Day 5 · Lesson 3 — Spec-Driven Production Development
When agents write faster than humans can read, the old process breaks.
AI eliminated the code-writing bottleneck and moved it downstream, onto the humans who must review and integrate. Bolting agents onto a 20-year-old workflow is "a jet engine on a horse-drawn carriage." This lesson is how review survives the volume.
From Day 1 L5: as you orchestrate more, the bottleneck moves to —
Verification/review. Day 5 is that bottleneck at team scale, a flood of AI-generated PRs that no human can read line by line.
A single hallucination can be a thousand lines of "vibe-consistent" broken logic, not just one isolated bug. At team scale that produces three predictable pathologies:1
To survive the volume without burning out reviewers:1
A review skill you invoke by hand doesn't scale. The next step is a continuous agent that watches the repo and comments without being asked. How custom you go is a spectrum trading control for simplicity:1
| Tier | What | Trade |
|---|---|---|
| 1 · Managed | Off-the-shelf SaaS reviewer (Gemini Code Assist) — enable per-seat | Vendor's opinions, not yours — misses house style / domain risk |
| 2 · Hybrid | Your review skill (code-check.md) run by a CI action — the right start for most | You own prompts + criteria; CI owns runtime |
| 3 · Custom | An ADK agent on Agent Engine with durable sessions/memory | Cross-PR context — but you own eval, observability, cost, on-call |
Three questions pick your tier: how specific is your review criteria? · must it remember across runs? · what's the worst case if it's wrong? (a merged regression or leaked secret → Tier 3 with a policy server in front). Pick the lowest tier that catches what matters. A fintech started on Tier 1, found it missing unmasked PII in logs, and fixed it with a 40-line Tier-2 skill.
Tier 3 at full scale is more than an agent that watches PRs; it understands the system they live in: code + docs + tickets ingested into a knowledge graph, three retrieval modes (graph traversal, vector, full-text), and a sub-agent pipeline (Search → Story → Impact → Task-breakdown → Coding). It answers "what breaks if I change this?" with a precise impact map, moving million-line refactors from two weeks to hours.
A continuous reviewer that watches every PR and nightly sweep is a standing V Validation gate and an E Evidence generator, catching the CVE and the six-month-old TODO that became a security gap. The Conditional LGTM is an automated gate (tests green → merge), the eval-not-demo bar from Day 1. And the three tiers are literally a governance-maturity ladder for review: Tier 1 Observed, Tier 2 Controlled-for-your-rules, Tier 3 approaching self-governing (an agent that decomposes "audit this service for compliance drift" itself).
Ladder read: humans nitpicking every AI PR by hand is unscalable and L1-fragile; a continuous reviewer with a policy server on high-risk merges is the L3 review posture. Match the tier to the blast radius.
Attach an AI-generated summary + risk assessment to your PRs so reviewers see impact, not lines.
And write a code-check.md review skill you can invoke on your own work first.
Adopt the Conditional LGTM and split ownership (APIs vs UX) to cut merge conflicts. Start continuous review at Tier 2, your skill and your CI. And build a no-blame culture.
Pick the lowest review tier that catches what matters, escalating to Tier 3 (graph-native, policy-gated) only where a merged regression or leaked secret is the worst case. Fund review as infrastructure.
Recall, don't re-read.
The "Conditional LGTM" approves a PR contingent on —
Approve now, merge automatically when tests go green, eliminating cross-timezone delay. An automated gate, the eval-not-demo bar applied to merging.
For most teams, the right starting tier for continuous review is —
Tier 2 Hybrid: your code-check.md run by a CI action, so you own the
criteria and CI owns the runtime. Tier 1 misses house-specific risk; Tier 3 means owning eval and on-call.
Human review should now focus on —
Reimagined ownership: humans guard the architecture; automated linters and stylebooks handle style on disposable, agent-written code.
Ask: when an agent opens a PR on your repo, what reviews it before a tired human on Friday afternoon?
If the answer is "nothing automated," wire up a Tier-2 code-check.md in CI. It's the single
highest-leverage move once you're shipping AI PRs at volume.
Spec-Driven Production Grade Development (Day 5), "Team Culture & Process Evolution", "Code Reviews", and the three-tier reviewer spectrum pp.18–25.
Up next → Day 5 · Lesson 4: Zero-Trust Development. The safety net: the 50-false-emails incident, and the guardrails that stop a useful tool becoming an unpredictable one: sandboxing, human-in-the-loop, the Policy Server, and context hygiene.
Related: Day 1 L5: the review bottleneck · ← Day 5 L2 · Course home