DEV Community

shashank ms
shashank ms

Posted on

Best Practices for Using LLMs in Engineering

We are going to build a diff-review agent that reads a git patch, checks each hunk for bugs and style violations, and returns structured feedback. It helps teams catch issues before they hit human review. I have been running a variant of this on my own pull requests for the last month.

What you'll need

Step 1: Configure the Oxlo.ai client

I keep the API key in an environment variable and initialize the client exactly once. The Oxlo.ai endpoint is a drop-in replacement for the OpenAI SDK, so the only difference is the base URL.

from openai import OpenAI

client = OpenAI(base_url="https://api.oxlo.ai/v1", api_key="YOUR_OXLO_API_KEY")

Step 2: Define the review system prompt

The system prompt is the most important part of the agent. It constrains the model to return raw JSON and defines the severity levels so downstream tools can act on the results.

SYSTEM_PROMPT = """You are a senior staff engineer performing code review.
Review the provided git diff hunk for correctness, security, and maintainability.
Return your findings as a JSON array of objects. Each object must have:
- severity: "critical", "warning", or "info"
- line: the approximate line number in the new file
- message: a one-sentence explanation of the issue
- fix: a concrete code suggestion

If the hunk looks correct, return an empty array.
Do not include markdown formatting, only the raw JSON array."""

Step 3: Parse the diff into hunks

A realistic diff can touch multiple files and contain hundreds of lines. I split the patch into per-file hunks so each review call stays focused and the model does not lose context.

def parse_diff(diff_text):
    files = []
    current_file = None
    current_hunk = None

    for line in diff_text.splitlines():
        if line.startswith("diff --git"):
            current_file = {"filename": line.split()[-1], "hunks": []}
            files.append(current_file)
        elif line.startswith("@@"):
            current_hunk = {"header": line, "lines": []}
            current_file["hunks"].append(current_hunk)
        elif current_hunk is not None:
            current_hunk["lines"].append(line)

    return files

Step 4: Review each hunk

With the hunk isolated, I send it to kimi-k2.6 on Oxlo.ai. The model is strong at reasoning through code changes, and Oxlo.ai's flat per-request pricing means a 200-line hunk costs the same as a 20-line hunk.

import json

def review_hunk(filename, hunk):
    user_message = f"File: {filename}\n{hunk['header']}\n" + "\n".join(hunk["lines"])

    response = client.chat.completions.create(
        model="kimi-k2.6",
        messages=[
            {"role": "system", "content": SYSTEM_PROMPT},
            {"role": "user", "content": user_message},
        ],
    )

    content = response.choices[0].message.content
    try:
        return json.loads(content)
    except json.JSONDecodeError:
        return [{"severity": "info", "line": 0, "message": "Could not parse reviewer output", "fix": ""}]

Step 5: Orchestrate the full review

The orchestrator loops over every file and hunk, tags each finding with the filename, and flattens everything into a single list that a CI script or linter can consume.

def review_diff(diff_text):
    files = parse_diff(diff_text)
    all_findings = []

    for f in files:
        for hunk in f["hunks"]:
            findings = review_hunk(f["filename"], hunk)
            for finding in findings:
                finding["file"] = f["filename"]
                all_findings.append(finding)

    return all_findings

Run it

Here is a realistic diff that introduces an SQL injection risk. I pass it through the agent and print the results.

SAMPLE_DIFF = """diff --git a/db.py b/db.py
@@ -45,7 +45,7 @@ def get_user(user_id):
-    query = "SELECT * FROM users WHERE id = %s" % user_id
+    query = f"SELECT * FROM users WHERE id = {user_id}"
     cursor.execute(query)
     return cursor.fetchone()
"""

findings = review_diff(SAMPLE_DIFF)
print(json.dumps(findings, indent=2))

The agent returns structured output that can be piped into any reporting tool.

[
  {
    "file": "db.py",
    "severity": "critical",
    "line": 48,
    "message": "Using f-string interpolation for SQL queries enables SQL injection attacks.",
    "fix": "Use parameterized queries: cursor.execute('SELECT * FROM users WHERE id = ?', (user_id,))"
  }
]

Wrap-up and next steps

This agent works because the system prompt forces a machine-readable schema and the per-request pricing on Oxlo.ai removes the penalty for large diffs. Two concrete next steps: wire the review_diff function into a Git pre-commit hook so it blocks commits with critical findings, or parallelize the hunk reviews with asyncio to cut runtime by an order of magnitude.

Top comments (0)