Code review is one of the highest-value activities in software development — it catches bugs, spreads knowledge, and keeps quality high. It’s also one of the most time-consuming, and easy to do poorly when you’re in a hurry.
At Anote AI, we’ve been thinking about where AI can genuinely improve the review process, not just rubber-stamp PRs. Here’s how we use Anote for code review, and how you can too.
The cost of shallow reviews
Most developers have been on both sides of a poor code review. As an author, you get comments like “looks good to me” on a PR that later introduced a production bug. As a reviewer, you’ve approved code while mentally exhausted, missing something obvious in retrospect.
The problem isn’t that developers don’t care — it’s that thorough code review is cognitively expensive. Tracing through unfamiliar code, holding context for multiple files, checking security implications, considering edge cases — it all requires significant mental energy. When you’re doing three reviews in an afternoon, quality degrades. AI doesn’t get tired.
Review your staged changes before you commit
The best time to catch a bug is before it leaves your machine. Anote’s anote diff --staged reviews what you're about to commit:
git add src/auth/login.ts
anote diff --staged
You’ll get a focused review of those changes — logic errors, missing error handling, security considerations, anything that looks off. It takes five seconds and has saved us from embarrassing commits more than once.
Make it a habit: run anote diff --staged before every git commit. Or better yet, use anote commit, which generates your commit message and reviews the changes in one step.
Review an entire branch before opening a PR
Before you open a pull request, get a full AI review of every commit in your branch:
anote diff -b main
This shows you everything you’ve changed relative to main. Anote reads each modified file, understands the context, and gives you feedback on:
Potential bugs and edge cases
Security vulnerabilities (missing validation, injection risks, insecure defaults)
Performance issues
Code that’s hard to follow or likely to confuse reviewers
Missing error handling
Tests that should exist but don’t
It’s like having a senior engineer pre-review your PR before other humans spend time on it.
Add context for better reviews
Code review quality improves significantly when the reviewer understands why a change was made, not just what changed. You can give Anote that context:
anote diff -b main -c "This adds rate limiting to the login endpoint. The main concern is whether the Redis TTL logic is correct."
Now the review focuses on what matters. You can also ask targeted questions:
anote diff --staged -c "I'm particularly worried about race conditions in the session management code"
Or use the full interactive chat for a deeper conversation:
anote chat
Review the changes I've made in the auth/ directory. Focus on security — are there any ways this could be exploited?
Use the VS Code extension during review
When you’re the reviewer and not the author, the VS Code extension makes it easy to ask questions as you go through unfamiliar code:
Select a confusing block of code
Right-click → Explain Selection
Understand what it does before deciding if it’s correct
Or select something that looks wrong and ask: “Is there a potential null pointer dereference here? What happens if user is undefined when this runs?"
Become a Medium member
You can also add files to the chat context and ask holistic questions:“I’m reviewing a PR that modifies auth.ts and session.ts together. Does the interaction between these two files look correct to you?”
Review for specific concerns
Sometimes you know what you’re worried about. Anote’s review command lets you focus:
Security-focused review
anote review src/api/ --security
Performance-focused review
anote review src/db/ --performance
Review a specific file in depth
anote review src/payments/stripe.ts --security --performance
Security review checks for: injection vulnerabilities, insecure deserialization, missing input validation, improper error handling that leaks information, hardcoded secrets, and more.
Performance review looks for: N+1 queries, unnecessary re-renders, blocking operations in async code, unindexed queries, memory leaks, and similar issues.
Integrate into your team’s workflow
Here’s a simple workflow that adds meaningful AI review with minimal friction:
For authors (before opening a PR):
1. Review your full branch
anote diff -b main
2. Fix anything obvious
3. Generate a commit message
anote commit
4. Generate the PR description
anote pr --copy # copies to clipboard
For reviewers (during PR review):
Get the branch
git fetch && git checkout feature-branch
Ask for a summary of what changed and why
anote ask "Summarize the changes in this branch and what they're trying to accomplish"
Deep-dive on specific areas
anote review src/affected-area/ --security
For post-merge:
Check if tests cover the new code
anote chat "Does the test suite adequately cover the new auth changes in this branch?"
What AI code review is good at (and not)
AI review is excellent at:
Finding common bug patterns — null dereferences, off-by-one errors, missing await, improper error handling
Security checks — input validation, injection risks, insecure defaults, secrets exposure
Explaining unfamiliar code — making it faster to review code outside your area
Consistency — catching deviations from patterns used elsewhere in the codebase
Coverage gaps — noticing when important edge cases aren’t tested
It’s less suited for:
Product decisions — whether a feature should work this way at all
Architectural trade-offs — these require knowing your constraints, history, and roadmap
Use AI review to handle the mechanical, exhausting parts of code review so your human reviewers can focus on the judgment calls that actually require human judgment.
Getting started
If you haven’t installed Anote yet:
npm install -g @anote-ai/anote
export ANTHROPIC_API_KEY=sk-ant-...
Then, the next time you finish a feature:
anote diff -b main
See what it finds. We think you’ll find it useful.
Top comments (0)