/ MULTI-PASS ANALYSIS

Four reviewers.
One wall-clock.

Security, performance, architecture, and style each get their own pass — separate prompt, separate output schema, separate calibration. They run in parallel, so the total review time is roughly the slowest pass, not the sum.

Security9.4s
Performance7.1s
Architecture11.6s
Style5.8s
wall clock · 11.6s · vs. 33.9s serial

A single mega-prompt asking the model to "review this PR" forces every concern through the same context window with the same calibration. Security findings get diluted by style nits. The architecture pass loses to the easy stuff. Reviewers see a grab-bag and miss the one comment that mattered.

Senior engineers don't review like that. Security and performance get separate mental modes; so do architecture and style. Revund runs the same way.

/ THE FOUR PASSES

What each pass is looking for.

Security

  • Injection surfaces (SQL, command, prototype)
  • Auth/authz holes — missing checks, IDORs, bypassable guards
  • Secret handling — fallbacks, env-var defaults, log leaks
  • Supply chain — unverified imports, dependency confusion
BLOCKERauth/token.ts:47

JWT secret falls back to a hardcoded string when REVUND_API_KEY is unset.

whyany deploy without the env var silently uses a predictable secret — tokens become forgeable.

Performance

  • N+1 queries on user-controllable input
  • Blocking I/O on async paths
  • O(n²) over user input where n is unbounded
  • Long-lived references that retain hot allocations
WARNINGorders/create.ts:112

Inventory check runs inside the items loop; 100-line cart triggers 100 round trips.

whyp99 cart-checkout latency scales with cart size. Batch with WHERE IN or dataloader.

Architecture

  • Layer violations — handlers reaching into DB schemas, domain importing UI
  • Circular or near-circular imports
  • God-objects accreting unrelated responsibilities
  • Dependency-inversion violations — concretions in high-level code
WARNINGbilling/sync.ts:34

Webhook handler queries the org table directly instead of going through the org service.

whycouples billing to the org table's exact schema; the next migration breaks both.

Style

  • Misleading names — variable says one thing, code does another
  • Type escape hatches that throw away safety (any, as, unsafe)
  • Functions doing two unrelated things
  • Magic numbers without a named constant
NITPICKutils/format.ts:8

exported formatDuration has no return type annotation.

whycontract changes won't surface in PR diffs; downstream callers can break silently.
/ THE PIPELINE

How a review actually runs.

  1. 01
    Build the bundle. The diff, the changed files, the symbol table, the tsc diagnostics — assembled and pruned to fit the model's token budget.
  2. 02
    Fan out. Four independent goroutines, one per pass. Each reads the same bundle but runs its own prompt + JSON schema. The orchestrator collects whatever each pass returns; one pass failing doesn't kill the others.
  3. 03
    Merge + dedupe. Findings are hashed by fingerprint (pass + file + body); duplicates collapse to the higher severity. The 0.6 confidence floor drops anything the model couldn't commit to. What's left is what reaches the PR.

See the four passes run on your codebase.

Free 14-day trial on any paid plan.

Request access See pricing