Let me be honest.
I used to spend a significant chunk of my day reviewing pull requests.
Not the interesting parts — not the architecture decisions or the tricky business
logic. The repetitive parts. The same comments, over and over, on every PR:
"You forgot
@Validon this@RequestBody""Don't inject the repository directly into the controller, use a service"
"This
catch (Exception e)has no logging — how are we supposed to debug
this in production?""This service method writes to the database but has no
@Transactional"
Every. Single. PR.
I knew these rules by heart. My team knew these rules by heart. And yet, every
week, the same issues kept slipping in. Because humans get tired. Humans miss
things. And nobody wants to be that reviewer who leaves 15 comments on a
junior developer's first PR.
I started looking for a solution
I tried a few generic linting tools. They caught style issues and basic syntax
problems, but nothing Spring Boot specific. Nothing that understood the patterns
we actually cared about as a microservices team.
I wanted something that would:
- Understand Java Spring Boot patterns specifically
- Review only what changed in the PR, not the entire codebase
- Not just flag issues, but explain why they matter
- Do it automatically on every PR, without me having to think about it
I couldn't find exactly what I was looking for. So I built it.
Introducing MicroReview
MicroReview is a GitHub App that automatically reviews every pull request
on your Java Spring Boot microservice repos.
Install it once. Open a PR. Get a review instantly.
No configuration required. No CI pipeline changes. No new tools to learn.
What it actually catches
After installing MicroReview, here is what started showing up automatically
on my team's PRs — the exact issues I used to catch manually:
| What it catches | Severity |
|---|---|
@RequestBody missing @Valid — invalid data reaches your service unchecked |
🔴 Critical |
Controller directly using @Repository — skipping the service layer entirely |
🔴 Critical |
@ExceptionHandler missing @ResponseStatus — returning 200 OK on errors |
🔴 Critical |
| Feign client missing fallback/circuit breaker — no resilience on downstream calls | 🟡 Warning |
| Hardcoded HTTP/HTTPS URLs — should be config-driven | 🟡 Warning |
Bare catch(Exception) with printStackTrace — swallowing errors silently |
🟡 Warning |
DTO missing field-level validation — @NotNull, @NotBlank etc. |
🟡 Warning |
Service write method missing @Transactional — risk of partial updates |
🟡 Warning |
| No logger declared in the class — can't log anything properly | 🟡 Warning |
ResponseEntity.ok() wrapping a service call with no null check |
🟡 Warning |
Critical issues block PR approval. Warning issues are posted as advisory
comments — visible but not blocking.
But here is the part I really love
Most linting tools just say what is wrong. MicroReview tells you why it
matters.
Every inline comment is AI-enriched and looks like this:
🔴 CRITICAL
Problem (CRITICAL): Request body parameter is annotated with @RequestBody
but not @valid. Bean Validation will not run on this input.
Why it matters (AI):
Without @valid, Spring skips all Bean Validation constraints on the DTO,
allowing malformed or malicious data to reach your service layer unchecked.
This increases the risk of runtime errors and inconsistent data being persisted.
Suggested fix (AI):
Add @valid alongside @RequestBody on the method parameter and ensure the DTO
fields have constraint annotations such as @NotNull or @notblank.
And if the AI is confident enough, it adds a one-click Apply suggestion
button right in the GitHub review UI — so the developer can fix it with a
single click.
The PR summary
At the end of every review, MicroReview posts a summary comment showing
the full picture at a glance:
🔍 MicroReview Summary — PR #14
Rule New Existing Severity Status
Rule New Existing Severity Status
REQUEST_BODY_MISSING_VALID 1 0 🔴 critical 🆕 New
CONTROLLER_REPOSITORY_COUPLING 1 0 🔴 critical 🆕 New
EXCEPTION_LOGGING_BEST_PRACTICES 1 0 🟡 warning 🆕 New
SERVICE_WRITE_MISSING_TRANSACTIONAL 1 0 🟡 warning 🆕 New
MISSING_LOGGER_DECLARATION 0 0 🟡 warning ✅ OK
Total new issues: 4 | 🤖 AI enrichment applied to 4 finding(s).
🤖 AI Review Notes (advisory)
Request body validation is missing on at least one endpoint, allowing
invalid data to reach the service layer unchecked.
Service write methods have no transactional boundary, risking partial
updates if an error occurs mid-operation.
A bare catch block is swallowing exceptions silently — add proper
logging before this goes to production.
What changed for me
Before MicroReview, I was the one catching these issues. Every time.
After MicroReview, these issues get caught automatically — with an explanation
that teaches the developer why it matters, not just what to fix.
My code reviews became shorter. My feedback became more focused on what
actually needs a human eye — architecture, business logic, edge cases.
And my team started writing better code, because the bot was teaching them
the right patterns on every PR, consistently, without judgment.
Try it yourself
MicroReview is a GitHub App. Installation takes about 30 seconds:
- Click install
- Select your repo
- Open a PR
That's it.
- 🔗 Install MicroReview: https://github.com/apps/microservices-code-review-dev
- 🌐 Learn more: https://kumarpankaj2315.github.io/micro-review/#
It's free during beta. No credit card. No signup form.
If you try it and have feedback, drop a comment below. I read every one.
And if you have been spending your afternoons leaving the same review comments
over and over — I hope this saves you some time.
Top comments (0)