Docs

Getting Started with RMCode

Install, configure, and get the most out of your AI code reviews.

Getting Started

  1. Install the GitHub App — Add RMCode to your GitHub organization or personal account
  2. Select repositories — Choose which repos get automatic reviews
  3. Open a pull request — RMCode reviews it automatically and posts inline comments with fix suggestions
  4. Apply fixes — Click "Apply suggestion" on any finding to fix with one click

Free accounts include 30 credits/month, enough for up to 30 Standard reviews. Need more? See plans.

CLI Reviews

Use rmcode for pre-flight reviews from your terminal. The CLI runs locally to collect the diff, file, or stdin content you request, then sends that review content to RMCode for analysis.

npm install -g @review-my-code/rmcode
rmcode login
rmcode --staged
rmcode src/auth.ts
git diff main | rmcode --lang typescript
rmcode --json --fail-on-findings

Authentication

Authenticated CLI reviews use the X-API-Key header. Create a key from the API Keys page, then set RMC_API_KEY in your shell.

Credits

CLI and GitHub App reviews draw from the PR author's RMCode account credits. Installing the app grants repo permission only; unregistered PR authors are skipped instead of spending someone else's credits.

Durable processing

Authenticated CLI reviews are queued durably and the CLI polls until results are ready. Keep the command running until results are printed.

GitHub App setup failures

The GitHub App does not fall back to reviewing repository contents on RMCode servers. If the workflow file cannot be created or dispatched, the PR check fails with setup guidance and no review is produced until the workflow handoff works.

API Keys

API keys are for authenticated CLI and programmatic review requests. They let scripts, CI jobs, or local terminal sessions use your RMCode account without a browser session. Keep them secret: the full key is shown only once when created.

Where to create one

Open Dashboard -> API Keys, create a key, copy the one-time secret, and store it in your shell or CI secret manager.

How authentication works

Send the key in the X-API-Key header. Do not use Authorization: Bearer for CLI review calls.

Required scope

POST /api/reviews/cli requires the write scope. A read-only key is useful for future read APIs but cannot run reviews.

Credits

Authenticated CLI reviews consume the monthly credits owned by the API key's RMCode account. Anonymous LLM reviews are disabled by default.

Use with the CLI

# Install the CLI
npm install -g @review-my-code/rmcode

# Create or copy a key from Dashboard -> API Keys
rmcode login

# Store it for future shell sessions
export RMC_API_KEY=rmc_...

# Review common inputs
rmcode
rmcode --staged
rmcode src/auth.ts
git diff main | rmcode --lang typescript

# Machine-readable output for automation
rmcode --json --fail-on-findings

Use with the HTTP API

curl -X POST "https://review-my-code.com/api/reviews/cli" \
  -H "X-API-Key: rmc_..." \
  -H "Content-Type: application/json" \
  -d '{
    "type": "snippet",
    "language": "typescript",
    "value": "function add(a: number, b: number) { return a + b; }"
  }'

A valid key with no remaining credits returns 429 Insufficient credits. An invalid or revoked key returns an authentication error. If a key is exposed, revoke it from the API Keys page and create a replacement.

How It Works

1

Code Analysis

AI examines your pull request changes, understanding context and patterns across multiple files.

2

Issue Detection

Identifies bugs, security vulnerabilities, performance issues, and code quality problems.

3

Actionable Feedback

Posts inline comments with explanations, severity tags, and one-click fix suggestions.

GitHub App & Permissions

When you install the RMCode GitHub App, GitHub asks you to approve a set of permissions. Here's exactly what we request and why.

Permissions requested

Contents — Read & Write

To add or update the lightweight workflow file in your repository. Review context is produced by that workflow when RMCode dispatches it.

Pull requests — Read & Write

To read PR diffs and post review comments with inline findings and fix suggestions.

Actions — Read & Write

To trigger the context extraction workflow on your GitHub Actions runner.

Metadata — Read

Required by GitHub for all App installations. Allows reading basic repo metadata (name, language, default branch).

What happens during installation

1

Workflow file added

RMCode commits a small workflow file (.github/workflows/rmcode-review.yml) to each selected repository's default branch. This file defines the context extraction job that runs on your GitHub Actions runner.

2

Context extraction runs on your runner

When a PR is opened, the workflow checks out the repository in GitHub Actions, extracts the PR diff, file tree and symbol metadata, and relevant snippets, then sends that review context to RMCode for LLM analysis.

3

Reviews posted as the app

Findings appear as PR review comments from rmcode-ai[bot]. Your team can reply, dismiss, or apply suggested fixes directly.

About the workflow file

The workflow is workflow_dispatch only — it never runs on its own. RMCode triggers it via the GitHub API when a PR needs review. If RMCode cannot create or dispatch this workflow, the PR check fails with setup guidance instead of running a degraded backend-only review. If you uninstall the app, the file stays but becomes inert (nothing triggers it). You can safely delete it after uninstalling.

Configuration

Customize RMCode per repository by adding .rmcode.yaml to your repository root.

