Index

Case Study · 2026

Leo — PR Review Agent

Year2026RoleDesign & BuildSource

An agentic pull-request reviewer that reviews style, architecture and security in a single pass, cites its sources, teaches instead of gating the merge — and opens a PR against its own knowledge base when you tell it it's wrong. Built on LangGraph, LangChain and LangSmith.

Background

Leo — named after Leonardo da Vinci, because he sees everything — is a PR review agent designed to plausibly live inside a real engineering team. Give him a diff and he reviews it across several lenses in a single pass: code style, clean architecture, security, and whether the user documentation went stale. Every comment explains why, cites an official source, and ends with a takeaway — the transferable rule the author keeps after this PR. Like a good mentor, he would rather teach you something than gate your merge.

A graph, not a prompt

Leo is built as a LangGraph state machine rather than one mega-prompt. The graph gives explicit control flow and shared state across discrete nodes — ingest, redact, the review passes, validation, publish — so each concern is isolated, testable and observable. LangChain supplies the models, tools and retrieval; LangSmith traces every run and backs the evaluation suite. The whole graph also runs offline against a scripted model, so a full test suite exercises every node without an API key or a network call.

Reviewing across dimensions

Style and architecture are reviewed with retrieval-augmented generation against a markdown knowledge base of clean-code and design principles, so Leo’s opinions are grounded in a curated rulebook rather than the model’s whims. Security is reviewed against the OWASP Top 10 — and, for diffs that build on LLMs, the OWASP Top 10 for LLM Applications (prompt injection, excessive agency, improper output handling) — seeded by a Semgrep run so static findings and model reasoning reinforce each other. His comments cite the official docs — TypeScript, Next.js, OWASP — so the author can follow the reference.

Safety and self-restraint

Because Leo reads real diffs, secrets and PII are redacted before any model or trace ever sees the code. And because an over-confident reviewer is worse than none, every draft comment is sent through a validator subagent before it is published — a second opinion that culls the noise. Suggested fixes are written under a vendored skill that favours the laziest change that works, never at the cost of validation or security.

Teaching, and learning from being wrong

The part I am proudest of is the feedback loop. Every comment is framed to teach rather than police, ending in a takeaway the author keeps. And when Leo gets it wrong, you tell him so — reply “you’re wrong” to a comment and he opens a pull request against his own knowledge base recording the lesson. The reviewer improves the same way the people he reviews do: by being corrected, and writing the rule down.