Replace code reviews
with verified intent
AI writes code faster than humans can review it. Aviator Verify captures your intent before the PR, then verifies every acceptance criterion against the running code — with evidence, every time.
PR #218 · acme/api
Add rate limiting to public API
Cap per-user request rate on public endpoints and surface a clear 429 so callers can back off.
SQL uses parameterized queries
No new dependencies
Returns 429 when exceeded
Jordan Kim
Human review doesn't scale with AI-generated code
AI can generate in minutes what takes hours to review. The result? Reviewer fatigue, rubber-stamped PRs, and compliance theater.
Traditional review asks: "Does this code look okay?"
That's the wrong question when AI writes code. The right one is: "Does this match our intent and expected behavior?"
| Criterion | Method |
|---|---|
Requires authentication Check middleware chain | Code Analysis |
No new dependencies Diff package files | Code Analysis |
Returns 429 when exceeded Call endpoint, check response | Execution Test |
P99 latency under 200ms Run benchmark in sandbox | Execution Test |
Complex/custom criteria LLM with confidence threshold | AI Fallback |
Deterministic verification for AI generated code
Other tools use AI to review code — but AI judgment is inconsistent. Verify is different. We parse your code, analyze the AST, and verify criteria through deterministic checks. AI is only used as a fallback for complex cases.
From captured intent to verified review
Work locally with your agent
Implement a task through Claude, Cursor, or Copilot — the same way you already do. No new tooling, no behavior change. Iterate until you're aligned on the details.
Looking at your middleware chain. I'll add a per-user counter and a 429 on overflow — tests go next to middleware_test.go.
Got it. Wiring the rate-limit events into the existing logger now.
Submit intent with the Aviator MCP
When you're ready, the agent captures your intent, generates the acceptance criteria from what you've built, and submits both to Aviator through the MCP — one tool call from inside your agent.
Aviator verifies end-to-end
Aviator generates scenarios, applies your team's invariants, and runs them against the change. Evidence streams in as it goes.
log rate-limit events
no new dependencies
429 on burst
Review the behavior, not the diff
Reviewers see every criterion with its verdict, evidence, and comments. Run an ad-hoc scenario, waive with reason, or approve.
Add rate limiting to public API
Three layers, picked per criterion
Each criterion is routed to the method best suited for it. Every layer leaves evidence.
Scenarios
The agent exercises the change end-to-end and captures evidence — screenshots, tool calls, request/response.
Returns 429 when exceeded
Fired 101 requests · captured the 429
Invariants
Your team's past review comments, encoded as reusable checks. The patterns reviewers already flag never come back.
SQL uses parameterized queries
Matched team rule #14
Code-scan
AST and structural checks where the answer is in the code — endpoint exists, return types match, no new deps.
No new dependencies
package.json diff clean
LLM fallback. When none of the above can decide, an LLM check runs with a confidence threshold — and the verdict is labeled accordingly.
What you review
Invariants guardrail the code in the background. You're free to focus on the intent, the behavior, and the evidence that ties them together.
What you and the agent agreed to build
The intent you submitted through the MCP becomes the contract reviewers approve against.
Every criterion with verdict and proof
Screenshots from scenarios, matched invariants, and code-scan results — attached to the criterion they verify.
Need more confidence? Get it on the spot
Ask the agent to test another scenario, or check out the preview deployment yourself — then approve when you've seen enough.
Add rate limiting to public API
Cap per-user request rate; surface a clear 429.
Returns 429 when exceeded
SQL uses parameterized queries
Jordan Kim
AI code review is still a review
AI code reviewers are great but they're only sampling the code without knowing intent. They can't verify that the implementation matches what you meant to build.
Audit-ready from day one
Every verification produces an immutable audit record. Spec approval, implementation, verification results—linked and timestamped. Generate SOC 2 evidence packages on demand.
Audit trail
PR #218 / Add rate limiting
Spec created
10:23 AM
alex@acme.co
Reviewed
10:45 AM
jordan@acme.co
Approved
11:02 AM
jordan@acme.co
Implemented
2:30 PM
alex@acme.co
Verified
2:31 PM
Aviator AI
Deployed
2:35 PM
CI/CD
Segregation of Duties
Spec approval, implementation, and verification are separate actors. Stronger separation than code review.
Full Traceability
Every production change links to approved intent, verification results, and business justification.
Export Reports
Generate compliance packages for SOC 2, ISO 27001, or custom frameworks. One click.
Works with your stack
Integrates seamlessly with the tools you already use
Ready to verify the AI code?
Install the MCP. Submit your first intent. No credit card required.
