before implementation, I would answer:

  • Why this pattern?
  • Which repository convention applies?
  • What alternative was rejected?
  • What could fail?

The artifact is a decision note for each high-risk change. Its job is to expose the tradeoff early enough that design, engineering, support, or product can disagree with something concrete. The common trap is accepting a generated summary as evidence of understanding; it moves uncertainty downstream and makes the final interface carry a problem the system never resolved.

For me, the useful receipt is reviewable reasoning tied to the codebase. That connects risk-tiered review as the quality boundary between fast implementation and production accountability to an observable result instead of a process claim.

I would test this with one typical case and one boundary case. The typical case should make “Why this pattern?” easy to answer. The boundary should force a decision about “Which repository convention applies?” and “What alternative was rejected?.” I would record both in a decision note for each high-risk change, including the part that stayed unresolved after the first pass. The final check, “What could fail?,” is where the artifact earns its place: it either supports reviewable reasoning tied to the codebase, or it shows exactly why another iteration is needed.

Read the code at trust boundaries

Auth, payments, permissions, migrations, secrets, and destructive actions require direct human inspection.

I would use these prompts during the working review:

  • Can access expand?
  • Can data be lost?
  • Can an action duplicate?
  • Can a secret reach the client?

If the team slips into sampling generated code evenly instead of following consequence, the product can still look complete while its operating rule stays ambiguous. I would make a trust-boundary checklist with file references the shared reference and keep it small enough to update as evidence changes.

The standard is focused review where failure costs most. That tells me whether the decision helped the product, not merely whether the document was completed.

The working sequence is small: draft a trust-boundary checklist with file references, review it against “Can access expand?,” implement the narrowest useful path, and then return with evidence for “Can data be lost?.” I would use “Can an action duplicate?” to inspect product consequence and “Can a secret reach the client?” to decide whether the result is stable enough to ship. This keeps sampling generated code evenly instead of following consequence visible as a known risk and makes focused review where failure costs most the release receipt rather than a hopeful conclusion.

SignalDecisionWorking note
ClaimWhat changedThe menu works, data sorts, migration preserves metadata, or retry stays safe.
CheckHow it was exercisedCommand, fixture, viewport, route, request, query, or failure simulation.
EvidenceWhat was observedOutput, screenshot, row, event, status code, focus path, or production response.
Figure 3: The strongest receipt maps each claim to an observed check.

Test the failure state the code implies

Generated tests often confirm the same happy path the implementation was optimized to pass.

I would pressure-test that decision with four questions:

  • What if the provider fails?
  • What if data is empty?
  • What if retry repeats?
  • What work stays preserved?

The failure mode here is treating code coverage as behavioral coverage. In software delivery where human-authored and AI-assisted changes need review depth matched to product consequence, ownership boundaries, security, data risk, and recovery, that can hide the exact boundary a reviewer or teammate needs to understand. My working artifact would be a failure fixture paired with the main test. I want it close enough to the implementation that it can change the work, not created afterward to decorate the story.

The result I would look for is evidence that recovery was designed. That is a narrower claim than saying the whole system improved, but it is also one I can verify and defend.

In practice, I would put a failure fixture paired with the main test beside the question “What if the provider fails?” before the first implementation review. The next pass would use “What if data is empty?” to test the boundary, then “What if retry repeats?” to expose the state most likely to be missed. I would keep “What work stays preserved?” for the release check because it asks whether the decision still holds outside the ideal path. The work is ready to move when the artifact can explain the choice and the observed result supports evidence that recovery was designed.

Inspect UI with real content

Visual QA should include narrow screens, long labels, open menus, keyboard focus, loading, and errors.

The practical review starts here:

  • Which content creates pressure?
  • Which state changes geometry?
  • Can keyboard users complete it?
  • Does mobile keep the primary action?

Those questions keep checking only the default desktop screenshot from becoming the default. I would capture the decision in a browser-state receipt with two viewports, then use it while the work is still cheap to change. For evidence-based code review for AI-assisted and human-authored changes, the artifact should make ownership, constraint, and next action visible without requiring a private explanation.

Success would look like interface proof that matches production variability. If I cannot point to that evidence, I have a direction, not a finished decision.

The implementation move is to make a browser-state receipt with two viewports part of the working surface. I would use it to answer “Which content creates pressure?” while scope is still flexible, and “Which state changes geometry?” before code or content becomes expensive to unwind. During QA, “Can keyboard users complete it?” and “Does mobile keep the primary action?” become concrete checks rather than discussion prompts. That sequence turns evidence-based code review for AI-assisted and human-authored changes into something the team can operate and gives me a specific outcome to report: interface proof that matches production variability.

Verify data changes independently

Migration files and data clients need checks that confirm row meaning, conflict behavior, permissions, and preservation.

Before implementation, I would answer:

  • Can the change rerun?
  • What does upsert replace?
  • Are unrelated metadata keys safe?
  • Does the application read the result?

