Now on GitHub Marketplace

Three specialized agents
review every PR in parallel.

The only code review tool with a dedicated security agent. Correctness, security, and style run in parallel and synthesize into one unified report.

Install on GitHub See how it works
No code retained on our side No ads Diff and small-file context only Private repos on free plan

Product preview

src/auth/token-validator.ts
1m 48s 3 agents complete
Correctness medium

L42 Token expiry check uses Date.now() but exp is in seconds. Multiply by 1000 or use new Date(exp * 1000).

Security high

L61 JWT secret sourced from process.env.SECRET without fallback guard. If unset in production, any token will pass validation.

Style low

L18-24 Function validateToken handles 4 concerns. Split into parseToken, verifySignature, and checkClaims.

3 findings - 0 critical, 1 high, 1 medium, 1 low

How it works

One PR event triggers three parallel checks. No config required to start.

  1. PR opened or updated

    GitHub sends a webhook. TriRev acknowledges within 200ms and starts analysis in the background. Your workflow is never blocked.

  2. Three agents run in parallel

    Correctness catches logic bugs and edge cases. Security scans for OWASP Top 10 and exposed credentials. Style checks conventions and readability. Each agent focuses on one thing.

  3. One unified report

    Results are synthesized into a single PR comment with inline annotations. No duplicates. No noise. Severity levels (critical / high / medium / low) on every finding.

Correctness

Logic bugs, null safety, edge cases, potential regressions. Covers JS/TS, Python, and Go.

Security

OWASP Top 10, exposed secrets, dependency vulnerabilities, weak crypto patterns. CVE references included.

Style

Naming, readability, documentation gaps, convention drift. Adapts to your existing codebase patterns.

What sets it apart

Feature TriRev CodeRabbit Copilot
Specialized parallel agents 3 dedicated agents Single agent Single agent
Dedicated security review Full OWASP scan Basic Basic
Unified synthesis report Yes No No
Zero retention on our side Transient processing Configurable Telemetry opt-out
Private repos on free plan Yes Public only Paid plan

Pricing

Simple, per-developer pricing. No seat minimums on Free or Pro.

Free

$0 forever
  • 30 PR reviews per month
  • Public and private repos
  • All 3 agents (correctness, security, style)
  • Up to 2 concurrent reviews
  • Inline PR comments
Get started free

Pro

$20 /dev/month
  • Unlimited PR reviews
  • Private repos
  • All 3 agents
  • Priority review queue
  • Custom .reviewbot.yml config
  • Inline comments + summary report
Start Pro

Team

$25 /dev/month
  • Everything in Pro
  • Shared org-level configuration
  • Admin controls and audit log
  • Priority support
  • 5-seat minimum
Contact us

All plans process your code transiently for the review and discard it afterwards on our side. We do not train any model on your code. See our Privacy Policy for the AI provider's data handling and our Security posture for full details.

Privacy by design

Zero-friction install

Install the GitHub App and your next PR is reviewed automatically. No separate account, no dashboard, no configuration wizard, no qualifying form.

Zero retention on our side

TriRev processes the diff and changed-file context transiently and discards it on our infrastructure when the review completes. Anthropic, our AI provider, may retain inputs up to 30 days for safety review under their Commercial Terms.

Diff plus small-file context

We send the diff and the contents of changed files smaller than 500 lines (for the context the AI needs). We request the minimum GitHub permissions necessary; no access to repository history, branches, or unrelated files.

Stateless processing

Each review is an independent job. No cross-PR correlation, no user profiling, no model training on your code. No "allow us to learn from your data" checkbox to find.

Audit trail

Every review is logged with a delivery ID for debugging. Review metadata (repo, PR number, timestamp, status) is retained, not the code contents.

No ads, no promotional content

TriRev never inserts promotional content into your PR comments. Your workflow is not an advertising channel. Review comments contain findings only.

Read our full security posture - what data we access, what we store, and our incident response process.

Start reviewing better PRs today.

Install in under a minute. Works on any repo, any language in the supported set.

Install TriRev on GitHub

Free plan, no credit card required.