.rmcode.yaml
# Custom rules for the reviewer to enforce
rules:
  - "All database queries must use parameterized statements"
  - "React components must have PropTypes or TypeScript interfaces"

# Patterns to ignore
ignore:
  - "TODO comments without deadlines"
  - "Console.log statements in test files"

# Path filtering
paths:
  exclude:
    - "*.generated.ts"
    - "vendor/"
    - "docs/"

# Review depth
review:
  default_tier: standard
  overrides:
    - tier: pro
      branches:
        target: ["main", "release/**"]
      paths:
        include: ["backend/**", "payments/**"]
    - tier: standard
      branches:
        source: ["docs/**"]
      paths:
        include: ["docs/**"]

# Trigger conditions
triggers:
  branches:
    target: ["main", "develop"]
    exclude: ["release/*"]
  labels:
    skip: ["no-review", "wip"]
  authors:
    exclude: ["dependabot[bot]", "renovate[bot]"]
  skip_draft: true
  skip_bots: true
  max_files: 200

Config Reference

rules

Custom rules the reviewer enforces in addition to built-in checks. Use natural language — the AI understands intent.

ignore

Patterns to suppress. The reviewer will not flag issues matching these descriptions.

paths.exclude

Glob patterns for files to skip during review. Useful for generated code, vendored dependencies, or docs.

review.default_tier

Repository default review tier. This overrides your website default, but is still clamped to the tiers your plan allows.

review.overrides

Ordered branch/path rules for choosing a review tier. Supports branches.target, branches.source, paths.include, and paths.exclude glob patterns.

triggers

Control when reviews run. Default: every PR is reviewed. Use triggers to opt out by branch, label, author, draft status, bot author, or file count.

Review Results

Each finding is categorized by severity and includes an explanation, file location, and suggested fix.

BUG

Logic errors, null derefs, race conditions, off-by-one, broken error handling

SECURITY

SQL injection, auth bypass, data exposure, SSRF, path traversal

PERF

Inefficient algorithms, N+1 queries, memory leaks, unnecessary allocations

STYLE

Code quality and patterns — only flagged when it could lead to bugs

Review Tiers

Standard reviews are available from the start. Advanced tiers deliver more thorough reviews with greater accuracy when a PR or repository needs deeper analysis.

Precedence is: plan entitlement ceiling, then matched .rmcode.yaml override, then website default, then plan default. If a config asks for a tier above your plan, RMCode clamps to the highest allowed tier and reports that in review metadata. GitHub App reviews can also use branch/path overrides from .rmcode.yaml; CLI reviews use your website default or plan default.

review:
  default_tier: standard
  overrides:
    - tier: pro
      branches:
        target: ["main"]
      paths:
        include: ["payments/**", "auth/**"]
    - tier: standard
      branches:
        source: ["docs/**"]
      paths:
        include: ["docs/**"]

Free

30 credits included

Scores above most tools on the leaderboard. 1 credit per Standard review. Hard cap.

Pro

200 credits included

Runs multiple scout passes with a precision filter. 5 credits per Pro review. Optional capped extra credits.

Max

600 credits included

Our most thorough review pipeline. 20 credits per Max review, with optional capped extra credits.

Enterprise

600+ credits per seat

Team management, SSO/SAML, dedicated support, flexible capacity, and Max-quality reviews.

See plans for full comparison.

FAQ

Is my code private and secure?

Yes. For GitHub App reviews, repository checkout and context extraction run in GitHub Actions. RMCode receives the PR diff, file tree and symbol metadata, and relevant snippets needed for analysis. For CLI reviews, rmcode sends the requested local diff, file, or stdin content to RMCode for analysis.

What languages are supported?

55+ languages including JavaScript, TypeScript, Python, Java, Go, Rust, C/C++, Ruby, PHP, Swift, Kotlin, and more. Also SystemVerilog, Verilog, VHDL, and Chisel.

How long does a review take?

Most reviews complete in 1-3 minutes. Large PRs (500+ lines) may take up to 5 minutes.

Can I review private repositories?

Yes. The GitHub App works with both public and private repos. The repo is checked out in GitHub Actions, and only the extracted review context needed for analysis is sent to RMCode.

How do credits work?

Each review costs credits based on quality. Standard reviews cost 1 credit, Pro reviews cost 5 credits, and Max reviews cost 20 credits. Credits belong to the RMCode account that requested the review. For GitHub App PRs, that means the linked PR author; unregistered authors are skipped.

Can I cancel anytime?

Yes. Cancel from the billing page. Your plan stays active until the end of the current billing period.

How does it integrate with my workflow?

Install the GitHub App — it adds a small GitHub Actions workflow file to your repo and reviews PRs for authors who have connected RMCode accounts. RMCode creates the workflow for you; GitHub Actions must be enabled. See the Permissions section for details on what the app does during installation.

What does the GitHub App commit to my repo?

A single file: .github/workflows/rmcode-review.yml. It's a workflow_dispatch job that extracts context on your runner when a PR needs review. It never runs on its own. If you uninstall the app, you can safely delete this file.

Need help?

Can't find what you're looking for?

support@review-my-code.com