The merge button was never yours to press
Everyone agreed AI pull requests need a human at the merge. That's how you rebuild the bottleneck you just automated. Review is confidence you buy — and here's how I ship most of my agent's PRs without ever reading the diff, and where I still gate hard.

Here's the take everyone landed on in 2026: AI writes the code, but a human still has to review it. Judgment is irreplaceable. Never let an agent merge itself. Gate the robots at the door.
It sounds responsible. It's mostly cope.
Because "do AI PRs need human review" is the wrong question, and the people asking it are about to rebuild the exact bottleneck they just spent a year automating their way out of. You didn't hand the typing to a loop so you could become a full-time code reviewer. That's not leverage. That's a demotion.
Review is a thing you buy, not a rite you perform
Strip the ceremony off "review" and here's what's left: you're buying confidence that a change works, and insuring against the cost if it doesn't. That's it. Two numbers. How sure am I, and how bad is it if I'm wrong.
A human reading the diff is one way to buy the first number. It happens to be the slowest, most expensive, most easily-distracted way — a tired founder skimming 400 lines at 11pm, nodding at the parts that look plausible. We canonized that as "judgment." It's mostly pattern-matching against fatigue.
Once you see review as confidence-you-purchase, the question changes. Not "should a human approve this." How much confidence does this specific change need, and what's the cheapest way to buy it. Sometimes that's me. Usually it isn't.
Not every PR gets a bouncer
The first mistake is treating all PRs as one risk class. They aren't even close.
A docs fix, a copy tweak, a new endpoint nothing depends on yet — the blast radius is basically zero. If it's wrong, I change it back. Gating that behind my personal attention isn't caution, it's a tax I pay for no reason. Merge it. Who cares.
Then there's the other end: anything touching auth, billing, or a migration that drops a column. One click and you can't un-ring the bell — you've charged the wrong card or deleted the data. That's where I stand at the door personally, every time, no exceptions.
Same repo, same agent, wildly different rope. The blast-radius dial is the whole game, and "review everything" is what you say when you haven't bothered to build the dial. I wrote before that every milestone is a gate. The part I left out: most gates aren't me.

The best reviewer I have isn't human
So if it's not me buying confidence on the middle-tier PRs, who is?
A loop. Specifically, a QA agent that opens the actual product in a real browser and uses it. Not "the tests pass" — anyone can write a green test over broken behavior; agents are especially good at it, because "make the test pass" is exactly the visible signal they optimize for. I mean an agent that loads the preview deploy, clicks through the thing the PR changed like an impatient user, and refuses to sign off until it's actually green on screen.
This is what screencli.sh does — spins up a browser on every PR, drives the change, posts a verdict before a human is even in the loop. My own QA loop does the same on the bigger features: build, drive, find the hole, kick it back, drive again, and it does not tap out until the milestone genuinely holds up. Sometimes it grinds for twenty minutes. Sometimes it's still going when I wake up.
Reading a diff tells you the code looks right. Driving the product tells you it is right. Those are not the same purchase, and only one of them survives contact with a real user. So I stack them: typecheck, then the browser drive, then the screenshot verdict. Each loop buys another chunk of confidence, and none of them is me squinting at 11pm.
Now make being wrong cheap
Confidence is half the equation. The other half is what it costs when you're wrong anyway — and this is where solo founders have an edge nobody at a 400-engineer company will ever admit out loud.
My staging environment has exactly one user who pretends: me. Prod has real users doing things I'd never think to try. So for low-blast-radius changes, I stopped shipping to a fake environment to feel safe and started shipping to the real one to actually know. Prod is the most honest test environment I own.
The thing that makes this sane instead of reckless is the rollback. If deploying is a one-click "oops, back to green," then being wrong in prod costs me minutes, not a weekend. Small user base, instant rollback — the math on "just ship it and watch" is completely different from what the enterprise playbook assumes. Gating everything like you're Google, when you have 200 users and an undo button, is cargo-culting someone else's risk profile.
The Watchdog doesn't sleep, so I can
"But something will break in prod." Yeah. Sometimes. And half the time it's transient — a cold start, a flaky upstream, a race that clears itself — the kind of thing you'd have burned an hour gating against that never actually mattered.
So I don't gate to prevent every failure. I monitor to catch the real ones. I've got a Watchdog loop that lives in prod: it reads the changelog and the errors my SDK reports, drives the critical flows in a browser, and when something's genuinely broken it files a ticket — which the error-triage loop picks up and starts fixing. Detection to draft-fix, no human in the middle. I'm not the smoke detector anymore. I just get told when there's a fire, and usually there already isn't.
That closes the loop the "gate everything" crowd never gets to: shipping faster means you find real breakage faster, and a monitored error live in prod for ten minutes beats a "safe" one caught by nobody because you were too slow to ship it into the light.
So where did the human go?
I didn't fire myself from review. I fired myself from most of it.
The gate still exists — it just got small and sharp. It's not "every PR crosses my desk." It's "the three or four things that can't be un-shipped cross my desk, and everything else earns its own way in through loops that buy confidence cheaper than I can." Automate the reviewer. Keep the veto. Point it only at the stuff that would actually hurt.
The question was never whether AI pull requests need human review. It's how cheap you can make being wrong. Make it cheap enough — real QA loops, real prod, a real undo button, a Watchdog that never blinks — and the merge gate stops being a person.
It opens itself.
1mn builds the autonomous loops that run a one-person software business — product, marketing, and support — on a schedule. We write about what we learn shipping it.