Cloudflare Deploys Coordinated AI Agents to Slash Code Review Delays
Cloudflare has rolled out a new AI-powered code review system that uses up to seven specialized agents to dramatically cut wait times for merge requests, the company announced today. The system, built internally and based on the open-source framework OpenCode, aims to eliminate a major bottleneck in software development: the time engineers spend waiting for human reviewers.
“The median wait time for a first review across our internal projects was often measured in hours,” said Jordan Cohen, Senior Engineering Manager at Cloudflare. “With this orchestrated AI approach, we’ve been able to provide near-instant feedback on incoming code changes.”
The new system runs within Cloudflare’s CI/CD pipeline. When an engineer opens a merge request, a coordinator agent assigns the code to up to seven specialized AI reviewers covering security, performance, code quality, documentation, release management, and compliance with Cloudflare’s internal Engineering Codex. These agents work in parallel, and the coordinator deduplicates their findings, judges severity, and posts a single structured review comment.
“Instead of relying on one generic LLM prompt that often returns noisy or hallucinated results, we launch a coordinated team of specialists,” Cohen explained. “This gives us far more accurate bug detection and cleaner approvals.”
The system has been tested internally across tens of thousands of merge requests. It now approves clean code automatically, flags real bugs with high accuracy, and can even block merges when it detects serious security vulnerabilities or other critical issues. “It’s become a trusted gatekeeper in our pipeline,” Cohen added.
Background
Code review is a well-known best practice for catching bugs and sharing knowledge, but it can also slow down engineering teams. A merge request sits in a queue until a reviewer context-switches to read the diff. Even then, feedback is often a mix of nitpicks and genuine issues, leading to a back-and-forth cycle that delays deployment.
Cloudflare initially experimented with third-party AI code review tools. While many offered customization, they lacked the flexibility needed for an organization of Cloudflare’s size. The company then tried a simpler approach: feed a git diff into a large language model with a basic prompt. That resulted in “a flood of vague suggestions, hallucinated syntax errors, and unhelpful advice like ‘consider adding error handling’ on functions that already had it,” according to the team.
Realizing that a naive summarization approach wouldn’t work on complex codebases, Cloudflare shifted to a CI-native orchestration system built around OpenCode. The architecture avoids a monolithic agent in favor of multiple specialized reviewers coordinated by a central agent. This design ensures each agent focuses on its domain, reducing noise and improving accuracy.
What This Means
Cloudflare’s approach showcases how large-scale engineering organizations can use AI to augment—rather than replace—human code review. By offloading routine checks and initial passes to specialized agents, human reviewers can focus on higher-level design issues and complex logic. The system also enforces consistency across thousands of repositories by applying the same automated checks to every merge request.
“This is just one piece of our broader Code Orange initiative to improve engineering resiliency,” Cohen said. “By catching problems earlier in the pipeline, we reduce the risk of shipping bugs and security flaws to production.”
The success of this orchestrated AI model could inspire other large tech companies to move beyond single-LLM copilots toward coordinated multi-agent systems. It also highlights the importance of domain-specific agents over generic prompts for critical paths like CI/CD.
For now, Cloudflare plans to continue refining the system, adding more specialized agents and improving the coordinator’s decision-making. The company has also open-sourced parts of the framework to encourage community contributions.
This article is based on information provided by Cloudflare. For more details, see the original technical blog post.