The review moved to the device

Code review was never really about the code. It was about catching the gap between what you meant and what got built, and when a human wrote every line, reading the diff was a decent proxy for that.
Then agents started writing the code, and two things broke at once. The obvious one is volume: an agent can produce more in a day than you can honestly read. The subtler one is that the diff used to arrive pre-checked, because a human had already collided their intent with reality before anyone reviewed a line, whereas with agent code the review is often the first time a human mind touches it at all.
And there's something stranger underneath, which is that the developer's output has changed. You write intent, the agent turns it into code, and the app is what ships. Code has quietly become an intermediate artefact that we're still reviewing as if it were the source, when the things worth checking are the two ends: was the intent right, and does the app do what the intent said? Nobody reviewed the assembly when compilers arrived, they just checked the program did what they meant.
It matters because the failures that matter don't live in the changed lines anyway. They live in how those lines gel with everything else at runtime, the device, the OS, the feature flags, the state the app happens to be in, and no amount of reading surfaces that.
Salvatore Sanfilippo (antirez) made this argument in Control the ideas, not the code. He still checks every line of AI-generated code going into Redis, out of respect for users more than anything, but believes the checking is mostly pointless. His conclusion is to own the design, own the direction, and pour the recovered time into rigorous testing and QA.
We've arrived at the same place from the opposite direction.
None of this means teams weren't testing before, because they obviously were. What's changed is where an hour of human attention pays off, and "pour the time into QA" has a catch: scripted tests break on renamed selectors and assert on paths that stopped being deterministic years ago.
The tempting fix is to have an agent regenerate the tests whenever they break, but that just recreates the same problem one layer down, where you're now reviewing generated test code to validate generated app code. And a regenerated script only proves the script matches the new UI, which says nothing about whether the behaviour is what you meant.
Verification is about to become the load-bearing wall of software development. If nobody reads the code, the app becomes the thing you review, on real devices, on every build, across the flows real users actually hit. And when agents find a problem, they should hand the full context straight to your coding agent: video replay, network traces, logs, the exact state the app was in.
The review isn't dead, but it's moved off the diff and onto the device.