Your First Review

Here's what to expect when Assay reviews your first pull request.

Triggering a Review

Reviews can be triggered in three ways:

1. Automatic (Recommended)

When you open or update a pull request on a connected repository, Assay automatically starts a review. The default tier is Code Review.

2. Slash Commands

Comment on any PR with a slash command:

/assay          # Standard Code Review
/assay quick    # Quick Scan
/assay deep     # Deep Analysis

3. Manual from Dashboard

1. Go to Repositories in your dashboard
2. Click on the repository
3. Select an open PR from the dropdown
4. Choose your review tier and options
5. Click Start Review

During the Review

While Assay analyzes your code, you'll see:

• Status: Processing in your dashboard
• A pending status check on your GitHub PR
• Live progress in the review detail page

Review times vary by tier:

• Quick Scan: < 1 minute
• Code Review: 2-5 minutes
• Deep Analysis: 5-15 minutes

Review Results

When complete, you'll receive:

On GitHub

• A review comment with the summary
• Inline comments on specific lines with findings
• An approval status (Approved, Changes Requested, or Comment)

In Dashboard

The review detail page shows:

• Summary - High-level overview of changes
• Key Changes - Significant modifications identified
• Breaking Changes - API or behavior changes (if any)
• Findings - Detailed issues grouped by severity

Understanding Findings

Each finding includes:

Example finding:

🔒 SECURITY | HIGH
File: src/api/auth.ts:42-45

SQL Injection Vulnerability

User input is directly concatenated into SQL query without
sanitization. This allows attackers to execute arbitrary SQL.

Suggested Fix: Use parameterized queries instead of string
concatenation.

What Happens to Credits?

• Credits are reserved when the review starts
• Final cost is calculated on completion
• Unused reserved credits are returned
• Failed reviews are fully refunded

Next Steps

• Learn about review tiers
• Understand severity levels
• Configure your repositories