I Built an AI Code Reviewer That Asks "What Breaks in Production?"

Ertan EKER — Fri, 12 Jun 2026 11:50:46 +0000

The Problem

Code review tools are great at catching style issues. Linters catch bugs. But nobody answers the most critical question: "If I deploy this PR right now, what breaks in production?"

I've been burned by:

A DB column added without a migration → 2 hours downtime
An API response field renamed → frontend crashed silently
Express v4 → v5 bump → middleware broke in production

So I built PR Guardian.

What It Does

PR Guardian is a GitHub Action. When you open a PR, it:

Parses the diff (language detection, file filtering)
Analyzes it with AI (DeepSeek, specialized prompts)
Posts findings as a PR comment with a 1-10 risk score

What Makes It Different

Every other tool checks code quality. PR Guardian checks production risk:

Tool	Focus
SonarQube	Code quality rules
CodeRabbit	Style + basic bugs
Sourcery	Python refactoring
PR Guardian	Production safety

Real Examples

Last week it caught these in a test PR:

SQL injection via string concatenation → CRITICAL
Session token in localStorage → CRITICAL (XSS risk)
Express v5 major version bump → WARNING

Tech Stack

TypeScript + GitHub Actions SDK
DeepSeek AI (10x cheaper than GPT-4/Claude)
Compiled to single JS bundle with ncc
25 languages, 9 with deep analysis rules

Try It

Add .github/workflows/pr-guardian.yml to your repo
Set DEEPSEEK_API_KEY secret
That's it


yaml
- uses: ertaneker/pr-guardian@main
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    deepseek_api_key: ${{ secrets.DEEPSEEK_API_KEY }}

GitHub Repo (https://github.com/ertaneker/pr-guardian) | Docs (https://github.com/ertaneker/pr-guardian/blob/main/docs/USAGE.md)

MIT licensed. Free for open source. Would love your feedback!