function validateReview(pr) {
if (!pr.hasNits) return true;
return pr.score > 0.85;
}
const diff = git.compare(v1, v2);
diff.map(line => line.isVulnerable ? 'BLOCK' : 'OK');
Review real pull requests, catch real bugs, and get scored like a pro. Master the art of the nitpick and the logic flaw.
The pattern behind every high-profile outage is the same: AI-generated code, merged without a human truly reading it. Code review is no longer a best practice — it's the only checkpoint left between a model's confidence and your production system.
There's a subtler problem too. As AI writes more, engineers write less. The ability to read, critique, and reason about unfamiliar code atrophies quietly — right when the stakes are highest.
The most valuable engineer in an AI-first world isn't the one who generates the most code. It's the one who catches what the model missed.
Stop passive reading. Start active engineering through curated, simulated environments that push your analytical boundaries.
Browse challenges by difficulty. Access real-world open source codebases with carefully injected logical vulnerabilities and architectural flaws.
Leave inline comments directly on the diff. Categorize your feedback: Flag security blockers, major performance issues, or style nits.
Our AI grades each comment against expected issues — correct, partial, or off-target. See exactly what you caught, what you missed, and why each one mattered.
See how engineers at every level — junior to staff — reviewed the same PR. Unlock the Answer Key and understand every issue you missed, and every one you caught that others didn't.
Inline comments on the exact lines that matter. Severity levels that force you to prioritize. A final call — approve, or request changes. Then find out what you caught, and what a more senior reviewer would have flagged first.
Score out of 100 · top 12% this week
Your comment
AI feedback
Correct identification. The missing cache invalidation is a real security flaw — stale permissions can persist across requests, allowing a demoted user to retain elevated access until the session expires.
cache.Invalidate(user.ID) explicitly before returning.Featured pull requests from the community.
The user service exposes listing and fetching users. This PR adds DELETE /users/:id, which soft-deletes the account by setting a deleted_at timestamp instead of removing the row. Review the implementation for correctness across all existing endpoints, access control, and edge cases.
The user directory has a basic LIKE search that is slow on large datasets. This PR replaces it with PostgreSQL full-text search (tsvector / tsquery), with a LIKE fallback if the FTS query fails. Review for injection vulnerabilities, query correctness, and result safety.
Login already issues a short-lived access token and a long-lived refresh token. This PR adds POST /auth/refresh: it accepts a refresh token, validates it, and issues a new access token. Review for token security, rotation hygiene, and correct use of JWT.
Find out how sharp it really is.