Language focus

AI code review for Java

Java codebases carry decades of JVM conventions: checked exceptions, synchronized blocks, Spring wiring, and JPA mappings that look correct until load hits. CodeCritic reviews your diff with emphasis on concurrency, resource lifecycle, and framework seams that static analysis treats as boilerplate.

Spring & JakartaJVM servicesAndroid-adjacentPaste or GitHub PRFree tier

Online paste review · All languages

Review focus

What we look for in Java changes

Green builds hide JVM-specific failure modes: thread-pool starvation, connection leaks, and transactional boundaries that commit partial work. The model is steered toward those paths, not import order.

  • Concurrency: shared mutable state without proper synchronization, `volatile` misuse, and executor shutdown that abandons in-flight tasks.
  • Resource lifecycle: streams, JDBC connections, and HTTP clients not closed in `try-with-resources`, especially across refactor extractions.
  • Spring/Jakarta: bean scope mistakes, `@Transactional` on private methods, circular dependencies, and security filters bypassed by alternate request mappings.
  • JPA/Hibernate: N+1 fetch patterns, lazy-loading outside sessions, optimistic lock retries without backoff, and native queries with string-built predicates.
  • Exception design: swallowed checked exceptions, overly broad catches, and error responses that leak stack traces to clients.
  • API contracts: `Optional` used as fields or parameters where null semantics matter, and serialization changes that break downstream consumers silently.

AI review does not replace JVM tuning, penetration testing, or SOX sign-off. Use it as a fast second pass; owners who know deployment topology still approve merge.

Stacks

Common Java codebases we see

Spring Boot services

Filter chain ordering, actuator exposure, property binding surprises, and scheduled jobs without distributed locks.

Data access layers

Batch insert sizing, migration scripts that lock tables, and repository methods that return detached entities with uninitialized collections.

Build & modules

Multi-module Gradle graphs where API modules leak implementation types across boundaries reviewers assumed were sealed.

Workflow

Run a Java review in minutes

Start in the browser to validate signal on a service class or repository, then wire GitHub when the team wants PR-level coverage.
  1. 1

    Paste or connect a repo

    Sign up, open a new review, and paste a controller, service, or mapper. For ongoing work, connect GitHub and target the PR that contains your JVM changes.

  2. 2

    Let detection set context

    CodeCritic picks up Spring annotations, Jakarta imports, and test framework cues so findings reference the stack you ship, not generic OOP advice.

  3. 3

    Triage by severity

    Issues arrive grouped with short explanations. Fix transactional and security items first, then decide which style suggestions deserve debate.

  4. 4

    Scale to PR comments

    When ready, enable GitHub integration so the same engine comments on pull requests your team already merges through.

How to use it

Java review without drowning in noise

Paste flows work best with a coherent unit: a service method plus the repository it calls, or a REST handler with its DTO validation - not orphaned interfaces stripped of wiring.

Checkstyle and SpotBugs should stay in CI. CodeCritic targets reasoning: "this `@Transactional` will not roll back on checked exceptions" beats "rename variable".

For large refactors, split behavior changes from mechanical moves. Mixed diffs confuse every reviewer, automated or human.

If you ship through GitHub, connect the repository once and run reviews on the PR diff so comments sit next to the lines reviewers already discuss.

Paid tiers add API and Action automation when you want the same checks on every push, not only when someone remembers to paste.

Pair automated output with integration tests: AI can miss deployment-specific classpath ordering that only your staging environment exercises.

Details: Integrations, Limitations, Pricing.

Code patterns

Java examples worth reviewing

Small slices from real PRs. Paste similar units in the browser or run on the GitHub diff that contains them.

Spring controller without validation

@PostMapping("/transfer")
public ResponseEntity<?> transfer(@RequestBody TransferRequest req) {
  service.transfer(req.getFrom(), req.getAmount());
  return ResponseEntity.ok().build();
}

Sample findings

Typical Java review output

Should fix

Missing bean validation on request body

TransferRequest fields are not validated. Negative amounts or null accounts can reach service layer.

Before

public ResponseEntity<?> transfer(@RequestBody TransferRequest req)

Suggested direction

public ResponseEntity<?> transfer(@Valid @RequestBody TransferRequest req)

Illustrative patterns from real review categories. Your output depends on diff size, language, and context.

Before you merge Java

  • Context size: Include enough surrounding code that bean wiring, transaction boundaries, and exception handlers are visible to the model.
  • Thread safety: Re-read every new shared field or cache for visibility and locking under your actual executor configuration.
  • External input: Trace untrusted data through validators, deserializers, and SQL builders - especially dynamic `ORDER BY` or column names.
  • Human owner: Assign a reviewer who can explain the service SLA and data retention rules the diff touches, not only syntax.

FAQ

Java code review FAQ

Yes. Include annotations and framework imports in the snippet so feedback stays anchored to beans, filters, and persistence mappings you actually use.

Try AI code review on your Java

Start free in the browser, then connect GitHub when the team wants reviews on every pull request.

How it works