Free to start — install in 60 seconds

Your AI
senior reviewer
never sleeps

BugLens reviews every pull request before your team does. Catches bugs, vulnerabilities, and style violations — reviewed against your own codebase for context.

GitHub App·No CI changes·No config files·Free to start
buglens - PR #142 review
$ buglens review --pr 142
Fetching diff... 847 lines changed across 12 files
Running Lens agent -> Context agent -> Review agent
 
[!] auth/middleware.ts:34 - SQL injection risk
// User input directly interpolated into query string
[x] api/upload.ts:89 - No file size validation
// Max 10MB enforced in docs but not in code (see RFC-22)
[ok] utils/cache.ts - Matches team caching standard
 
-> Posted 3 inline comments to PR #142
-> Severity score: 6.4 / 10 | Request changes: yes
$
// see it in action

What your team
actually sees.

BugLens posts structured review comments directly on your PRs — with the bug, context from your codebase, and the fix.

PR #247feat: add user auth middleware
main ← feat/auth-middleware
BugLensBugLens reviewing…
BugLensEstimated review effort
1 Critical
2 Warnings
11 files reviewed · ~18 min effort
▶ Files reviewed (11)
▶ Critical findings (1)
auth/middleware.ts:33
buglens[bot]bot1 min ago
Critical · Security

SQL injection — user input directly interpolated into query string

Token from req.body.token is concatenated into SQL. An attacker can manipulate the query. Matches your KB rule: use parameterized queries everywhere.

auth/middleware.ts
31 const user = await getUser(req.headers.auth);
33- `SELECT * FROM sessions WHERE token = ${req.body.token}`
34+ db.prepare('SELECT * FROM sessions WHERE token = ?')
SB
@buglens we use parameterized queries in lib/db.ts — flag inconsistency in future reviews
Understood. I'll compare against lib/db.ts patterns in all future reviews for this repo.
New Learnings Added
Repo your-org/api
File auth/middleware.ts:33
Rule Cross-check DB queries against lib/db.ts patterns
Also available via REST API & MCP
// why this matters

Code reviews were hard before.
Now, they feel impossible.

Your team moves fast with AI. But fast shouldn't mean sloppy. BugLens makes sure every line still earns its merge.

Left the same SQL injection comment. Again. This is my third PR this week.
I keep forgetting. Good thing you keep catching it!
I did catch it. For the THIRD TIME.
No need for all-caps energy. I'll learn eventually.
// what buglens does

Catches bugs
before your team does.

BugLens runs on every pull request — AI analysis plus deterministic rules that never miss the obvious stuff.

AI-powered review

State-of-the-art AI analyses every diff for bugs, security issues, and logic errors — with inline comments posted directly on the PR.

Deterministic rules

8 hardcoded rules that run every time: hardcoded secrets, missing await, import typos, eval usage, shell injection, variable mismatches and more.

GitHub native

Install via GitHub App in 60 seconds. BugLens posts reviews as PR comments and sets a commit status — green or red — on every push.

Re-review on push

Developer pushes a fix? BugLens dismisses the old review and runs a fresh one automatically — no manual trigger needed.

Knowledge base

Write your team's conventions as Lessons. BugLens applies them to every PR — catching violations your senior devs would flag.

Review analytics

Track bug patterns, recurring violations, and code health over time. See which files get flagged most and where your team's weak spots are.
// how it works

Three steps.
Zero ceremony.

Install once. Every pull request gets reviewed automatically. No manual triggers.

01

Install in 60 seconds

Connect BugLens to your GitHub organization. Authorize the GitHub App. Select the repos you want reviewed. No config files. No CI changes.

02

PR opened. Review starts.

A developer opens a pull request. BugLens receives the webhook, fetches the diff, runs 8 deterministic rules, then sends the diff to AI analysis. Under 3 minutes.

03

Findings posted inline

BugLens posts inline comments on the PR — one per finding, at the exact line. Sets a commit status: green if clean, red if issues found. Your team reviews, not reruns.

// intelligence

Code reviews that
learn from you.

Set your rules once. Reply to flag an edge case. BugLens accumulates context and gets sharper with every PR.

Line 42: Hardcoded API key detected. Move to environment variable.
@buglens we allow keys in test files, ignore those
SB
New learning added
Repo: your-org/apiRule: Skip hardcoded-key checks in *.test.* files
// pricing

Pick a plan.
Ship better code.

Free to start. Paid plans unlock private repos, unlimited reviews, and context-aware analysis. Cancel any time.

Free
$0forever

One repo. 50 AI reviews per month. No credit card.

  • 1 repository
  • 50 AI reviews / month
  • 8 deterministic rules, every PR
  • Inline PR comments on GitHub
  • Public repos only
Start for free
Team (Soon)
$49per seat / month

Organization-wide install. Custom AI standards. Slack alerts on every review.

  • Everything in Starter
  • Custom AI coding standards
  • Slack & Discord notifications
  • Organization-wide installation
  • Priority Slack support
Join waitlist
// security

Your code stays
yours.

BugLens reviews your diff and discards it. No training on your code. No storage after review. GitHub OAuth only — we never see your password.

Zero retention

Your diff is fetched, reviewed, and discarded. Nothing is stored on our servers after the review completes.

GitHub OAuth only

We never see your password. Authentication is handled entirely by GitHub — BugLens only receives an installation token scoped to the repos you select.

Not trained on your code

Your codebase is never used to train any AI model. Reviews run against a hosted model with zero data retention on the AI side.

// from the builder's log

Building in public

Technical deep-dives on AI agents, RAG pipelines, and the engineering decisions behind BugLens.

Follow the build

New post every week. No spam - just honest engineering notes from building BugLens in public.

// start today

Your next prod bug is already
in an open PR.

BugLens finds it before your team merges. Install in 60 seconds. No config files. No CI changes.

Start reviewing →