Features
Smart diff organization
Groups changes logically, putting related edits together instead of
alphabetical order.
Copy and move detection
Detects when code has been copied or moved and displays changes cleanly,
instead of full deletes and inserts.
Bug catcher
Checks for bugs and labels them by confidence level. Severe bugs require
immediate attention.
GitHub compatibility
Leave comments, approve PRs, request changes—all within Devin Review, synced
to GitHub.
Codebase-aware chat
Ask questions about the PR and get answers with relevant context from the
rest of the codebase.
Getting Started
- Devin webapp — Head to app.devin.ai/review to see your open PRs organized by category (assigned to you, authored by you, review requested). When Devin makes PRs, you’ll see an orange “Review” button in the chat.
- URL shortcut — For any GitHub PR link, replace
github.comwithdevinreview.comin the URL. For private PRs, sign in to Devin first or use the CLI. - CLI — Run
npx devin-review {pr-url}from within a local clone. See CLI below for details.
Auto-Review
Devin can automatically review PRs without you having to manually trigger it. Configure auto-review in Settings > Review, or from the settings icon on any PR review page.When Does Auto-Review Run?
Auto-review triggers when:- A PR is opened (non-draft)
- New commits are pushed to a PR
- A draft PR is marked as ready for review
- An enrolled user is added as a reviewer or assignee
Self-Enrollment (All Users)
Any user with a connected GitHub account can enroll themselves for auto-reviews—no admin permissions needed.- Go to Settings > Review
- Click “Add myself (@yourusername)” to enroll
Admin Configuration
Admins have additional options in Settings > Review:- Repositories — Add repositories to auto-review ALL PRs on that repo. Use the dropdown to search and select from connected repositories.
- Users — View and manage all enrolled users across the organization. Add any GitHub username to the auto-review list.
- Insert link in PR description — When enabled (default), Devin adds a link to the review in the PR description.
Enterprise accounts: Settings apply across all organizations in the
enterprise. Only users in the primary organization with enterprise admin
permissions can manage settings. Users in non-primary orgs can only
self-enroll.
Auto-review is not available for public repos that aren’t connected to your
organization.
Bug Catcher
The Bug Catcher automatically analyzes your PR for potential issues and displays findings in the Analysis sidebar. Findings are organized into two categories: Bugs and Flags.Bugs
Bugs are actionable errors that should be fixed in the code. These represent issues the Bug Catcher has high confidence are actual problems. Bugs are displayed with two severity levels:- Severe — High-confidence issues that require immediate attention
- Non-severe — Lower-confidence issues that should still be reviewed
Flags
Flags are informational findings that may or may not require action. They come in two classes:- Investigate — The Bug Catcher has identified something that warrants your attention. You should review the flagged code yourself and verify whether there is an actual bug or issue.
- Informational — The Bug Catcher has either concluded correctness or is explaining how something works. These help you understand the code changes without requiring action.
Resolving Findings
You can mark bugs and flags as resolved once you’ve addressed them or determined they don’t require action. Resolved items are dimmed in the sidebar and sorted to the bottom of each section.CLI
The Devin Review CLI lets you run code reviews directly from your terminal. This is especially useful for private repositories or when you want a streamlined local workflow.Installation & Usage
Run the CLI from within a local clone of the repository, no authentication required:- Git-based diff extraction — The CLI uses your local git access to fetch the PR branch and compute the diff. This means you need read access to the repository on your machine.
- Diff sent to Devin servers — The computed diff and file contents are sent to Devin’s servers for analysis.
Privacy & Access Control
The CLI uses a localhost server to authenticate your review session:- Local-only access by default — When you run
devin-review, it starts a localhost server on your machine that serves a secure token. Only processes on your local machine can access this token, meaning only you can view the review page while logged out. - Transfer to your Devin account — If you log in to a Devin account that has access to the GitHub organization, the review session is transferred to your account. This lets you access the review from other devices and share it with teammates.
devin-review can execute commands locally on your machine to gather additional context for finding bugs. This enables deeper analysis than diff-only review.
The Bug Catcher can execute a limited set of read-only operations:
- File reading — Read file contents within the repository
- Search — Grep for patterns and glob for file names
- Bash commands — Only read-only commands like
ls,cat,pwd,file,head,tail,wc,find,tree,stat, anddu
AGENTS.md / Instruction Files
Devin Review respects instruction files in your repository. If any of these files exist, they’ll be used as context when analyzing your PR:AGENTS.mdCLAUDE.mdCONTRIBUTING.md.cursorrules.windsurfrules.cursor/rules*.rules*.mdc