Review AI-Generated Code

The quality problem with AI-generated code

AI coding assistants - GitHub Copilot, Cursor, Claude, ChatGPT - have fundamentally changed how developers write software. They accelerate prototyping, reduce boilerplate, and make it possible to build functional applications faster than ever before. But speed and correctness are different things.

AI-generated code tends to produce certain categories of issues that are distinct from the bugs humans write. The code often looks correct at first glance. It compiles, it runs, and it appears to do what was asked. The problems are subtler: type coercions that silently lose precision, error handling that catches everything but handles nothing, security assumptions that are reasonable in a tutorial but dangerous in production.

These issues are difficult to catch in traditional code review because the reviewer is looking at code that appears plausible and well-structured. The AI wrote it with confidence, and that confidence is contagious. A human reviewer skimming a 200-line function generated by an AI assistant may miss that the error handling on line 47 swallows a critical database connection failure, or that the authentication check on line 112 is checking the wrong user context.

The problem compounds when teams adopt what is sometimes called "vibe coding" - generating large amounts of code through AI assistants with minimal manual review, relying on tests to catch issues. Tests verify that the code does what it was designed to do, but they rarely verify that it handles the cases it was not designed for. And AI-generated tests tend to share the same blind spots as the AI-generated code they test.

VibeRails as a quality gate

VibeRails addresses this gap by providing a systematic, full-codebase review that is specifically effective at catching the kinds of issues AI coding tools introduce. After an AI coding session - whether that is an afternoon of Copilot-assisted development or a larger codebase generated through Claude or Cursor - run VibeRails to get an independent assessment of code quality.

Because VibeRails uses frontier LLMs to analyse code, it applies the same kind of semantic understanding that a skilled human reviewer would. But unlike a human, it reviews every file systematically, applying the same rigour to utility functions and configuration files as it does to core business logic. It does not get tired, it does not skip files, and it does not assume that well-formatted code is correct code.

The detection categories most relevant to AI-generated code include:

• Type safety - implicit type coercions, missing null checks, incorrect generic constraints, unsafe casts that compile but fail at runtime
• Error handling - catch blocks that swallow exceptions, missing error boundaries, async operations without rejection handling, inconsistent error propagation
• Security - missing input validation, hardcoded secrets, permissive CORS configurations, insecure default settings that work for demos but not production
• Dead code - unused imports, unreachable branches, variables assigned but never read, functions defined but never called
• API design - inconsistent naming conventions, missing validation on public interfaces, undocumented side effects, tight coupling between modules
• Performance - unnecessary re-renders, N+1 query patterns, synchronous operations that should be async, memory leaks from unclosed resources

The workflow: generate, review, triage, fix

Integrating VibeRails into an AI-assisted development workflow is straightforward. The process follows four stages that fit naturally around existing AI coding practices.

• Generate. Use your preferred AI coding tool - Copilot, Cursor, Claude Code, ChatGPT - to build features, refactor modules, or generate new components. Work at whatever pace the AI enables.
• Review. Once the coding session is complete, point VibeRails at the project and run a full-codebase review. VibeRails analyses every file and produces structured findings across all 17 detection categories.
• Triage. Review the findings in triage mode. Use keyboard shortcuts to rapidly accept genuine issues and reject false positives. Focus on the categories most relevant to AI code: type safety, error handling, security, and dead code. The triage workflow is designed for speed - you can process dozens of findings in minutes.
• Fix. For accepted findings, create a fix session. VibeRails dispatches AI agents to implement the recommended changes. Each fix is generated in your local repository where you can review the diff, run tests, and commit or revert. The AI fixes the issues that AI introduced, with your judgement guiding which fixes to keep.

This cycle can be repeated as frequently as needed. Some teams run a VibeRails review at the end of every AI coding session. Others run it weekly as part of a quality check cadence. The session-based architecture means each review captures a snapshot, making it easy to compare code quality over time.

Why AI should review AI

There is an apparent irony in using AI to review AI-generated code. But the approach works for the same reason that a second pair of eyes catches bugs a first pair misses: different contexts produce different blind spots.

The AI that generated the code was operating within the context of a conversation, a prompt, and a specific task. It optimised for fulfilling the request. The AI performing the review operates in a different context: it is looking at the code as written, without knowledge of the conversation that produced it, and evaluating it against a structured set of quality criteria. This separation of concerns is what makes the approach effective.

VibeRails strengthens this further with its dual-model capability. Claude Code and Codex CLI use different model architectures, different training approaches, and different reasoning patterns. When both models independently flag the same issue in AI-generated code, confidence is high. When they disagree, it surfaces areas that deserve closer human attention.

The goal is not to replace human review, but to make it more effective. VibeRails surfaces the issues that matter, filters out the noise, and presents findings in a structured format that lets engineers make informed decisions quickly. The human remains in the loop, applying judgement about what to fix, what to accept, and what to defer.