Skip to main content
Beginner5 min read

Diff Review

Read every changed line before accepting. The agent's summary is its intent; the diff is what it actually did — and they are not the same artifact.

Signals

  • You accept agent work after reading its summary, not its diff
  • Changes you never asked for surface later — in staging, or in production
  • Diffs are routinely large enough that you skim instead of read
diff reviewcode reviewagent outputgit diffverification

Relationship Map

2.2Scope Fence3.2Checkpoint …5.2Adversarial…5.4Diff Review

Without

Agent reports: refactored auth, all tests pass
You read the summary
Looks reasonable — accept
Unrequested change ships unseen
Find it in production

With

Agent reports: refactored auth, all tests pass
You read the diff, every line
Spot the unrequested logout change
Reject that hunk before it lands
Only intended change ships

Problem

The says: "Refactored the auth middleware to use the new format. All tests pass." It is telling the truth. It also, in passing, changed the session timeout from 24 hours to 30 minutes because a constant looked stale, and deleted a feature-flag check it judged dead. Neither was requested. Neither is in the summary. Both are in the diff.

You read the summary, it matched what you asked for, you accepted. The summary is an accurate description of the agent's intent. The diff is a complete record of its actions. When you review the summary instead of the diff, you are verifying the agent's understanding of what it did — which is exactly the thing that is unreliable when it is wrong.

Agent summaries are systematically lossy in one direction: they describe the work you asked for and omit the work you didn't. Not from deception — the agent is summarizing against your request, so changes orthogonal to the request fall out of the summary while staying in the code. The gap between "what it says it did" and "what the diff shows" is precisely where unrequested, unreviewed behavior ships.

Solution

Read the diff. Every changed line, every changed file, before you accept anything. The summary tells you where to look; it never substitutes for looking.

Make the diff small enough to actually read. This is the part people skip, and it is why diff review fails in practice. A 600-line diff does not get reviewed — it gets skimmed, and skimming is the failure mode with extra steps. Small diffs come from upstream discipline:

A reviewable diff is an upstream decision, not a review-time wish:
- Scope Fence (2.2)       → fewer files touched
- Checkpoint Loop (3.2)   → fewer lines per checkpoint
- Vertical Slice (3.1)    → one coherent change, not a tangle
Review is only as good as the diff is small.

Read with a question, not a vibe. Skimming asks "does this look fine?" Reviewing asks specific questions:

For every hunk, askLooking for
Did I ask for this change?Unrequested scope — the silent timeout edit
What input breaks this line?Edge cases the happy path hides
What used to be here?Deletions — the riskiest, least visible change
Does this match the summary?The gap between stated intent and actual action

Pay the most attention to deletions and the least to additions. A reviewer's eye is drawn to new code. The expensive agent mistakes are usually removals — a guard clause, a check, a branch the agent decided was unnecessary. Read what the - lines took away, not only what the + lines added.

Reject at the hunk level. "Mostly good" is not accept. The unrequested timeout change rides into production on the back of a good refactor precisely because the refactor was fine. Accept the hunks you reviewed and intended; send the rest back by name.

The Summary Is a Map, Not the Territory

"All tests pass" means the tests that exist passed — it says nothing about the behavior no test covers (that is Regression Guard). "Refactored X" describes the goal, not the full set of edits. Treat the agent's summary as a claim to verify against the diff, never as a report you can accept in place of the diff. The moment the summary replaces the read, you have stopped reviewing.

Signals

  • You accept agent work after reading its summary, not its diff
  • Changes you never asked for surface later — in staging, or in production
  • Diffs are routinely large enough that you skim instead of read
  • The risky surprises, when found, are in deleted lines you glossed over
  • "All tests pass" is doing the load-bearing work in your accept decision

Consequences

Benefits:

  • Unrequested changes are caught at review, not in production
  • You verify actions, not the agent's possibly-wrong description of them
  • Deletions — the highest-risk, lowest-visibility edits — get real scrutiny
  • Creates back-pressure toward small, scoped, genuinely reviewable changes
  • The cheapest verification pattern there is: no tooling, only discipline

Costs:

  • Real time and attention, paid on every change, by you
  • Collapses into skimming once diffs get large — depends on upstream scoping
  • Catches what you recognize as wrong; subtle logic errors can still read as fine
  • Doesn't scale with throughput — at volume, delegate it (Adversarial Review)