Language focus

AI code review for Go

Go keeps the language small; production risk piles up in concurrency, context deadlines, error wrapping, and HTTP middleware chains. CodeCritic reviews your diff for goroutine safety, observability, and API contracts - not for arguing about tab width.

net/http & gRPCcontext.ContextModulesPaste or PRFree tier
GitHub code review

Online paste review · All languages

Review focus

Go issues that survive `go test`

Tests green while leaks and race windows remain is common in Go services. We emphasize ownership, cancellation, and error semantics on changed lines.

  • Goroutine leaks: blocking sends on unbuffered channels, forgotten `Close()`, workers that ignore `ctx.Done()`.
  • Context misuse: values stored in context that should be parameters, and deadlines not passed to downstream RPCs.
  • Error handling: `%w` chains dropped, sentinel comparisons against wrapped errors, and logs without actionable fields.
  • HTTP/gRPC: middleware order, trusting `X-Forwarded-*` without validation, body size limits, and graceful shutdown gaps.
  • Shared structs mutated across goroutines without mutexes or clear single-owner discipline.
  • Interface pollution: huge interfaces implemented by accident, and concrete types returned where mocks are required.

Profiling and bench comparisons stay in your performance workflow - automated review targets correctness and operability first.

Stacks

Common Go codebases we see

Microservices

Retries without backoff jitter, idempotency keys missing on consumers, and protobuf fields reused against compatibility rules.

CLIs & workers

Signal handling, `flag` parsing edge cases, and jobs that exit 0 on partial failure.

Kubernetes operators

Reconcile loops that fight the API server, missing leader election, and informer resync storms after error spam.

Workflow

Ship safer Go changes

Paste a package fragment or run on the PR that touches your RPC layer - same engine as other languages.
  1. 1

    Submit package context

    Include the changed functions plus types they use. For HTTP handlers, add the router registration if middleware order matters.

  2. 2

    Read concurrency findings first

    Goroutine and context issues are prioritized because they are expensive to debug in production.

  3. 3

    Align with `go test` and race detector

    Run `-race` on packages you changed when findings mention shared state - AI does not replace the race detector.

  4. 4

    Enable GitHub reviews

    Hook PRs so every change to auth, billing, or cluster controllers gets the same pass before merge.

Practice

Go reviews that match how you operate

Small interfaces and explicit error returns help the model reason - giant `interface{}` tunnels do not.

When renaming errors, show call sites in the review payload if they live in another file.

Document why a goroutine is fire-and-forget; otherwise reviewers assume it must respect cancellation.

GitHub Action and webhooks use the same analysis core as paste reviews - no second quality bar to maintain.

Teams on regulated infra should read data-handling docs before connecting private module proxies.

Pair with staticcheck and govet in CI; CodeCritic complements, not replaces, them.

Details: Integrations, Limitations, Pricing.

Go merge checklist

  • Context: Every outbound call in the diff inherits deadline/cancel from the incoming request or job.
  • Errors: Wrap with `%w` when callers need `errors.Is`; log with structured fields, not concatenated strings only.
  • API contracts: Exported symbols and JSON tags reviewed for backward compatibility when modules are public.
  • Shutdown: New background work registers with the process shutdown hook your service already uses.

FAQ

Go code review FAQ

It reviews the source you provide. Use GitHub reviews to include the module context importers rely on, or paste full files from the package you changed.

Review your Go diff

Paste a handler or connect GitHub - free tier first, team billing when you standardize.

How it works