DEV Community

Shaan Ali Khan
Shaan Ali Khan

Posted on

I built an AI that reviews every PR automatically (because nobody was reviewing mine)

#vibecoding #programming #webdev #ai

I've been vibe coding for months.

Cursor writes the code. Claude fixes the bugs. I ship.

Fast. Really fast.

But nobody was reviewing my code.

Not me. Not a teammate. Nobody.

I'd read the diff quickly, it looked fine, I merged it.

Then a user found the bug I missed.

They didn't email me. They just left.

The real problem with vibe coding

AI helps you write code faster than ever.

It does not stop you from shipping broken code.

You prompt Claude. It writes 200 lines.
You read it once. Looks fine. You merge it.

But did you check what happens when
the user object is null?

Did you check what happens when the API times out?

You didn't. Nobody does.

The bugs that kill your SaaS

They're not exotic. They're embarrassing.

// null not handled
const user = getUser(id)
console.log(user.email) // crashes in prod

// missing await
const data = fetchUserData(id)
return data.profile // returns Promise not data

// hardcoded secret
const stripe = new Stripe("sk_live_4eC39...")
// committed to GitHub. game over.
Enter fullscreen mode Exit fullscreen mode

Basic stuff. The kind of thing a junior dev
catches in 30 seconds.

But you have no junior dev.

What I built

PushSafe connects to your GitHub repos and
automatically reviews every PR you open.

Posts inline comments on the diff.
Like a teammate who never sleeps.

Stack: Next.js · Supabase · GitHub Webhooks ·
OpenRouter · Vercel

What it catches

  • Null/undefined crashes
  • Missing await
  • SQL injection
  • Hardcoded secrets
  • Logic errors
  • Unhandled promises

What it ignores

  • Formatting
  • Semicolons
  • Indentation
  • All the noise

Your linter handles style.
PushSafe handles the stuff that wakes you up at 3am.

Try it

pushsafe — free, no credit card, 2 min setup.

Follow along on X kshaaneali

Top comments (1)

Collapse
 
harjjotsinghh profile image
Harjot Singh

Building an AI PR reviewer because nobody was reviewing yours is the most relatable origin story, solo devs and small teams have no review safety net, and that's exactly where AI review earns its keep. The thing that separates a useful reviewer from a noisy one: it has to catch real issues (logic, security, broken contracts) not just style nits, or people quickly learn to ignore it. The hard part is precision, false positives train you to dismiss it, and then it's worse than nothing. I think about this constantly in Moonshift's verify layer, a check is only valuable if its signal is trusted. How are you keeping the false-positive rate down, scoped rules or a confidence threshold on flags?