AI code review grounded in your team's actual documentation and codebase structure. Track every review, monitor codebase health, and explore your dependency graph from a full dashboard.

MatrixReview ingests every doc in your repo: security policies, architecture standards, API semantics, implementation guides, style guides, and contribution rules. It also builds a complete import graph of your entire codebase, mapping every file, every dependency chain, every entry point, and every security-sensitive module. Then it enforces all of it on every pull request. Automatically.

Findings come in three tiers so your team always knows what they're looking at. Code-backed findings are deterministic, proven from your dependency graph with no LLM involved. A changed file breaks 47 downstream consumers, a new entry point has no auth middleware, a security-tagged module was modified without review. These are facts, not opinions. Doc-backed findings cite the exact document, section, and line range that was violated. AI suggestions are clearly labeled as optional and never block a PR.

Install the GitHub App. Open your repo. MatrixReview scans your entire codebase, builds the import graph, discovers your documentation, classifies every doc into review categories, and builds your knowledge base. No config files. No YAML. No rule authoring. Two minutes and you're live.
Each PR review runs through 5 independent review gates: Security, Architecture, Legal, Style, and Onboarding. Each gate is scoped to its own domain so findings never bleed across categories. Every finding then passes through a hallucination guard. If a finding contradicts your documentation or cannot be proven from it, it gets killed before it reaches your PR.

Surviving findings are swept for stronger doc citations, upgrading AI suggestions to doc-backed where the evidence exists. What lands on your PR is precise: the violation, the source document, and the code that triggered it.

The import graph enables blast radius analysis on every PR. When a file changes, MatrixReview traces every downstream consumer and checks for breaking changes. Files that handle auth, crypto, payments, and database access are automatically security-tagged and receive deeper scrutiny. High fan-in files imported by dozens of other modules are flagged as change amplifiers.

When MatrixReview flags a finding, engineers can click Generate Fix directly from the PR comment. The fix is generated with full context: the PR diff, the relevant documentation, and the import graph. Before posting, the generated fix runs back through the entire review pipeline. If the fix would violate your security policy or architecture standards, it gets rejected. Only fixes that pass all five gates are posted.
Each gate only retrieves docs relevant to the files your PR actually changed, not your entire doc library. Redundant findings across gates are deduplicated automatically. The result is clean, actionable reviews, not walls of noise.

Sign in with GitHub to access your dashboard. Every review is stored with its traffic light, gate results, findings, and citations. Your codebase gets a health score based on review history that tracks improvement over time. The dependency graph is browsable: click any file to see what imports it and what it depends on. Manage your documents, see which gates they feed, and upload new policies directly from the dashboard.

Your source code never touches our disk. Repository clones are created in temporary directories for graph analysis and deleted immediately after processing. PR diffs are retained for up to 30 days for fix generation, then automatically purged from both disk and database. All stored data is encrypted at rest with AES-256 via SQLCipher. All communications are encrypted in transit over HTTPS. Every data access and mutation is recorded in an append-only audit trail. Customer data is logically isolated by company identifier across all database queries, API endpoints, and file storage. Full GDPR compliance: data export, data deletion, data processing agreements, records of processing activities, and 72-hour breach notification. All SOC 2 Type I technical and organizational controls are implemented and documented.

Your senior engineers carry the weight of checking every PR for API compliance, security policy, and documentation adherence. MatrixReview handles those checks so your reviewers can focus on logic, design, and shipping.

Free. Install in 30 seconds.