Late-night debugging sessions are no longer an edge case; they have become the norm for software development teams struggling to keep pace with the sheer volume of changes, especially as AI-assisted development accelerates. This escalating challenge underscores a critical need for review processes to transcend individual repository boundaries and understand the intricate context of interconnected systems. Itamar Friedman, co-founder and CEO of Qodo, highlights that the shift from monolithic application stacks to a multi-repository architecture for modern enterprise applications has amplified the impact of software fragilities. These issues, stemming from the complex interdependencies between repositories, now land hardest on developers, leading to significant time losses and project delays, rather than being solely contained within automated pipelines.
Friedman elaborates on this point, explaining that a software engineer might now spend days attempting to "bisect a transitive bump" – a seemingly minor dependency update in one repository that has cascading, negative effects on a downstream service. "A one-line change in one repo silently violates an architectural invariant (a condition that is always true at a specific point in a program) that another team relied on, and nobody caught it because the reviewer was skimming a 500-line code listing difference with their own deadline looming," Friedman stated in a recent interview with The New Stack. He further warns that as AI agents contribute to an increasing volume and size of pull requests, the "blast radius" of such undetected issues is poised to expand significantly.
The advent of AI agents has fundamentally reshaped the software development lifecycle. Traditional governance systems, meticulously crafted for human-paced development, were not designed to accommodate the dynamic and often accelerated nature of agentic software development. Evidence of this disruption is emerging: according to the Google DORA 2025 State of AI-assisted Software Development report, pull requests from teams with high AI adoption are already 154% larger, taking 91% longer to review, and unfortunately, shipping 9% more bugs. This data paints a clear picture of the strain on existing review and governance mechanisms.
AI-Generated Code at Enterprise Scale: A New Governance Frontier
In response to this evolving landscape, Qodo has unveiled three new platform capabilities aimed at empowering software engineering teams to maintain control amidst the rise of AI-generated code at enterprise scale. These new features—Cross-Repo Code Review, Custom Rules Miner, and Skill Review Standards—are designed to address critical governance gaps that have emerged as AI-generated code becomes more prevalent.
The architectural paradigm of multi-repository setups, often favored by advocates for its emphasis on separation of concerns, allows for the disaggregation of software based on distinct functional domains (e.g., authentication, search), different technical disciplines (e.g., database drivers, UI components), or clear team ownership boundaries. While beneficial for isolating changes and sometimes for compliance purposes, this approach inherently introduces complexity, reduces navigability, and increases the maintenance overhead. With AI now contributing its own novel streams of code, the prevalence of multi-repo configurations is expected to grow.
The mechanics at play in these distributed systems mean that as software engineering teams scale, the most critical and consequential bugs are rarely confined to a single repository. Instead, they frequently exhibit a ripple effect, impacting multiple interconnected components. A modification to a shared library, an exported API, a data schema, or an infrastructure file can inadvertently introduce breaking changes across dozens of downstream services, often without any warning surfacing at the point of merge. This lack of visibility across repository boundaries is a significant challenge for maintaining system integrity.
From Tribal Knowledge to Enforceable Standards
Traditional approaches to defining and enforcing coding standards often relied on decentralized methods, including wikis, developer annotations, informal comments, and the institutional memory of senior engineers. Qodo’s Custom Rules Miner aims to disrupt this status quo by automating the discovery of these implicit standards. Instead of requiring teams to meticulously define rules before enforcement, the platform automatically identifies coding patterns from existing codebase behavior and pull request history. These discovered patterns are then surfaced as structured, enforceable rules within the Qodo platform, providing a more systematic and scalable approach to governance.
Friedman emphasizes the limitations of previous governance models: "These kinds of standards were previously unenforceable, all because they lived in people’s heads or across system boundaries that no single tool could see: cross-repository architectural invariants, the subjective tribal knowledge of senior engineers, and AI agent workflows running outside any organizational visibility or control." This highlights a critical gap where essential development practices remained undocumented and unenforced, leading to inconsistencies and potential errors.
The challenge of subjective "tribal knowledge" is further illustrated by an anecdote Friedman shared concerning code coverage. He recounted a situation where a team needed to achieve 80% code coverage. While they proudly reported reaching 85%, a closer inspection revealed the absence of any actual assertions (automated tests that verify expected code behavior). "They had gamed the metric perfectly while testing nothing," Friedman stated. "That’s tribal knowledge failing twice over: the real standard (tests must assert behavior) lived in one senior engineer’s head and was never encoded, so the organization optimized the proxy instead of the thing. That’s precisely the gap the rules system in Qodo closes, by learning the real patterns from how good engineers work and making them enforceable.” This exemplifies how focusing on a proxy metric can lead to a false sense of security and a failure to address the actual quality of the code.
Formalizing Agent Skills and Standards for Consistent Development
Qodo’s Skill Review Standards service is designed to formalize and streamline standardization procedures, particularly as software teams increasingly leverage agent skills to encode development workflows and best practices. Managing these agent skills presents its own set of governance challenges. Qodo now offers centralized management for skills that encapsulate code review instructions, coding standards, and engineering best practices. The platform automatically discovers these skills across repositories, presents them in a dedicated portal, and enables teams to monitor and control their impact on the development process. This provides much-needed visibility and control over the diverse set of tools and processes now being managed by AI agents.
The Broader Implications of Evolving Software Architectures
The trend towards multi-repository architectures, amplified by the rapid integration of AI-generated code, presents a fundamental challenge to traditional software development governance. The increasing complexity and interdependencies mean that errors can have far-reaching consequences, impacting system stability and team productivity. As Friedman succinctly puts it, "Speed without independent verification isn’t velocity; it’s technical debt in disguise." This sentiment underscores the crucial need for robust governance mechanisms that ensure quality and reliability alongside rapid development.
The current inflection point signifies a shift from stateless AI tools to stateful systems that possess persistent organizational memory. This evolution allows for the capitalization on AI’s capabilities without sacrificing control or quality. Friedman suggests that as the volume of AI-generated code continues to outpace human review capabilities, governance systems that can learn, remember, and enforce organizational standards will become a near-term necessity rather than a distant aspiration.
"Cross-repo review and centralized agent management matter, but without memory, they’re still stateless. You can’t be good at code review without a very strong context engine underneath it, and memory is that engine," Friedman surmised. This emphasizes the importance of building systems that can retain and leverage historical context to inform current decision-making, a capability crucial for managing complex, interconnected codebases.
Ultimately, the core message from Qodo is that developers should recognize the inherent limitations of relying on the same AI models that generate code to objectively evaluate their own work. Large Language Models (LLMs) are known to confidently assert code functionality even when it is flawed. The challenge ahead lies in embedding governance directly into the development system itself. This involves creating machine-readable standards, establishing effective verification loops, and ensuring cross-system visibility. Such an approach would allow human oversight to focus on strategic guidance and quality assurance rather than the painstaking inspection of every line of code, thereby transforming the development process into a more efficient, reliable, and sustainable endeavor.
