New · AI code reviews in Slack

Every pull request, reviewed in Slack. In minutes.

CodePulse Reviews uses Claude to review your GitHub PRs across five axes, posts severity-tagged inline comments, and pushes the fixes with one click — all from a Slack message.

Add to Slack See a sample review

From the team behind CodePulse, the engineering-analytics platform used by 200+ teams.

CodePulseAPP 10:24 AM

#482 · Add rate-limit middleware to webhook handler

Reviewed 14 files. Found 1 critical issue, 2 important, 3 suggestions.

Critical Missing auth check on /webhook/internal
Important Unbounded retry loop in worker.py:142
Suggestion Extract parse_event() for testability

github.com/acme/api · handlers.py

@app.post("/webhook/internal")

- async def receive(req):

+ async def receive(req, _=Depends(verify)):

payload = await req.json()

Critical. Endpoint was public — added shared-secret verification dependency.

How it works

Three steps. No dashboard round-trips.

Reviews lives in the tool your team already opens first thing every morning.

Paste a PR link in Slack

Any channel CodePulse is in. Or add /review for a prompt — same result.

Claude reviews it across five axes

Correctness, readability, architecture, security, performance — with severity-tagged inline comments posted straight to the PR.

Click “Fix the issues”

CodePulse opens a commit on the branch with the fixes. You review the commit, not the nits.

Five-axis reviews

Not just “LGTM” or “nitpick”.

Claude evaluates every PR across the five dimensions that actually matter — and tells you which one pulled the score down.

CCorrectness. Logic errors, edge cases, broken invariants.
RReadability. Naming, cohesion, comment signal.
AArchitecture. Layering, coupling, separation-of-concerns.
SSecurity. Auth, injection, unsafe defaults, secrets.
PPerformance. Hot paths, N+1s, allocation surprises.

services/auth.py · +6 −2

41async def handle_login(req):

42 user = await lookup(req.email)

43 if user.password == req.password:

43 if verify_hash(user.password_hash, req.password):

Critical Plaintext password comparison Storing plaintext passwords and comparing directly is a CWE-256 finding. Use verify_hash() against the salted hash at user.password_hash.

44 return issue_token(user)

45 return 401

Important No rate limit on failed logins A bare 401 with no throttle invites credential stuffing. Add a 10/min per-IP limiter before shipping.

Suggestion Consider extracting AuthFlow This handler is accumulating orchestration logic. A small AuthFlow class would keep the route thin and testable.

Inline & classified

Every comment knows how much it matters.

CodePulse tags each finding Critical, Important, or Suggestion, then posts it directly to the PR diff on GitHub — so reviewers see it where they already look.

Praise goes in the review summary. Inline comments are for findings only. That way merges never block on a compliment.

One-click auto-fix

The button that commits the fix.

Click Fix the issues in Slack and CodePulse fixes the findings it just flagged, pushes a commit on the same branch, and re-runs the review. Your PR author reviews a clean commit instead of a list of chores.

Try it on your next PR

Click the buttonSlack → CodePulse spins up a sandboxed worker with your repo.
Claude writes the fixesEvery finding from the review is addressed in scoped edits — nothing else is touched.
Commit pushed to the branchOne commit with a clear message. CI runs. You re-review the diff.
Auto re-reviewCodePulse reviews the new state. Still something to flag? You’ll see it in Slack.

Part of the CodePulse family

Works beautifully with CodePulse Analytics.

CodePulse Analytics tells you where your review process is slow — rubber-stamps, bottlenecks, knowledge silos, cycle-time regressions.

CodePulse Reviews does the reviewing, so your team’s time goes to the decisions that actually need a human. Use one. Use both. They share an account.

Learn about Analytics

Cycle time

2.3d

Rubber-stamps

23%

DORA · Lead time

Elite

CodePulse · #482 reviewed

5 findingsFix pushed

Security

Your code never leaves your org.

We’re serious about this — we built CodePulse for engineering teams who read the security page first.

Scoped GitHub App install

Reviews runs under a GitHub App you install. Scope is limited to the repos you pick.

No training on your code

We call the Anthropic/OpenAI API with explicit no-training terms. Nothing is retained.

Ephemeral worker sandboxes

Every review runs in a fresh, isolated container. The clone is wiped when the review ends.

Bring your own key

The BYOK plan runs reviews through your own Anthropic account — our pipeline, your keys, your bill. Enterprise adds Bedrock and Vertex.

Pricing

Per developer. Unlimited reviews.

Pay only for devs who open PRs. Start on BYOK with your own Anthropic key — or let us handle it.

BYOK

$19/ dev / month

Bring your own Anthropic key. No LLM markup.

Unlimited Claude reviews
Your Anthropic billing, direct
Private repos, auto-fix, Slack
15 reviews / hour / dev

Get started

Team

$29/ dev / month

The one most teams pick.

Unlimited reviews^†
Claude Sonnet
Auto-fix from Slack
5 reviews / hour / dev

Start free trial

Business

$49/ dev / month

Opus on complex PRs, deeper tooling.

Unlimited reviews^†
Claude Sonnet + Opus on complex PRs
Semgrep SAST pre-review
Custom review rules per workspace
Analytics CSV export
15 reviews / hour / dev

Start free trial

Enterprise

Custom

Everything in Business, plus compliance.

Everything in Business — Opus, SAST, custom rules, analytics export
SSO/SAML, audit logs, DPA
Self-host or bring-your-own-cloud
BYOK / Bedrock / Vertex
Negotiated fair-use & SLA
Named account manager

Contact sales

^† Unlimited reviews under our fair-use policy. Active developers are those who open at least one PR in a billing period.

FAQ

Answers before you ask.

Is it safe on private repos?

Yes. Reviews runs under a scoped GitHub App install on the repos you explicitly allow. Source is cloned into an ephemeral sandbox, reviewed, and wiped. The LLM call is made to Anthropic or OpenAI under no-training terms.

Which model does it use?

Team runs on Claude Sonnet. Business runs Sonnet by default and escalates to Opus automatically on complex PRs. BYOK routes every review through your own Anthropic account, so you pick the model — Sonnet, Opus, whatever you want. Enterprise adds Bedrock and Vertex.

What counts as a “review”?

One complete pass over one pull request. Team and Business plans are unlimited under our fair-use policy; a small number of workspaces exceeding the monthly threshold get routed to Claude Haiku for the rest of the billing period. BYOK has no fair-use cap because you pay Anthropic directly.

What triggers a review?

You do — by pasting a PR link in a Slack channel CodePulse is in. We deliberately don’t auto-review every PR; review load is a scarce resource and we want you in control of it. Power users wire up /review as a shortcut.

How safe is the auto-fix?

The auto-fix only addresses findings from the review it just produced, and it pushes a single commit you can revert in one click. CI runs on the new commit. Reviews then re-reviews the new state. If the fix broke something, you’ll see it.

How do I cancel?

One click from Settings. No call, no email thread. Your data is deleted within 30 days; ephemeral clone data is deleted per review.

What’s the relationship to CodePulse Analytics?

Same company, same account. Analytics measures your engineering org across DORA, SPACE, and team-health signals. Reviews is an action tool — it actually reviews the code. Use either, or both. They share sign-in.

Start reviewing PRs in 2 minutes.

Install the Slack app, pick a repo, paste a PR link. That’s the whole setup.

Add to Slack See pricing