Cloudflare built a CI-native AI code review system using OpenCode that orchestrates up to seven specialized AI agents per merge request, covering security, performance, code quality, documentation, release management, and compliance. The architecture uses a composable plugin system, risk-tiered agent selection (trivial/lite/full), circuit breakers with model failback chains, and a coordinator agent that deduplicates and judges findings before posting a single structured review comment. After 30 days across 5,169 repositories and 131,246 review runs, the median review completes in 3m 39s at $0.98, with an 85.7% prompt cache hit rate. Key engineering challenges covered include JSONL streaming, prompt injection sanitization, incremental re-reviews, dynamic model routing via Workers KV, and the limitations of AI review for architectural and cross-system concerns.
Table of contents
The architecture: plugins all the way to the moonHow we use OpenCode under the hoodSpecialised agents instead of one big promptThe coordinator helps keep things focusedRisk tiers: don't send the dream team to review a typo fixDiff filtering: getting rid of the noiseThe spawn_reviewers tool: concurrent orchestrationResilience: circuit breakers and failback chainsThe control plane: Workers for config and telemetryRe-reviews: not starting from scratchKeeping AI context fresh: the AGENTS.md ReviewerHow our teams use itShow me the numbers!So, what does a review look like?Limitations we're honest aboutWe’re just getting startedSort: