Developers are about to write a lot more code.

Which means all developers need to get a lot better at code review.

With tools like Claude, Copilot, and Cursor, we can generate massive amounts of code in very short periods of time. That’s both powerful and dangerous. More code means more opportunities for bugs, security holes, and tech debt.

So how do you get in front of this wave? Through the age old truth: the quality of the output is directly tied to the quality of the input.

You can’t just prompt vaguely and hope for the best. You need to give your tools structure in the form of templates, guiding principles, and constraints. Think about how you’d onboard a junior developer.

Providing boilerplates and reference patterns
Being explicit about naming conventions
Making project structure and default files non-negotiable

Or, in my case, defining loose rules of thumb, like: I never want to hunt more than three files deep to find the actual thing that returns the thing.

In open source this is particularly important. You’re not just guiding YOUR machine. You’re setting shared expectations for every future contributor’s machine.

I’m increasingly convinced we’ll all start shipping instruction files alongside code. A .claude folder that explains how this repository works, not just what it does.

Once you have that, you unlock much better workflows. Refactoring happens within your ruleset. You can ask AI to spin up new a extension or Add On with consistency.

As for code review itself, a few things stand out from our experience.

Use AI as a first pass, not the final authority. Let it scan every line. Let it flag potential issues. But humans still decide.

Be intentional about extensibility. AI loves adding hooks and filters everywhere. We don’t. If you can’t articulate the real need for a hook, remove it. Hooks are easy to add and extremely hard to remove once people depend on them.

Security. AI does a surprisingly good job here… if your codebase already follows modern practices. Garbage in, garbage out still applies.

Accessibility. Weaker in my experience, but it improves dramatically when you give explicit instructions. Button vs. link. Clear aria labels. Explicit action text. Rules matter.

Prefixing. AI won’t magically internalize the scars you earned over years of conflicts. We learned the hard way that passing an unprefixed level parameter caused a conflict with another plugin. Now we prefix everything: pmpro_level. That lesson has to live in the instruction set or the tool will never know.

The most important part, though, is the feedback loop.

When you correct a PR, don’t just fix the code. Ask the tool: “What should you do differently next time based on this change?” Then update the instructions.

Train the system on the code you approved, not the code it happened to generate.

The future isn’t “AI writes code for us.”

It’s “we become much better reviewers, architects, and teachers.”

Author: Kim Coleman

I'm Kim Coleman, Co-founder of Stranger Studios, where I’m deeply involved in every part of the business—from product development and team management to marketing, support, and strategy. I oversee frontend development for our flagship product, Paid Memberships Pro, including the core open-source plugin and more than 75 Add Ons, with a focus on quality, usability, and member experience.

I help shape and grow the products and services we offer, from new plugin development and hosting solutions to personalized support and strategic guidance. Stranger Studios is expanding beyond software—we're investing in community growth, thought leadership, and open content to support membership-focused businesses at every stage.

Today, our team supports creators and businesses across a range of industries, including associations and nonprofits, course and coaching platforms, online communities, blogs and publications, video and podcast producers, directories, and paid newsletters.