All work
AI / LLM Engineering

AI-Powered Pull Request Review Pipeline

An AI-powered code review pipeline that automatically reviews every pull request across an entire DevOps organization — current and future repositories alike — from a single shared pipeline definition.

Org-wide — all repos, incl. future ones

Repo coverage

Zero

Per-repo setup required

1 shared definition

Pipeline definitions maintained

The Problem

Manual code review is valuable but inconsistent, and rolling out an automated reviewer repo-by-repo doesn't scale as new repositories get created over time. The goal was "every PR, every repo, forever" with zero ongoing per-repo maintenance.

My Approach

  • Registered a single shared pipeline once, then attached it as an organization-wide, "all repositories" build-validation branch policy — so any new repository created in the future is automatically covered without anyone remembering to configure it.
  • Diagnosed and worked around a real platform gotcha: the CI platform's YAML pull-request triggers are silently ignored when builds are driven by branch policy instead — a subtlety that would otherwise look like "the pipeline just doesn't run."
  • Designed the pipeline so its own checked-out repository is only the review tooling, not the code under review: at runtime it looks up the pull request by ID via the platform's REST API, clones the actual target repository using a narrowly scoped access token, runs the AI review against that clone, and posts threaded comments back to the original PR.
  • Scoped the automation's permissions to exactly what it needs on the repositories it reviews (read/clone + comment on pull requests) — least privilege by design, not an afterthought.
  • Used a generative AI model as the actual review engine, triggered only on pull-request builds (not every commit), keeping cost and noise proportional to actual review events.

Stack

CI/CD

Azure DevOps PipelinesOrganization-wide branch policies

Automation

Node.jsAzure DevOps REST API

AI

Gemini API for automated code review generation

Security

Scoped access tokensLeast-privilege permission design

Practices

Platform-wide automation designSecure token-scoped cross-repo automation

Skills Demonstrated

  • CI/CD platform engineering at an organizational scale, not just a single repo
  • Deep, accurate understanding of a CI platform's actual trigger semantics (not just its documented behavior)
  • Secure automation design: scoped tokens, least privilege, tooling repo separated from target repos
  • Practical, production application of generative AI inside a developer workflow