← All posts
Product2026-03-19 · 5 min read
AI review should be advisory by default
Why every Quorum review is posted with event:COMMENT — never request_changes — and how the advisory framing changes how teams actually use the panel.
By Quorum team
Why every Quorum review is posted with event:COMMENT — never request_changes — and how the advisory framing changes how teams actually use the panel.
Quorum reviews never request changes. They are posted with event:COMMENT, the system prompt explicitly forbids the model from asking for changes, and the verdict at the top of the summary is a label — never a status check. This is a deliberate product decision, and it is the one we get the most pushback on.
A blocking AI reviewer puts the model in the merge path. That is a place where false positives are very expensive: every wrong "request changes" makes a human do work, and the human has no good way to disagree except to override the bot. After two or three of those, the team learns to ignore it. After ten, they disable it.
Advisory framing inverts the dynamic. A useful comment is read; a useless one is dismissed; nothing about the merge changes. The bot earns trust by being right often enough to be worth reading, not by being load-bearing.
It does not mean low-effort, low-confidence, or "it is just a suggestion so we do not have to be careful." The opposite, actually — because the bot cannot block merge, it has to earn its place by being signal-dense. The min_confidence floor, the dedup, and the inline-comment cap all exist because advisory framing forces us to be ruthless about what reaches the PR.
Some teams do want enforcement. Pro and higher plans expose policy controls that can fail a status check on critical-severity security findings, scoped per repo. That is opt-in, scoped narrowly, and disabled by default. The default — for everyone — is still a comment.