GitHub App · Spring Boot Microservices

MicroReview

AI-powered code reviewer for Java Spring Boot microservices.
Runs on every pull request. No setup. No config files.

Catches critical issues  ·  Explains why they matter  ·  Suggests fixes instantly

Install on GitHub View on GitHub
12 Smart Rules
3 Severity Levels
GPT-4.1 AI Engine
0 Config Needed

Zero config. Works in 3 steps.

Install once. MicroReview hooks into every PR automatically — no YAML, no tokens, no pipeline changes.

01
📦
Install the GitHub App

One click to install MicroReview on your repository. No config files, no YAML pipelines — just connect and go.

02
🔀
Open a Pull Request

Push your Java Spring Boot changes and open a PR as usual. MicroReview activates automatically on every PR event.

03
🤖
Get AI-enriched Review

Inline comments appear with problem diagnosis, AI explanation of why it matters, and a ready-to-paste fix. Clean PRs get auto-approved.

See what a review looks like

Every comment is precise, actionable, and enriched with AI explanation — not just a rule ID.

Pull Request #47 · feature/user-registration
src/main/java/com/example/UserController.java line 34
31 @PostMapping("/register")
32 public ResponseEntity<UserDto> registerUser(
33- @RequestBody UserRegistrationRequest request) {
33+ @Valid @RequestBody UserRegistrationRequest request) {
34 return userService.register(request);
μR
MicroReview Bot
just now
🚨 CRITICAL REQUEST_BODY_MISSING_VALID
@RequestBody is missing the @Valid annotation. Bean Validation constraints on UserRegistrationRequest will be silently ignored.
WHY IT MATTERS (AI)
Without @Valid, Spring will deserialise the request body but skip all JSR-380 constraint checks (@NotNull, @Email, @Size, …). This means invalid payloads — such as an empty email or a password shorter than 8 characters — reach your service layer and database, bypassing your validation contract entirely. In a registration flow this can lead to corrupt user records, downstream NullPointerExceptions, and a false sense of security.
SUGGESTED FIX (AI)
Add @Valid immediately before @RequestBody:
// Before public ResponseEntity<UserDto> registerUser(@RequestBody UserRegistrationRequest req) // After public ResponseEntity<UserDto> registerUser(@Valid @RequestBody UserRegistrationRequest req)
Spring Boot will automatically return a 400 Bad Request with field-level error details when validation fails — no extra code needed.
// pr summary comment

A full summary posted on every PR

After inline comments are posted, MicroReview drops a top-level summary comment so the whole team sees the aggregate picture at a glance.

Pull Request #14 · feature/user-service-refactor — MicroReview comment
Posted automatically
μR
microreview-bot commented just now
2 critical · 4 warnings
🔍 MicroReview Summary — PR #14
Rule New Existing Severity Status
REQUEST_BODY_MISSING_VALID 1 0 🔴 critical 🆕 New
CONTROLLER_REPOSITORY_COUPLING 1 0 🔴 critical 🆕 New
MISSING_RESPONSE_STATUS_ON_EXCEPTION_HANDLER 0 0 🔴 critical ✅ OK
EXCEPTION_LOGGING_BEST_PRACTICES 1 0 🟡 warning 🆕 New
SERVICE_WRITE_MISSING_TRANSACTIONAL 1 0 🟡 warning 🆕 New
MISSING_LOGGER_DECLARATION 1 0 🟡 warning 🆕 New
NULLABLE_RESPONSE_WITHOUT_OPTIONAL 0 0 🟡 warning ✅ OK
SERVICE_WRITE_MISSING_TESTS 1 0 🟡 warning 🆕 New
HARDCODED_URL 0 0 🟡 warning ✅ OK
CONTROLLER_METHOD_NAMING 0 0 🔵 info ✅ OK
Total new issues: 6 | Persistent issues: 0 | 🤖 AI enrichment applied to 5 finding(s).
🤖 AI Review Notes (advisory)
  • Request body validation is missing on at least one endpoint, allowing invalid or malicious data to reach the service layer unchecked.
  • Two service methods perform repository writes without transactional boundaries, risking partial updates if an error occurs mid-operation.
  • At least one class has no logger declared — add @Slf4j before adding log statements to enable structured logging.
  • Exception handling relies on a bare catch block without proper logging, making production issues harder to diagnose and trace.

