Review Agents
diffray uses a team of 31 specialized agents, each focused on what they do best. This multi-agent architecture combined with intelligent context curation ensures each expert brings deep focus to their domain โ no distractions, no context dilution.
Core Reviewersโ
๐ Security Expertโ
Catches vulnerabilities before they become incidents. Deep expertise in OWASP Top 10, authentication patterns, and data protection โ backed by industry-leading security tools.
- Injection attacks (SQL, XSS, command)
- Exposed credentials and secrets
- Insecure authentication patterns
- Data protection issues
โก Performance Specialistโ
Identifies what will actually slow your app down โ before your users notice.
- Database query problems (N+1, missing indexes)
- Memory leaks and resource issues
- Inefficient algorithms
- Scalability concerns
๐ Bug Hunterโ
Finds the bugs that would wake you up at 3 AM. Hunts runtime errors, race conditions, edge cases, and logic bugs that slip through tests but crash in production.
- Null pointer and undefined errors
- Race conditions
- Edge cases that break in production
- Logic errors
โจ Quality Guardianโ
Keeps your codebase maintainable as it grows. Catches complexity creep, dead code, unclear logic, and missing validation โ before technical debt piles up.
- Complex code that needs refactoring
- Dead code and unused variables
- Unclear logic and poor naming
- Missing validation
๐๏ธ Architecture Advisorโ
Ensures your code structure stands the test of time. Reviews architectural decisions to catch design pattern violations, tight coupling, and responsibility misplacement.
- Design pattern violations
- Tight coupling between components
- Responsibility misplacement
- Scalability anti-patterns
๐ Consistency Checkerโ
Makes sure your team writes code like a team. Detects duplicate functionality, pattern deviations, naming inconsistencies, and missed reuse opportunities.
- Duplicate functionality
- Pattern deviations
- Naming inconsistencies
- Missed reuse opportunities
๐ Documentation Reviewerโ
Keeps your docs in sync with your code. Catches outdated documentation, missing API docs, and misleading comments before they mislead developers.
- Outdated documentation
- Missing API docs
- Misleading comments
๐งช Test Analystโ
Ensures your tests actually protect you. Finds missing edge cases, flaky tests, and isolation issues that let bugs slip through.
- Missing edge case coverage
- Flaky tests
- Poor test isolation
๐ง General Reviewerโ
Catches cross-cutting concerns โ project conventions, git hygiene, and the glue that holds codebases together. Not security, not performance, but everything else that matters.
- Project conventions and standards
- Git and workflow practices
- Cross-domain concerns
๐ SEO Expertโ
Catches SEO issues before they hurt your rankings. Focused on technical SEO, meta tags, structured data, and search visibility.
- Missing or invalid meta tags
- Broken OpenGraph and Twitter cards
- Invalid structured data (JSON-LD)
- Search visibility issues
Language Specialistsโ
Experts in language-specific idioms, patterns, and pitfalls.
| Agent | Focus Areas |
|---|---|
| TypeScript | Type safety, strict mode patterns, generics, utility types |
| Python | Type hints, async patterns, Pythonic idioms, PEP compliance |
| Go | Goroutines, channels, error handling, Go idioms |
| Rust | Ownership, lifetimes, unsafe blocks, async patterns |
| Kotlin | Coroutines, null safety, extension functions, DSLs |
| C# | Async/await, LINQ, nullable references, .NET patterns |
| Ruby | Rails patterns, metaprogramming, Ruby idioms |
| PHP | PHP 8+ features, Laravel patterns, security |
Framework Expertsโ
Deep knowledge of popular frameworks and their best practices.
| Agent | Focus Areas |
|---|---|
| React | Hooks patterns, component lifecycle, state management, performance |
| Vue | Composition API, reactivity, Pinia patterns |
| Angular | RxJS patterns, change detection, dependency injection |
| Next.js | App Router, Server Components, SSR/SSG patterns |
| NestJS | Decorators, modules, DI, enterprise patterns |
| Node.js | Event loop, streams, async patterns, backend best practices |
| Spring | Spring Boot, JPA, dependency injection, Java enterprise |
| Flutter | Widget lifecycle, state management, Dart patterns |
Domain Specialistsโ
Focused expertise for specific problem domains.
๐ GraphQL Expertโ
Reviews schema design and query patterns.
- Schema design best practices
- N+1 query detection
- Federation patterns
- Resolver optimization
๐ Microservices Architectโ
Ensures distributed systems are resilient.
- Circuit breaker patterns
- Saga implementations
- Service boundaries
- Event-driven design
๐ฆ Dependencies Analystโ
Keeps your supply chain secure.
- Known vulnerabilities (CVE)
- License compliance
- Outdated dependencies
- Supply chain risks
โฟ Accessibility Reviewerโ
Ensures your app works for everyone.
- WCAG compliance
- ARIA patterns
- Keyboard navigation
- Screen reader compatibility
๐ Compliance Auditorโ
Checks regulatory requirements.
- GDPR data handling
- HIPAA requirements
- PCI DSS compliance
- SOC 2 controls
๐จ Refactoring Advisorโ
Identifies code smells, technical debt, and maintainability issues that will cause problems as your codebase grows. Finds structural problems before they compound into larger issues.
- Code smells (long methods >50 lines, large classes >500 lines, deep nesting >4 levels)
- Design anti-patterns (God objects, feature envy, inappropriate intimacy)
- SOLID principle violations (SRP, OCP, LSP, DIP)
- High cyclomatic complexity (>10) and hard-to-follow control flow
- Suggests specific refactoring patterns: Extract Method, Replace Conditional with Polymorphism, etc.
How Agents Work Togetherโ
When you open a PR, diffray:
- Analyzes changes to determine which agents are relevant
- Assigns rules to appropriate specialist agents
- Runs reviews in parallel for fast feedback
- Deduplicates findings to avoid noise
- Presents unified results organized by severity
Each agent only reviews code matching their expertise โ a React agent won't comment on your Python files, and the Security expert won't nitpick your CSS.
Works Out of the Boxโ
All agents are active by default with battle-tested rules. No configuration needed โ just open a PR and get expert reviews.
Want to customize? Add project-specific rules to tailor reviews for your codebase.