Every pull request gets an AI review pass before human review and approval
Introduction
The team operates an orchestration model with complementary AI tools: Claude Code for inline completion, Jira integration, code review evaluations, and complex work. The code review skills built into claude-ops make it possible to run a consistent AI review on a pull request before a person looks at it.
This ADR documents that practice. Every pull request gets an automated AI review pass when it is opened. The developer addresses the AI findings, then requests human review. The architect or technical lead then performs the authoritative review described in the "All committed code undergoes code review process" ADR, and remains the person who approves and merges.
AI review is a first pass. It is advisory. It does not satisfy, shorten, or replace the human review requirement.
Decision
Run an AI review pass on every pull request before the human review and approval step. The AI pass uses the review skills configured in claude-ops.
The developer who opened the pull request is responsible for triaging the AI findings, acting on the valid ones, and dismissing false positives, before assigning the issue for human review.
The architect or technical lead performs the authoritative review and holds approval and merge authority. AI findings inform that review but do not bind it.
AI participation is disclosed using the existing git trailers (AI-assisted: true, AI-tools: claude-code) and the AI disclosure field in the pull request description.
Context
Code review is already required on every pull request, but the architect or tech lead absorbs the full cost of catching everything from style and obvious bugs to missing tests, accessibility regressions, and security smells. An AI first pass catches a meaningful share of these earlier, so the human reviewer can spend their attention on architecture, intent, and production readiness rather than mechanical issues.
This supports two pillars of the AI strategy. "Standardize Before We Automate" is served by running the same configured review skills on every project rather than relying on each reviewer's habits. "Define the Human-AI Boundary" is served by keeping the AI pass advisory and the human as the approver.
The orchestration model already exists and works. This ADR makes the review pass an expected step rather than an optional one, and ties it to the disclosure conventions in the AI traceability ADR so that AI involvement in review is auditable.
Consequences
- Issues are caught earlier, which reduces rework and lowers the load on the human reviewer.
- The human review focuses on higher-value judgment because routine findings are handled before it.
- Developers take on a triage step. AI produces false positives, and acting on them uncritically is its own risk, so the developer must judge each finding.
- The review skills in the ops projects need to be maintained and kept current, which is ongoing work owned by the team.
- Pull request preparation takes slightly longer because of the AI pass and triage.
- The AI pass is not a quality guarantee and does not transfer accountability. The architect or tech lead who approves the merge remains responsible for the code.
Exceptions
- Emergency situations where waiting on the AI pass would delay a needed fix and the architect or tech lead is available to review directly.
- Client projects or repositories where AI tools are not permitted by contract, client policy, or data sensitivity. The AI Development & Deployment Policy and the AI Software Usage Policy govern what is allowed.
- Projects where claude-ops has not been initialized. The deviation is documented per the ops project configuration ADR until the ops project is in place.