Automated code reviews are coming to Google's Gemini CLI Conductor extension – here's what users need to know
A new feature in the Gemini CLI extension looks to improve code quality through verification
Google has added code validation capabilities to its Gemini CLI coding extension Conductor in a move aimed at tackling some of the challenges of using AI for software engineering.
The tech giant first unveiled the Conductor extension back in December, aiming to create context-driven development by shifting projects out of chat logs and into markdown files. Now, it's adding a new feature to help coders verify their work.
"Our new Automated Review feature allows Conductor to go beyond planning and execution into validation, generating post-implementation reports on code quality and compliance to the guidelines you’ve defined," the company said in a blog post.
Once the coding agent finishes its tasks, Conductor will generate a report where it reviews code, ensures everything meets user-set guidelines and compliance requirements, and runs a basic security review to look for critical vulnerabilities before code is merged.
This includes probing for hardcoded API keys or personal information that could leak, according to Google. Beyond that, Conductor includes test-suite validation.
"Instead of relying on manual execution, Conductor integrates your entire test suite directly into the review workflow," the post added.
"It runs all relevant unit and integration tests, then incorporates the results and coverage data into the final report to provide a unified view of whether the new code actually functions as intended within your existing ecosystem."
Google eyes security gains with Gemini CLI
The aim is for Automated Review to give developers detailed information on what needs improvement or addressing, offering a clear workflow that includes the exact file path to fix issues.
"This level of detail ensures that 'agentic' development doesn't mean 'unsupervised' development," the blog post noted.
"Instead, it creates a workflow where the AI provides the labor and the developer provides the high-level architectural oversight, backed by automated verification."
Google suggested more features were on the way, noting the latest updates are evidence of the company's aim to make "AI development safe, predictable and architecturally sound."
Trust but verify
The rise of AI coding tools has sparked concerns about errors introduced by agents and other automation tools – especially with code that looks correct and production ready, but contains security risks.
Indeed, AI-generated code is already the cause of one in five breaches, according to one survey.
Adding another layer of verification and supervision could be critical in stopping disastrous flaws before they cause havoc – especially given that developers are now falling foul of these on a frequent basis.
A recent survey found nearly half of software developers don't check AI-generated code, in part because it's harder to review code produced by AI than humans.
Nigel Douglas, head of developer relations at Cloudsmith, said while the feature could prove useful, it won’t address all the challenges presented by AI-generated code.
"An AI coding CLI without automated reviews is like a chainsaw without an ‘off’ button, but, unfortunately, these changes focus only on the code that’s been generated –completely skipping the upstream components it’s pulling in," he said.
"If an AI coding assistant suggests a package that doesn’t exist or has already been infected with malware, you’ll end up shipping vulnerabilities far faster than you can catch them.
“Peer reviews can’t work the way they’ve always worked when LLMs can generate thousands of lines of functional code in minutes. No human can – or should – read that fast.
FOLLOW US ON SOCIAL MEDIA
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
-
AI might help speed up software development, but 81% of devs now spend more time reviewing code – and it’s creating an ‘invisible work’ trend that’s pushing teams to the limitNews While AI is improving productivity and efficiency, many developers are caught up in a vicious cycle of code reviews and bug hunting
-
Developers warned to avoid 'early-access' Google Gemini toolsNews Attackers are tempting would-be users into downloading reverse shell malware
-
Everything you need to know about the GitHub Copilot pricing changesNews GitHub Copilot pricing changes mean users will be charged based on consumption, rather than a set number of credits
-
Developers are slacking on AI-generated code safety – here's why it could come back to haunt themNews While organizations are aware of the risks, many are spending little time or effort on tracking artifact versions, origins, and security attestations
-
'AI doesn't solve the burnout problem. If anything, it amplifies it': AI coding tools might supercharge software development, but working at 'machine speed' has a big impact on developersNews Developers using AI coding tools are shipping products faster, but velocity is creating cracks across the delivery pipeline
-
Big tech is clamping down on open source ‘AI slop’ reportsNews Firms including Microsoft, OpenAI, and Google have pledged funding to bolster open source security and cut down on slop reports
-
‘AI tools are now able to transcend their initial training’: Researchers taught GPT-5 to learn an obscure programming language on its ownNews OpenAI’s GPT-5 learned to code in Idris despite a lack of available data, baffling researchers
-
Microsoft CEO Satya Nadella says 'anyone can be a software developer' with AI, but skills and experience are still vitalNews AI will cause job losses in software development, Nadella admitted, but claimed many will reskill and adapt to new ways of working
