
SpaceX Bought Cursor: Your Review Gate Can't Live There
Your CI pipeline just went green. Every test passed, the build compiled, no dependency conflicts. So the PR is safe to merge, right?
No. And most teams know this on some level, but still treat "CI passed" as the final gate before merging. It's a category error that predates AI coding agents, but those agents have made the gap impossible to ignore.
A passing CI run is evidence of exactly three things:
That's it. Three narrow, well-defined claims. Everything else is inference, hope, or organizational mythology.
Here's the longer list, and the one that matters more:
No new vulnerabilities were introduced. CI doesn't do static security analysis unless you've explicitly added a SAST tool. Even then, most SAST scanners run on known vulnerability patterns. A novel insecure-by-design pattern in your application code? CI won't flag it.
No logic errors exist in untested code paths. If a function has 80% code coverage, the remaining 20% can contain anything: off-by-one errors, null pointer dereferences, race conditions. CI passes because no test touches those branches. The bugs are invisible.
No secrets were committed. Unless you've added secret scanning to your pipeline (and most teams haven't), a hardcoded AWS key in a config file sails through CI without a whisper.
No supply chain attack entered through a dependency bump. A PR that bumps a transitive dependency from 2.3.1 to 2.3.2 looks completely benign. CI installs it, tests pass. But if 2.3.2 contains a post-install script that exfiltrates environment variables, CI won't notice. It ran the script successfully. Green check.
No workflow security misconfiguration was added. Someone changes a GitHub Actions workflow to use pull_request_target instead of pull_request, or escalates permissions to write-all. CI doesn't evaluate whether the workflow file itself is secure. It just runs whatever's in it.
The design is sound. A PR can pass every test while introducing a fundamentally wrong abstraction, duplicating logic that already exists elsewhere, or coupling two modules that should never know about each other. CI has no opinion on architecture.
The mistake isn't using CI. CI is indispensable. The mistake is treating CI as a sufficient condition for merge when it's only a necessary one.
These are two different claims with no logical dependency:
The first is a subset of the second. Passing CI is necessary for merge (you shouldn't merge code that doesn't compile), but it tells you nothing about the rest. It's like checking that a car starts and concluding it's road-safe. The engine firing doesn't mean the brakes work.
Yet look at how most teams actually operate. Branch protection rules require CI to pass. Maybe they require one approving review too. But in practice, that review is often a quick scan: "CI's green, diff looks reasonable, approved." The green check does the heavy lifting psychologically. It creates a false sense of verification that makes human reviewers less rigorous, not more.
This gap existed before AI coding agents. Humans have been merging subtly broken code past green CI for decades. But agents have turned a manageable problem into a structural one.
Here's why. An AI coding agent's feedback loop is the CI result. Write code, run tests, see if they pass. If they don't, modify the code and try again. The agent is literally optimizing for "make the tests pass," because that's the only signal available to it.
And agents are very good at this. They'll produce code that reliably passes CI while introducing problems that tests structurally can't catch:
A 100% CI pass rate on agent-generated PRs is not evidence of code quality. It's evidence that the agent is good at passing tests. These are different things, and conflating them at scale is how you end up with a codebase that compiles perfectly and is rotting from the inside.
Think about it from the agent's perspective. If your test suite covers 60% of your codebase (which is above average for most organizations), the agent can introduce any behavior it wants in the other 40% and CI will never object. The agent isn't being malicious. It's just not being evaluated on anything beyond test pass rate.
These aren't hypotheticals. Each of these scenarios passes CI without issue:
A new unsafe block in Rust. An agent adds unsafe {} to bypass the borrow checker and get tests to pass. The code compiles, tests pass, and you've just silently removed memory safety guarantees that Rust was providing for free.
Hardcoded credentials in an untested path. A developer (or agent) adds a fallback database connection string with a plaintext password in a config file that no test loads. CI passes. The credentials ship to production in the container image.
A transitive dependency with a known CVE. A PR updates a direct dependency. That dependency's dependency tree pulls in a new version of a library with a published remote code execution vulnerability. CI installs everything successfully. All tests pass. The CVE is now in your supply chain.
A workflow permission escalation. A PR modifies .github/workflows/ci.yml to change permissions: read-all to permissions: write-all. CI runs the modified workflow, which now has write access to the repository, packages, and deployments. Tests pass. Nothing looks wrong. But every future workflow run now operates with elevated privileges.
In every case, CI did exactly what it's supposed to do. It ran the build, executed the tests, and reported the result. The problem is that none of these issues are in CI's job description.
If CI is necessary but not sufficient, the question becomes: what's the sufficient gate?
The answer is review that evaluates what a test suite structurally cannot: the intent, security posture, and design quality of the change itself. Not "does this code produce the right output for known inputs," but "should this code exist in this form."
Historically, that was the human code reviewer's job. And for human-authored PRs at a manageable volume, it worked well enough. But the math has changed. Teams using AI agents are seeing PR volumes increase 3-5x while reviewer bandwidth stays flat. The human gate doesn't scale, and when it doesn't scale, it degrades: reviews get faster, shallower, and more likely to rubber-stamp whatever CI already blessed.
This is exactly the gap that Tenki's Code Reviewer is built to fill. It reviews every PR at the merge boundary, evaluating the things CI can't: new unsafe patterns, credential exposure, dependency risk, permission escalations, and design-level concerns. In benchmarks against 122 real production bugs, Tenki caught 68.9% of them (84 out of 122), more than double the recall of tools like GitHub Copilot code review (24.6%) or CodeRabbit (28.7%). It understands your codebase context and can be tuned to your team's severity thresholds and coding standards.
The framing matters here. Tenki isn't replacing CI. CI is the necessary gate: does the code compile and pass tests? Tenki is the sufficient gate: is the code safe, well-designed, and actually ready for production?
If your merge policy is "CI passes plus one approval," you don't have a quality gate. You have a compilation check and a social ritual. That was an acceptable risk when humans wrote all the code and PR volume was manageable. It's not acceptable when agents are generating PRs at scale, optimizing specifically for the signal you're measuring.
CI green means the code compiles and old tests pass. It never meant the code was ready to merge. The sooner your team stops treating those as the same claim, the sooner you can build a merge policy that actually protects your codebase.
Tags
Recommended for you
What's next in your stack.