What languages does it support?

Any language — the model is told which one you are reviewing so it applies the right idioms and pitfalls. The dropdown lists common languages plus Other for anything not listed.

Where does my API key go?

It stays in your browser tab and is sent directly to OpenAI or Anthropic with the request you trigger. It is never stored, logged, or routed through any Gera server, and refreshing the tab clears it.

Can it catch security vulnerabilities?

The Security focus targets injection, unsafe input handling, leaked secrets, and auth flaws. It is a useful second pass but not a substitute for dedicated SAST tooling or a human security review on critical code.

Should I trust every finding?

No. LLM reviews can produce false positives and miss real issues. Treat findings as a prioritised checklist to verify, not as ground truth, and confirm each before changing your code.

Who pays for the API calls?

You do, on your own provider account. Each review is one real API call billed at your usage rate, and larger snippets cost more tokens. The tool itself is free.

Code Reviewer (BYO Key)

A second pair of eyes catches what you stopped seeing hours ago. This tool gives any code snippet a structured review using your own OpenAI or Anthropic key — pick a language and a focus, and get findings ordered by severity with concrete fixes, all in your browser.

How it works

Choose a provider and model, paste your API key, drop in your code, select the language, and pick a review focus: everything, bugs, style, performance, or security. The tool builds a prompt that frames the model as a senior engineer in that language, tells it exactly what to look for, and asks for findings ordered most-serious-first — each with the relevant construct, why it matters, and a suggested fix. It sends one direct request to the provider and returns the review in Markdown.

For Anthropic, the request includes the official direct-browser-access header so it works straight from the page.

Choosing a focus

Bugs — logic errors, edge cases, incorrect behaviour.
Style — naming, structure, idiomatic patterns, maintainability.
Performance — complexity, redundant work, resource usage.
Security — injection, unsafe input, leaked secrets, auth flaws.
Everything — a balanced pass across all of the above.

Tips

Review focused snippets rather than whole files — tighter context yields sharper findings.
Run a Security pass on anything that touches user input, auth, or external data.
Always verify a finding before acting on it; AI reviews are a prioritised to-check list, not a verdict.