12 rules covering what matters in Spring Boot

Focused on the patterns that cause real production incidents in microservice architectures.

🚨 Critical — blocks approval ⚠️ Warning — advisory ℹ️ Info — convention
REQUEST_BODY_MISSING_VALID
@RequestBody present without @Valid — Bean Validation will be silently skipped
CRIT
CONTROLLER_REPOSITORY_COUPLING
Controller directly injecting a @Repository, bypassing the service layer
CRIT
MISSING_RESPONSE_STATUS_ON_EXCEPTION_HANDLER
@ExceptionHandler missing @ResponseStatus or ResponseEntity — defaults to 200 OK on errors
CRIT
HARDCODED_URL
Hardcoded HTTP/HTTPS URLs — should be externalised to config or @Value
WARN
FEIGN_RESILIENCE_MISSING
Feign client declared without fallback or circuit breaker — no fault tolerance
WARN
EXCEPTION_LOGGING_BEST_PRACTICES
Bare catch block using printStackTrace() instead of a structured logger
WARN
REQUEST_DTO_MISSING_FIELD_VALIDATION
Request DTO class has no field-level validation annotations (@NotNull, @Size, etc.)
WARN
SERVICE_WRITE_MISSING_TRANSACTIONAL
Service write method (save/update/delete) missing @Transactional — partial writes possible
WARN
SERVICE_WRITE_MISSING_TESTS
PR adds a write method but no test file was updated — no coverage for new logic
WARN
MISSING_LOGGER_DECLARATION
Class has no @Slf4j annotation or logger field — no structured logging available
WARN
NULLABLE_RESPONSE_WITHOUT_OPTIONAL
ResponseEntity.ok() wrapping a value that may be null — potential NullPointerException
WARN
CONTROLLER_METHOD_NAMING
Controller method names don't follow Spring REST naming conventions
INFO

Everything your team needs in a reviewer

From static analysis to AI-powered explanations and automatic PR decisions.

⚙️
Static Rule Engine
12 deterministic rules tuned specifically for Java Spring Boot microservice patterns. Runs on every PR with zero false-negative potential — rules are code, not heuristics.
3 Critical 8 Warning 1 Info Spring Boot 3.x
AI-Enriched Inline Comments
Every rule violation gets an AI-written explanation of why it matters in production and a concrete, paste-ready code fix — tailored to the exact context of your PR diff.
GPT-4.1-mini Context-aware Inline on diff
📋
PR-Level AI Summary
Each PR receives a top-level summary comment with an aggregated view of all findings, overall severity assessment, and advisory notes from the AI reviewing the complete change set.
Per-PR report Advisory notes Overall verdict
Auto-Approve & Dismiss
Clean PRs are automatically approved. When critical issues are detected, any existing approval is dismissed — keeping your branch protection rules meaningful without manual reviewer overhead.
Auto-approve clean PRs Dismiss on critical Branch protection aware
🟢
No issues found
0 critical · 0 warnings · clean diff
✓ Auto-approved
🟡
Warnings only
0 critical · 3 warnings · advisory comments posted
✓ Approved with notes
🔴
Critical issues detected
2 critical · REQUEST_BODY_MISSING_VALID, CONTROLLER_REPOSITORY_COUPLING
✗ Approval dismissed

Built on reliable, modern infrastructure

Lightweight TypeScript backend, GitHub-native integration, and the latest GPT-4.1 model for AI enrichment.

🟩
Node.js + TypeScript
OpenAI GPT-4.1-mini
🐙
GitHub App + Octokit
Java 17+ / Spring Boot 3.x

Start catching issues before they reach production.

Free GitHub App. Works on any Spring Boot repository. No configuration. Just install and open a PR.

Install MicroReview — It's Free