I built an AI code review bot because I was mass-approving PRs at work.

Pankaj Kumar — Thu, 28 May 2026 08:30:40 +0000

I'll be honest — I was that reviewer. The one who opens a PR, skims the diff, leaves a "looks good 👍", and hits approve. Forty files? LGTM. Friday afternoon? Definitely LGTM.

It worked right up until it didn't.

The bug that convinced me to build this

A teammate's PR shipped a hardcoded database password in a config file. It sailed through my review and two others. We caught it days later — after it was already in our git history, which meant rotating the credential and rewriting history. A ten-second mistake turned into an afternoon-long incident.

That's when it clicked: humans are bad at the boring, mechanical parts of review — secrets, injection patterns, null checks, the off-by-one in the diff hunk you scrolled past. We're great at architecture and intent. We're terrible at vigilance at 5pm.

So I built MicroReview — a bot that does the mechanical review on every PR so humans can focus on the parts that actually need a brain.

What it actually does

On every pull request it:

Scores the PR 0–100 for risk — you set thresholds to auto-approve low-risk PRs and block high-risk ones
Detects hardcoded secrets across 13 patterns (AWS keys, DB URLs, tokens, private keys…)
Flags real bugs with AI — not style nits; logic errors, null risks, injection, unhandled rejections
Posts inline comments on the exact line, plus a plain-English PR walkthrough
Blocks the merge via the GitHub Checks API when something critical slips through

It works on GitHub and GitLab, and setup is one click — no YAML required.

![MicroReview flagging a hardcoded password]

![Inline AI bug detection with a suggested fix]

How it's different from CodeRabbit

Two things I cared about:

1. Per-repo pricing, not per-seat. Most tools charge per developer — so the more your team grows, the more you pay for the same repos. MicroReview is $19/repo/month, flat, for your whole team. 10 devs on 3 repos: ~$57/mo here vs $720/mo per-seat. (And it's free for 2 repos, forever — not a 14-day trial.)

2. A risk score, not just comments. Comments get ignored. A 0–100 number that can block the merge button doesn't.

What I learned building it

AI is non-deterministic, and that's a UX problem. Two runs on the same diff find different bugs. I had to build dedup + "resolved" tracking so it doesn't spam or cry wolf.
Cost control matters from day one. Batching diffs into fewer model calls + caching unchanged files cut the AI bill dramatically.
The hard part isn't the AI — it's the plumbing. Webhooks, idempotency, two platform APIs behind one interface, encrypting tokens at rest. The model is maybe 20% of the work.

Try it

If you want it to review your next PR: microreview.dev — free for your first 2 repos, no credit card.

Be honest with me: how many PRs have you "LGTM'd" without really reading? And how does your team fight review fatigue? 👇

I was spending 2 hours a day reviewing PRs. Then I found this tool.

Pankaj Kumar — Sun, 22 Mar 2026 14:35:53 +0000

Let me be honest.

I used to spend a significant chunk of my day reviewing pull requests.

Not the interesting parts — not the architecture decisions or the tricky business
logic. The repetitive parts. The same comments, over and over, on every PR:

"You forgot @Valid on this @RequestBody"

"Don't inject the repository directly into the controller, use a service"

"This catch (Exception e) has no logging — how are we supposed to debug
this in production?"

"This service method writes to the database but has no @Transactional"

Every. Single. PR.

I knew these rules by heart. My team knew these rules by heart. And yet, every
week, the same issues kept slipping in. Because humans get tired. Humans miss
things. And nobody wants to be that reviewer who leaves 15 comments on a
junior developer's first PR.

I started looking for a solution

I tried a few generic linting tools. They caught style issues and basic syntax
problems, but nothing Spring Boot specific. Nothing that understood the patterns
we actually cared about as a microservices team.

I wanted something that would:

Understand Java Spring Boot patterns specifically
Review only what changed in the PR, not the entire codebase
Not just flag issues, but explain why they matter
Do it automatically on every PR, without me having to think about it

I couldn't find exactly what I was looking for. So I built it.

Introducing MicroReview

MicroReview is a GitHub App that automatically reviews every pull request
on your Java Spring Boot microservice repos.

