Automated code reviews are coming to Google's Gemini CLI Conductor extension – here's what users need to know

Google has added code validation capabilities to its Gemini CLI coding extension Conductor in a move aimed at tackling some of the challenges of using AI for software engineering.

The tech giant first unveiled the Conductor extension back in December, aiming to create context-driven development by shifting projects out of chat logs and into markdown files. Now, it's adding a new feature to help coders verify their work.

"Our new Automated Review feature allows Conductor to go beyond planning and execution into validation, generating post-implementation reports on code quality and compliance to the guidelines you’ve defined," the company said in a blog post.

Once the coding agent finishes its tasks, Conductor will generate a report where it reviews code, ensures everything meets user-set guidelines and compliance requirements, and runs a basic security review to look for critical vulnerabilities before code is merged.

This includes probing for hardcoded API keys or personal information that could leak, according to Google. Beyond that, Conductor includes test-suite validation.

"Instead of relying on manual execution, Conductor integrates your entire test suite directly into the review workflow," the post added.

"It runs all relevant unit and integration tests, then incorporates the results and coverage data into the final report to provide a unified view of whether the new code actually functions as intended within your existing ecosystem."

Google eyes security gains with Gemini CLI

The aim is for Automated Review to give developers detailed information on what needs improvement or addressing, offering a clear workflow that includes the exact file path to fix issues.

"This level of detail ensures that 'agentic' development doesn't mean 'unsupervised' development," the blog post noted.

"Instead, it creates a workflow where the AI provides the labor and the developer provides the high-level architectural oversight, backed by automated verification."

Google suggested more features were on the way, noting the latest updates are evidence of the company's aim to make "AI development safe, predictable and architecturally sound."

Trust but verify

The rise of AI coding tools has sparked concerns about errors introduced by agents and other automation tools – especially with code that looks correct and production ready, but contains security risks.

Indeed, AI-generated code is already the cause of one in five breaches, according to one survey.

Adding another layer of verification and supervision could be critical in stopping disastrous flaws before they cause havoc – especially given that developers are now falling foul of these on a frequent basis.

A recent survey found nearly half of software developers don't check AI-generated code, in part because it's harder to review code produced by AI than humans.

Nigel Douglas, head of developer relations at Cloudsmith, said while the feature could prove useful, it won’t address all the challenges presented by AI-generated code.

"An AI coding CLI without automated reviews is like a chainsaw without an ‘off’ button, but, unfortunately, these changes focus only on the code that’s been generated –completely skipping the upstream components it’s pulling in," he said.

"If an AI coding assistant suggests a package that doesn’t exist or has already been infected with malware, you’ll end up shipping vulnerabilities far faster than you can catch them.

“Peer reviews can’t work the way they’ve always worked when LLMs can generate thousands of lines of functional code in minutes. No human can – or should – read that fast.

FOLLOW US ON SOCIAL MEDIA

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.