If I thought the service should only be 1000 lines tops:
- Reject due to excess complexity.
If it is a proper solution:
- Use AI to review it, asking it to be VERY critical of the code, and look for spots where human review may be needed, architecture wise, design wise and implementation wise.
- Ask the AI again to do a security review etc.
- Tell the author to break the PR down into human size chunks using git.
Why those things? It's likely some manager is gonna tell me review it anyways. And if so, I want to have a head start, and if there's critical shoot down level issues I can find with an AI quickly. I'd just shut the PR down now.
As in any "security" situation, in this case the security of your codebase and sanity, defense in depth is the answer.
If I thought the service should only be 1000 lines tops:
- Reject due to excess complexity.
If it is a proper solution:
- Use AI to review it, asking it to be VERY critical of the code, and look for spots where human review may be needed, architecture wise, design wise and implementation wise.
- Ask the AI again to do a security review etc.
- Tell the author to break the PR down into human size chunks using git.
Why those things? It's likely some manager is gonna tell me review it anyways. And if so, I want to have a head start, and if there's critical shoot down level issues I can find with an AI quickly. I'd just shut the PR down now.
As in any "security" situation, in this case the security of your codebase and sanity, defense in depth is the answer.