DEV Community

Cover image for I built an AI code review bot because I was mass-approving PRs at work.
Pankaj Kumar
Pankaj Kumar

Posted on • Edited on

I built an AI code review bot because I was mass-approving PRs at work.

#webdev #programming #ai #devtool

I'll be honest — I was that reviewer. The one who opens a PR, skims the diff, leaves a "looks good 👍", and hits approve. Forty files? LGTM. Friday afternoon? Definitely LGTM.

It worked right up until it didn't.

The bug that convinced me to build this

A teammate's PR shipped a hardcoded database password in a config file. It sailed through my review and two others. We caught it days later — after it was already in our git history, which meant rotating the credential and rewriting history. A ten-second mistake turned into an afternoon-long incident.

That's when it clicked: humans are bad at the boring, mechanical parts of review — secrets, injection patterns, null checks, the off-by-one in the diff hunk you scrolled past. We're great at architecture and intent. We're terrible at vigilance at 5pm.

So I built MicroReview — a bot that does the mechanical review on every PR so humans can focus on the parts that actually need a brain.

What it actually does

On every pull request it:

  • Scores the PR 0–100 for risk — you set thresholds to auto-approve low-risk PRs and block high-risk ones
  • Detects hardcoded secrets across 13 patterns (AWS keys, DB URLs, tokens, private keys…)
  • Flags real bugs with AI — not style nits; logic errors, null risks, injection, unhandled rejections
  • Posts inline comments on the exact line, plus a plain-English PR walkthrough
  • Blocks the merge via the GitHub Checks API when something critical slips through

It works on GitHub and GitLab, and setup is one click — no YAML required.

![MicroReview flagging a hardcoded password]

![Inline AI bug detection with a suggested fix]

How it's different from CodeRabbit

Two things I cared about:

1. Per-repo pricing, not per-seat. Most tools charge per developer — so the more your team grows, the more you pay for the same repos. MicroReview is $19/repo/month, flat, for your whole team. 10 devs on 3 repos: ~$57/mo here vs $720/mo per-seat. (And it's free for 2 repos, forever — not a 14-day trial.)

2. A risk score, not just comments. Comments get ignored. A 0–100 number that can block the merge button doesn't.

What I learned building it

  • AI is non-deterministic, and that's a UX problem. Two runs on the same diff find different bugs. I had to build dedup + "resolved" tracking so it doesn't spam or cry wolf.
  • Cost control matters from day one. Batching diffs into fewer model calls + caching unchanged files cut the AI bill dramatically.
  • The hard part isn't the AI — it's the plumbing. Webhooks, idempotency, two platform APIs behind one interface, encrypting tokens at rest. The model is maybe 20% of the work.

Try it

If you want it to review your next PR: microreview.dev — free for your first 2 repos, no credit card.

Be honest with me: how many PRs have you "LGTM'd" without really reading? And how does your team fight review fatigue? 👇

Top comments (0)