Install it once. Open a PR. Get a review instantly.

No configuration required. No CI pipeline changes. No new tools to learn.

What it actually catches

After installing MicroReview, here is what started showing up automatically
on my team's PRs — the exact issues I used to catch manually:

What it catches	Severity
`@RequestBody` missing `@Valid` — invalid data reaches your service unchecked	🔴 Critical
Controller directly using `@Repository` — skipping the service layer entirely	🔴 Critical
`@ExceptionHandler` missing `@ResponseStatus` — returning 200 OK on errors	🔴 Critical
Feign client missing fallback/circuit breaker — no resilience on downstream calls	🟡 Warning
Hardcoded HTTP/HTTPS URLs — should be config-driven	🟡 Warning
Bare `catch(Exception)` with `printStackTrace` — swallowing errors silently	🟡 Warning
DTO missing field-level validation — `@NotNull`, `@NotBlank` etc.	🟡 Warning
Service write method missing `@Transactional` — risk of partial updates	🟡 Warning
No logger declared in the class — can't log anything properly	🟡 Warning
`ResponseEntity.ok()` wrapping a service call with no null check	🟡 Warning

Critical issues block PR approval. Warning issues are posted as advisory
comments — visible but not blocking.

But here is the part I really love

Most linting tools just say what is wrong. MicroReview tells you why it
matters.

Every inline comment is AI-enriched and looks like this:

🔴 CRITICAL

Problem (CRITICAL): Request body parameter is annotated with @RequestBody
but not @valid. Bean Validation will not run on this input.

Why it matters (AI):
Without @valid, Spring skips all Bean Validation constraints on the DTO,
allowing malformed or malicious data to reach your service layer unchecked.
This increases the risk of runtime errors and inconsistent data being persisted.

Suggested fix (AI):
Add @valid alongside @RequestBody on the method parameter and ensure the DTO
fields have constraint annotations such as @NotNull or @notblank.

And if the AI is confident enough, it adds a one-click Apply suggestion
button right in the GitHub review UI — so the developer can fix it with a
single click.

The PR summary

At the end of every review, MicroReview posts a summary comment showing
the full picture at a glance:

🔍 MicroReview Summary — PR #14
Rule New Existing Severity Status
Rule New Existing Severity Status
REQUEST_BODY_MISSING_VALID 1 0 🔴 critical 🆕 New
CONTROLLER_REPOSITORY_COUPLING 1 0 🔴 critical 🆕 New
EXCEPTION_LOGGING_BEST_PRACTICES 1 0 🟡 warning 🆕 New
SERVICE_WRITE_MISSING_TRANSACTIONAL 1 0 🟡 warning 🆕 New
MISSING_LOGGER_DECLARATION 0 0 🟡 warning ✅ OK
Total new issues: 4 | 🤖 AI enrichment applied to 4 finding(s).

🤖 AI Review Notes (advisory)
Request body validation is missing on at least one endpoint, allowing
invalid data to reach the service layer unchecked.

Service write methods have no transactional boundary, risking partial
updates if an error occurs mid-operation.

A bare catch block is swallowing exceptions silently — add proper
logging before this goes to production.

What changed for me

Before MicroReview, I was the one catching these issues. Every time.

After MicroReview, these issues get caught automatically — with an explanation
that teaches the developer why it matters, not just what to fix.

My code reviews became shorter. My feedback became more focused on what
actually needs a human eye — architecture, business logic, edge cases.

And my team started writing better code, because the bot was teaching them
the right patterns on every PR, consistently, without judgment.

Try it yourself

MicroReview is a GitHub App. Installation takes about 30 seconds:

Click install
Select your repo
Open a PR

That's it.

🔗 Install MicroReview: https://github.com/apps/microservices-code-review-dev
🌐 Learn more: https://microreview.dev/#

It's free during beta. No credit card. No signup form.

If you try it and have feedback, drop a comment below. I read every one.

And if you have been spending your afternoons leaving the same review comments
over and over — I hope this saves you some time.

DEV Community: Pankaj Kumar