The artifact is a query-and-route data receipt. Its job is to expose the tradeoff early enough that design, engineering, support, or product can disagree with something concrete. The common trap is assuming generated SQL is safe because it parses; it moves uncertainty downstream and makes the final interface carry a problem the system never resolved.

For me, the useful receipt is stronger data integrity evidence. That connects risk-tiered review as the quality boundary between fast implementation and production accountability to an observable result instead of a process claim.

I would test this with one typical case and one boundary case. The typical case should make “Can the change rerun?” easy to answer. The boundary should force a decision about “What does upsert replace?” and “Are unrelated metadata keys safe?.” I would record both in a query-and-route data receipt, including the part that stayed unresolved after the first pass. The final check, “Does the application read the result?,” is where the artifact earns its place: it either supports stronger data integrity evidence, or it shows exactly why another iteration is needed.

Audit dependency and configuration churn

Agents can solve a local problem by introducing a package, script, or config change with long-term cost.

I would use these prompts during the working review:

  • Is the dependency necessary?
  • Does the repository already have a helper?
  • Is the version pinned?
  • What build surface changed?

If the team slips into accepting infrastructure churn hidden beside feature code, the product can still look complete while its operating rule stays ambiguous. I would make a dependency justification line the shared reference and keep it small enough to update as evidence changes.

The standard is a smaller and more maintainable change. That tells me whether the decision helped the product, not merely whether the document was completed.

The working sequence is small: draft a dependency justification line, review it against “Is the dependency necessary?,” implement the narrowest useful path, and then return with evidence for “Does the repository already have a helper?.” I would use “Is the version pinned?” to inspect product consequence and “What build surface changed?” to decide whether the result is stable enough to ship. This keeps accepting infrastructure churn hidden beside feature code visible as a known risk and makes a smaller and more maintainable change the release receipt rather than a hopeful conclusion.

Record what was not verified

A credible receipt names unavailable credentials, external systems, uncommon devices, or live-only behavior.

I would pressure-test that decision with four questions:

  • Which check could not run?
  • Why not?
  • What residual risk remains?
  • Who can complete it?

The failure mode here is turning unknowns into implied passes. In software delivery where human-authored and AI-assisted changes need review depth matched to product consequence, ownership boundaries, security, data risk, and recovery, that can hide the exact boundary a reviewer or teammate needs to understand. My working artifact would be an unverified-and-owner section. I want it close enough to the implementation that it can change the work, not created afterward to decorate the story.

The result I would look for is a merge decision based on honest evidence. That is a narrower claim than saying the whole system improved, but it is also one I can verify and defend.

In practice, I would put an unverified-and-owner section beside the question “Which check could not run?” before the first implementation review. The next pass would use “Why not?” to test the boundary, then “What residual risk remains?” to expose the state most likely to be missed. I would keep “Who can complete it?” for the release check because it asks whether the decision still holds outside the ideal path. The work is ready to move when the artifact can explain the choice and the observed result supports a merge decision based on honest evidence.

Make review receipts reusable

Repeated AI review failures should improve prompts, fixtures, scripts, and repository guidance.

The practical review starts here:

  • What did the agent miss?
  • Which check caught it?
  • Can the rule move into tooling?
  • Should task context change?

Those questions keep fixing the same generated mistake one PR at a time from becoming the default. I would capture the decision in a review-learning backlog, then use it while the work is still cheap to change. For evidence-based code review for AI-assisted and human-authored changes, the artifact should make ownership, constraint, and next action visible without requiring a private explanation.

Success would look like an AI workflow that compounds engineering quality. If I cannot point to that evidence, I have a direction, not a finished decision.

The implementation move is to make a review-learning backlog part of the working surface. I would use it to answer “What did the agent miss?” while scope is still flexible, and “Which check caught it?” before code or content becomes expensive to unwind. During QA, “Can the rule move into tooling?” and “Should task context change?” become concrete checks rather than discussion prompts. That sequence turns evidence-based code review for AI-assisted and human-authored changes into something the team can operate and gives me a specific outcome to report: an AI workflow that compounds engineering quality.

What I would show in the work

The public version needs evidence from the work itself. For this topic, the first five artifacts I would reach for are:

  • a request-to-diff scope map
  • a touched-systems map
  • a decision note for each high-risk change
  • a trust-boundary checklist with file references
  • a failure fixture paired with the main test

I would not publish all five at equal weight. One should orient the reader, one should reveal the hardest tradeoff, and one should prove the result. The others can live in a downloadable note or appear as supporting frames. That edit matters because risk-tiered review as the quality boundary between fast implementation and production accountability becomes harder to understand when every process detail is treated as equally important.

I would also show one rejected direction. The useful version is specific: which option looked attractive, which constraint made it wrong, and what evidence supported the narrower choice. That gives an engineering manager something real to question and keeps the case study from reading like the final answer was obvious from the beginning.

risk-tiered-code-review.md
# Ready
Evidence matches risk
Expected and failure states pass, diff is understood, and ownership is clear.

