Language focus

AI code review for C#

C# teams ship through ASP.NET Core pipelines, EF Core mappings, and async methods that return before work finishes. CodeCritic reviews real diffs with attention to IDisposable patterns, nullable reference types, and middleware ordering that compiles cleanly yet fails under production load.

.NET & ASP.NETEF Coreasync/awaitPaste or GitHub PRFree tier

Online paste review · All languages

Review focus

What we look for in C# changes

Roslyn analyzers catch many nullability warnings; they rarely explain why a `Task` fire-and-forget loses exceptions or why a scoped service leaked into a singleton. The model targets those runtime gaps.

  • Async pitfalls: missing `await`, `async void` event handlers, `ConfigureAwait` assumptions in library code, and cancellation tokens ignored mid-operation.
  • Disposal and lifetime: `IDisposable`/`IAsyncDisposable` not awaited, scoped services captured by singletons, and `HttpClient` misuse via `new` per request.
  • ASP.NET Core: authorization attributes on the wrong layer, model binding that trusts query strings, minimal APIs without input validation, and middleware registered out of order.
  • EF Core: tracking surprises, split queries vs cartesian explosion, raw SQL with interpolated strings, and migrations that drop columns without backfill plans.
  • Nullability drift: `!` suppressions that hide real null paths, `default` returns on reference types, and DTOs that deserialize into partially null graphs.
  • LINQ and collections: deferred execution evaluated twice, `Single` vs `First` semantics on empty sequences, and mutable lists exposed from properties.

AI review does not replace threat modeling, Azure policy review, or regulated-data sign-off. Use it as a fast second pass; service owners still approve merge.

Stacks

Common C# codebases we see

ASP.NET Core APIs

JWT validation gaps, CORS misconfiguration, rate limiting absent on expensive endpoints, and problem details leaking internal IDs.

Background workers

Hosted services without graceful shutdown, channel backpressure ignored, and retry policies that amplify poison messages.

Desktop & Unity-adjacent

UI thread marshaling, event subscription leaks, and serialization of types that change between build targets.

Workflow

Run a C# review in minutes

Paste a controller or service to validate signal, then connect GitHub when the team wants automated PR feedback.
  1. 1

    Paste or connect a repo

    Sign up, open a new review, and paste a handler, repository, or background job. For ongoing work, connect GitHub and target the PR with your .NET changes.

  2. 2

    Let detection set context

    CodeCritic reads framework usings and attributes so findings reference Minimal APIs, MVC, or Blazor patterns you actually deploy.

  3. 3

    Triage by severity

    Issues arrive grouped with short explanations. Fix auth, data integrity, and async correctness before debating naming.

  4. 4

    Scale to PR comments

    Enable GitHub integration so the same engine comments on pull requests your team already reviews in Azure DevOps or GitHub.

How to use it

C# review without drowning in noise

Paste a vertical slice: an endpoint, its service, and the EF query it triggers - not a lone interface file with no call sites.

Keep StyleCop and analyzer gates in CI. CodeCritic focuses on behavior: "this `DbContext` is shared across requests" beats brace placement.

When nullable reference types are enabled, mention that in the PR description so reviewers interpret warnings in the right compiler context.

GitHub integration keeps feedback on the diff your team already discusses in PR threads.

Paid tiers add API automation when you want the same scan on every push to `main`, not only on manual paste.

Validate high-severity async and disposal findings with a quick integration test - AI can misread custom middleware that swallows exceptions.

Details: Integrations, Limitations, Pricing.

Code patterns

C# examples worth reviewing

Small slices from real PRs. Paste similar units in the browser or run on the GitHub diff that contains them.

EF query with string filter

var users = db.Users.Where(u => u.Email == input).ToList();

Sample findings

Typical C# review output

Should fix

Case-sensitive email match

Direct equality on Email fails for mixed-case logins. Normalization belongs before query or in DB collation policy.

Before

u.Email == input

Suggested direction

u.Email.ToLower() == input.Trim().ToLowerInvariant()

Illustrative patterns from real review categories. Your output depends on diff size, language, and context.

Before you merge C#

  • Context size: Include DI registrations or startup configuration when the change depends on scoped vs singleton lifetime.
  • Async paths: Trace every new `Task` return through callers to ensure exceptions and cancellation propagate.
  • Data access: Re-read LINQ and raw SQL for injection-shaped string concatenation and unintended client-side evaluation.
  • Human owner: Assign a reviewer who knows the deployment slot and feature flags the diff affects.

FAQ

C# code review FAQ

Yes. Reviews run on C# source across .NET versions. Include usings and project context hints so feedback matches your hosting model.

Try AI code review on your C#

Start free in the browser, then connect GitHub when the team wants reviews on every pull request.

How it works