Code Review
Adversarial Multi-Agent Audit — Security Exploits & Structural Failures
⚔️ Hostile Review
Autonomous adversarial code validation. 108 hostile agents independently analyze your code from different attack surfaces and surface failures that solo AI review misses. Submit a GitHub PR, upload code, or connect via MCP — get severity-ranked findings in under 60 seconds.
Welcome to the most advanced code scanner on the planet.
How It Works
1
Pick Modes
→
2
Select Agents
→
3
Submit PR
→
4
Agents Review
→
5
Get Findings
Two Review Modes
🛡 Security Review
28 adversarial agents with red-team mentality. Every line of code is a potential attack surface.
- Injection attacks, auth bypasses, SSRF, XSS, CSRF
- Secrets in code, weak crypto, session flaws
- API security, container misconfig, supply chain
- Attack chain analysis and threat modeling
💡 Structural Weaknesses
28 agents that expose architecture flaws, missing coverage, and code rot.
- Architecture, design patterns, refactoring
- Performance, concurrency, database optimization
- Testing strategy, error handling, resilience
- CI/CD, observability, production readiness
🎯 Scan Presets
Don't want to pick agents manually? Choose a preset:
- Demo (6) — free preview, one agent per category
- Core Only (8) — essential reviewers, fast and cheap
- Quick Scan (26) — core + recommended specialists
- Deep Scan (68) — thorough multi-angle analysis
- Full Assault (108) — every agent, maximum coverage
- Custom — hand-pick individual agents
💰 Pricing
Five quality tiers — you choose per agent. Our backend orchestrator assigns the optimal model to each agent based on scan context. Higher tiers unlock more compute and deeper analysis.
Models: Multiple frontier LLMs selected per tier for optimal performance
- Diamond — $0.0140/1K tokens — Maximum depth, highest accuracy
- Platinum — $0.0100/1K tokens — Comprehensive coverage, strong attack surface detection
- Gold — $0.0070/1K tokens — Best value, production-grade
- Silver — $0.0006/1K tokens — Fast, lightweight analysis
- HR Sharona — $0.00035/1K tokens — Critical Issues Focus
- HR Roasty — $0.0002/1K tokens — Local AI, budget-friendly
Each agent can run at any tier. Cost estimate shown live before you scan. Learn more
🔒 Privacy
- GitHub tokens are sent securely and never stored
- Code is processed in memory and discarded after review
- Only findings and metadata are saved
- Private repo support via fine-grained personal access tokens
🚀 What You Get
- Severity-ranked findings: critical, high, medium, low, info
- File and line references for every finding
- Suggested fixes with code snippets
- Consensus verdict: approve, comment, or request changes
- Deduplicated results via consensus engine
1. Choose Review Mode
◄ Click here to start
▼
✓
🛡 Security Review
Find vulnerabilities, exploits, and risks before attackers do. Red-team adversarial analysis —
injection attacks, auth bypasses, crypto weaknesses, and every OWASP top 10 category.
4 core agents (2 default) • 24 optional specialists
✓
💡 Structural Weaknesses
Expose architecture failures, code rot, missing coverage, and operational risk.
Agents probe structural integrity — not suggestions, findings.
4 core agents (2 default) • 24 optional specialists
SPECIALTY CATEGORIES
✓
🎨 Design
Layout, color, navigation & accessibility.
4 agents
✓
⚡ Performance
Render speed, bundle size, caching & queries.
4 agents
✓
🔗 API Design
REST conventions, schemas, rate limits & docs.
4 agents
✓
🔬 Testing
Coverage, fixtures, edge cases & regressions.
4 agents
✓
🌐 i18n
Localization, Unicode, timezones & locale patterns.
4 agents
✓
🧠 Data & ML
Pipelines, models, bias & reproducibility.
4 agents
✓
📱 Mobile
Battery, offline, permissions & deep links.
4 agents
✓
☁ Cloud & Cost
Cost, scaling, serverless & IaC.
4 agents
✓
⚡ Real-time
WebSockets, streaming, queues & sync.
4 agents
✓
⚖ Compliance
GDPR, HIPAA, PCI-DSS & licensing.
4 agents
✓
🖌 Frontend
SSR, state management, render & storage.
4 agents
✓
🤖 AI & Systemic Risk
AI provenance, LLM injection, denial-of-wallet & tenant isolation.
8 agents
PRESETS
2. Select Agents
Core agents are available when a mode is active. Add specialists for deeper analysis.
🛡 Security Agents
▶
CORE
SPECIALISTS
💡 Improvement Agents
▶
CORE
SPECIALISTS
🎨 Design Agents
▶
⚡ Performance Agents
▶
🔗 API Design Agents
▶
🔬 Testing Agents
▶
🌐 i18n / Localization Agents
▶
🧠 Data & ML Agents
▶
📱 Mobile Agents
▶
☁ Cloud & Cost Agents
▶
⚡ Real-time & Events Agents
▶
⚖ Compliance Agents
▶
🖌 Frontend & State Agents
▶
🤖 AI & Systemic Risk Agents
▶
Agent Tiers:
Fine-tune individual agents above with the tier dropdown on each card.
Scan Profiles:
Free Demo Scan
You're using the free demo — 6 agents, up to 20 files, 2 MB max. No account required.
Create a free account to unlock all 108 agents, higher limits, and email reports.
3. Submit for Review — Please Note: We aim for perfection. For any issues or suggestions, please visit Discussions
Helps skip irrelevant findings
▼
Example:
facebook/react + 28000
Example:
apolloraines/SAIQL-Engine — scans up to 10,000 code files from the repo
Upload a .zip of your project — scans up to 10,000 code files (30MB max, no node_modules/vendor)
Required for private repositories. Your token is sent securely and never stored.
How to set up your token ▼
Setting up a Fine-Grained Token
- Go to GitHub → Settings → Personal Access Tokens → Fine-grained
- Click Generate new token
- Select "Only select repositories" and pick the repo you want reviewed
- Under Permissions, click "+ Add permissions" and check all boxes with Read-only access
- Click Generate token and paste it above
⚠ Important: You must check all permission boxes — Hostile Review needs read access to pull request diffs, file contents, and metadata.
Setting up a GitLab Project Access Token
- Open your project on GitLab, click Settings (left menu) → Access Tokens
- Click Add new token
- Enter a name (e.g. "Hostile Review")
- Set an expiration date (max 1 year)
- Select role: Reporter or higher
- Select scopes: api (full API access — needed to post review comments and set commit status)
- Click Create project access token and paste it above
⚠ The api scope is required so Hostile Review can read code, post review comments on MRs, and set commit status.
✓ Already connected via OAuth on the GitLab setup page? No token needed — public repos work without any token.
Cost
~$0.00
Agents
0 selected
Effective Tokens
—
Review
No mode selected
⚠ Full Assault — 100 agents take longer and cost more.
Repository Files
0 files
Fetching repository files...
Overview
What This Agent Looks For
Example Findings
🔌 Connect via MCP →
Run hostile reviews directly from Claude Code, Cursor, or any MCP-compatible AI assistant.