# Revise Fix is bounded Missing test, unclear state, duplicate abstraction, or weak receipt can improve now.

# Escalate Human decision needed Product ambiguity, security boundary, data risk, or external access exceeds the task.

Figure 4: A merge decision should preserve unresolved uncertainty.

Resource path

The practical follow-up I would build is a risk-tiered code review receipt with intent, diff map, consequence level, ownership boundary, commands, browser states, data checks, unresolved risk, and reviewer decision. I am treating that as a resource backlog item, not pretending the adjacent downloads below are the same artifact. The related cards cover useful pieces of the workflow today; this specific file should only be published when its examples, fields, and instructions are complete.

The first version should stay concise: context, constraint, decision, evidence, owner, and follow-up. Its value would come from helping someone repeat this exact review, not from adding another generic PDF to the site.

Review checklist

The article-specific review questions are:

  • What was requested?
  • Which modules changed?
  • Why this pattern?
  • Can access expand?
  • What if the provider fails?
  • Which content creates pressure?
  • Can the change rerun?
  • Is the dependency necessary?
  • Which check could not run?
  • What did the agent miss?

I would add two editorial checks before publishing: can a recruiter find the point in the first minute, and can an engineer trace at least one claim to an implementation or production receipt? If either answer is no, the article needs another edit.

Implementation notes

For evidence-based code review for AI-assisted and human-authored changes, I would write the implementation note before polish. It would name the changed surface, source of truth, owner, failure boundary, and verification path. Those details prevent the principle from floating above the actual code or operational workflow.

The proof signals I care about are specific to this article:

  • interface proof that matches production variability
  • stronger data integrity evidence
  • a smaller and more maintainable change
  • a merge decision based on honest evidence
  • an AI workflow that compounds engineering quality

I would choose two or three of those signals for the first release rather than instrumenting everything. The strongest pair usually combines one direct behavior check with one operating check: a route and a data query, a keyboard path and a support state, a handler replay and a reconciliation result, or a migration count and a rendered screen.

The follow-up belongs in the note before shipping. It should say what remains temporary, what evidence would trigger another pass, and who owns that decision. That is how the first version stays intentionally narrow without making the boundary invisible.

Case-study packaging

I would structure the case-study version around the four visual lessons already established:

  • AI code earns trust through scope, understanding, and evidence.
  • Review depth should follow consequence, not line count.
  • The strongest receipt maps each claim to an observed check.
  • A merge decision should preserve unresolved uncertainty.

The opening frame explains the product pressure. The middle two show the decision moving through the system. The last frame is the receipt: what was checked, what held, and what remained unresolved. That order lets the reader move from product judgment into implementation detail without reconstructing the whole project first.

I would include one caveat tied to software delivery where human-authored and AI-assisted changes need review depth matched to product consequence, ownership boundaries, security, data risk, and recovery: a data limit, rollout boundary, unsupported state, external dependency, or result that is still directional. A precise caveat makes the evidence easier to trust because it shows where the claim stops.

The final test is whether the page creates a better conversation. If the artifact helps someone ask a sharper question about product judgment, implementation detail, or release proof in a live interview, it belongs in the story.

Interview angle

In an interview, I would explain this through risk-tiered review as the quality boundary between fast implementation and production accountability. The story should start with the product pressure, then move into the system constraint, the artifact, and the proof. That order keeps the answer grounded. It also gives the interviewer several places to go deeper: data, frontend architecture, design systems, support, migration, accessibility, or release process.

The strongest version of the answer includes a tradeoff. I want to be able to say what I chose, what I left alone, and how I knew the work helped. That is more credible than presenting every project as a clean win.

The hiring signal

Risk-tiered code review is a hiring signal because it shows I can move quickly without applying the same shallow checklist to copy changes, shared components, migrations, payments, and permissions.

That is the level I want this site to communicate. The work should show taste, but it should also show operating judgment. It should make me look like someone who can enter a real product system, understand the messy middle, ship the useful version, and leave enough proof for the next person to trust it.

Companion artifacts

Use this after reading.

Practical downloads and templates that turn the article into something you can bring into a product review, implementation pass, or agent workflow.

DownloadJun 2026

UI PR Risk Review Checklist

A merge-readiness checklist for product intent, states, accessibility, visual durability, and UI implementation risk.

UI reviewQAFrontend
View details
DownloadJun 2026

AI Product Sprint Checklist

A practical sprint checklist for using AI across discovery, UX, implementation, and verification without skipping product judgment.

AI workflowProductDelivery
View details
DownloadJun 2026

Prompt Library for UI Critique

Reusable prompts for pressure-testing layout, copy, hierarchy, accessibility, interaction states, and implementation risk.

PromptsDesignReview
View details