Reviews for teams that move fast without breaking things. Install PRBuff once on a repo or your whole org, and every pull request gets a clear, actionable review the moment it opens.
Code reviews were hard before. AI-speed shipping made them impossible. PRBuff keeps up. Install it once, and your next pull request gets reviewed on its own.
Open github.com/apps/prbuff and choose your account or organization.
All repositories or just a few. Approve read-the-diff and write-a-comment access. That's it.
PRBuff reviews it within minutes and refreshes the review on every push. Drafts wait until you're ready.
Hard-to-find bugs, security holes, and the tedious stuff humans skim past, flagged with a severity, a location, and a fix. Without the noise.
Tokens signed with alg="none" skip signature checks, so any client can forge a token with any role.
Order items are fetched one query at a time inside the loop, an N+1 that explodes on large carts.
The new partial-refund path has no test. Only full refunds are covered.
amount < total with a balance check.Applied automatically for your stack. Right now: Python · service
One-click fixes, a chat that knows your diff, a check that can block a risky merge, and real security and dependency scanning behind every review.
Where the fix is clear, PRBuff posts a committable suggestion. Press Commit suggestion and it's in. It never pushes to your branch itself.
commit suggestionOpt in and PRBuff proves a one-click fix at least compiles before offering it. A broken suggestion is demoted, never handed to you.
✓ verifiedMention @prbuff on the PR or any diff line. It answers grounded in the change, right in that thread. No context-switching.
@prbuffPRBuff posts a prbuff/review check that fails on a critical issue. Make it required, and risky PRs can't merge.
prbuff/reviewReal static analysis runs alongside the review, so injection and unsafe patterns get caught, not guessed at by a model alone.
SASTFlags logic copy-pasted across files that should live in one place, so the same bug doesn't have to be fixed twice.
duplicationFor bumped packages, PRBuff surfaces release dates and known CVEs, cited, so a sneaky upgrade doesn't slip through review.
deps + CVEsOpt in and PRBuff reads around the diff (read-only) to ground its review in your actual repo, following a symbol to where it's defined.
agent · read-onlyEvery review runs in its own isolated sandbox and is dropped the moment it's posted. The app asks for the narrowest access GitHub allows, nothing more.
Each PR is reviewed in its own throwaway environment, created for that review and torn down after.
Your code is read to write the review, then dropped. Nothing is kept once the review is posted.
Read the diff, write the comment, read repo metadata. PRBuff never asks for more.
Install the GitHub App on a repo or your whole org, open a pull request, and see the review land. PRBuff takes it from there.
free to install · no credit card needed · uninstall anytime