How is MicroReview different from CodeRabbit?

MicroReview adds a 0-100 risk score per PR, merge blocking on critical findings, a dedicated GitHub Checks API integration with inline annotations, and hardcoded secret detection across 13 patterns. It also starts free and scales to $19/mo per repo vs CodeRabbit's higher per-seat pricing.

Does MicroReview work with private repositories?

Yes. MicroReview works with both public and private repositories on GitHub and GitLab. The GitHub App requests only the minimum permissions needed: read access to code for PR diffs and write access to post review comments and check runs.

What programming languages does MicroReview support?

AI bug detection and secret scanning work on any language. Deep static analysis rules including naming conventions, Spring Boot patterns, and validation checks are available for Java, TypeScript, and Python today with more language-specific rule sets coming soon.

Is my source code sent to AI?

Only the changed lines (diff hunks) from your pull request are sent to the AI, not your entire codebase. Code is sent over HTTPS, is not used to train models, and is retained by the AI provider for at most 30 days for abuse monitoring before deletion.

How much does MicroReview cost?

MicroReview starts free with 2 repos and 50 reviews per month. The Pro plan is $19/mo per repo with unlimited reviews and AI bug detection. The Team plan is $15/mo per repo for 5+ repos with analytics, SSO, and config inheritance.

5 Bugs AI Code Review Catches That Humans Miss

Human code review is essential, but it has blind spots. Reviewers are biased toward logic and architecture — they rarely scan every line for credential leaks, hardcoded URLs, or subtle null-pointer risks. Here are 5 categories of bugs that AI code review catches consistently while human reviewers miss them.

1. Hardcoded Secrets and API Keys

This is the most dangerous one. A developer accidentally commits an AWS secret key, a Stripe API key, or a database password. Human reviewers skim the diff looking at logic — they don't pattern-match every string for credential formats.

MicroReview scans every diff hunk against 13 secret patterns: AWS access keys, GitHub tokens, Stripe keys, JWTs, RSA private keys, generic API keys, database connection strings, and more. If any match, the finding is flagged as Critical and the merge is blocked.

// This slips past human reviewers 90% of the time
const stripe = new Stripe("sk_live_4eC39HqLyjWDarjtT1zdp7dc");

2. Hardcoded URLs and Environment-Specific Values

Production URLs, localhost references, and IP addresses hardcoded in source files create deployment issues that don't surface until staging or production. A reviewer focused on business logic won't notice a http://localhost:3000 buried in a config file.

MicroReview's static analysis flags any raw URL or IP address in source code and suggests using environment variables or configuration files instead.

3. Missing Null/Error Handling

When a function can return null or undefined, it's easy to forget to handle that case — especially in a large diff with many changes. AI analysis identifies patterns where a potentially-null return value is used without a guard clause.

// AI catches: user could be null
const user = await db.findUser(id);
const email = user.email; // 💥 TypeError if user is null

4. SQL Injection and Security Vulnerabilities

OWASP Top 10 vulnerabilities like SQL injection, XSS, and path traversal are well-documented but still appear regularly in PRs. Human reviewers catch obvious cases but miss subtle ones — especially when the SQL query is built across multiple lines or files.

MicroReview's SAST rules detect string interpolation in SQL queries, unsanitized user input in HTML templates, and directory traversal patterns — all from the diff alone, without needing access to your full codebase.

5. Inconsistent Naming and Code Style Issues

These aren't bugs, but they compound into maintenance debt. A class named in snake_casein a Java codebase, or a boolean variable that doesn't start with is/has/should. Human reviewers often let these slide to avoid slowing down the PR — AI reviewers don't have that social pressure.

MicroReview applies language-specific naming convention rules for Java, TypeScript, and Python — flagging deviations without blocking the merge, just surfacing them as low-severity suggestions.

Human + AI = Better Reviews

The goal isn't to replace human reviewers — it's to free them from grunt work. When AI handles secret scanning, null-safety checks, and style enforcement, human reviewers can focus on what they're actually good at: architecture decisions, business logic correctness, and mentoring junior developers.

Teams using MicroReview report that their human review time drops by 30-40% because they stop debating style issues and start focusing on design.