GC-201b · Module 3
Automated Code Review Pipelines
3 min read
Automated code review with Gemini CLI goes beyond basic linting. The 1M context window means you can load the entire PR diff alongside the project's GEMINI.md (coding standards), relevant test files, and even the deployment configuration — all in a single prompt. The review checks not just syntax and style but architectural consistency, security patterns, test coverage gaps, and compliance with team conventions encoded in GEMINI.md.
The most effective automated review pipelines use a custom GEMINI.md section specifically for CI review standards. Include your team's coding standards, common antipatterns to flag, security checklist items, and performance criteria. The CI prompt references these standards explicitly: "Review this diff against the coding standards defined in GEMINI.md. Flag any violations." This makes reviews consistent and standards-driven rather than ad hoc.
## CI Review Standards
### Must Flag
- Any use of `any` type in TypeScript
- Missing error handling in async functions
- Hardcoded secrets or API keys
- Console.log statements in production code
- Missing input validation on API endpoints
### Should Flag
- Functions longer than 50 lines
- Missing JSDoc on exported functions
- Unused imports
- Complex conditionals without comments
### Architecture Rules
- All database access through the repository pattern
- No direct DOM manipulation (use React state)
- API responses must conform to the ResponseEnvelope typeDo This
- Define review standards in GEMINI.md where the whole team can maintain them
- Include test files in the review context so Gemini can assess coverage
- Post review results as PR comments for team visibility
Avoid This
- Embed review standards in CI workflow YAML where they are invisible to the team
- Review code diffs in isolation without project context or standards
- Run automated reviews but hide the results in CI logs nobody reads