Static analysis can't read your code. Macroscope can.

You're searching for a better linter. What you actually need is custom AI code review — AI agents that read your codebase, understand context, and enforce your rules in plain English.

GitHubGet started free

$100 in free usage and 1,000 free agent credits every month.

api/handlers/users.ts
async function getUser(req: Request) {
const filter = formatFilter(req.query.name)
return db.query(`SELECT * WHERE name = ${filter}`)
}

// ESLint: ✅ No issues found
// Regex linter: ✅ Passes all rules
macroscope[bot]Bug
SQL injection vulnerability. req.query.name flows through formatFilter() (which does not sanitize) into an unparameterized SQL query. Use parameterized queries instead of string interpolation.

Why your linter is failing you

Static analysis tools were built for a different era. Here's what's broken.

False positives drown out real bugs

Industry-standard static analysis tools have 80%+ false positive rates. Your team ignores most alerts — and the real ones slip through.

Custom rules require writing complex YAML or DSL

Writing a custom Semgrep or SonarQube rule takes days. Learning the DSL is a project in itself. Most teams never bother.

Per-seat pricing makes it expensive to scale

Every new developer is another license fee, whether they trigger one review or a thousand. Costs grow faster than your team.

Scans run nightly — bugs ship to prod first

Scheduled scans find issues after code is already merged. By the time the alert fires, the bug is in production.

Fully Customizable

Macroscope is custom AI code review — not a one-size-fits-all linter. Every dial is yours: rules, scope, model, severity, integrations. All versioned with your code.

Rules in plain English

A .macroscope/check-run-agents/name.md file IS the rule. Write what to check in natural language — no DSL, no YAML, no AST patterns. The agent reads it and enforces it.

Scope precisely

Limit each check to specific paths, file globs, or languages with include/exclude patterns. Run in full_diff mode for whole-PR context, or code_object mode for parallel per-function analysis.

Choose your model

Each agent specifies which LLM to use — Claude Opus for security audits, Sonnet for lightweight checks, GPT-5 variants for specific tasks. Tune reasoning depth and effort level per agent.

Block or advise

Set conclusion to failure to block merging when the agent finds issues, or leave it as neutral for advisory-only feedback. You control severity per check.

Full codebase access

Agents read the full repo — not just the diff. They can grep, navigate references, run git log and blame, read config files. They understand context like a human reviewer.

Connected integrations

Agents pull context from your team's tools — Sentry for errors, Linear for tickets, BigQuery for data, LaunchDarkly for flags, Slack for notifications. Connect any MCP server.

Proof, not promises

98%

Precision in our published benchmark — highest of any AI code review tool. Highest bug-detection rate across 8 languages.

Read the benchmark results
Customer logoCustomer logoCustomer logoCustomer logoCustomer logoCustomer logo

See it in action

Define a rule in markdown. See the result on your next PR.

security-review.md
---
title: Security Review
model: claude-opus-4-6
tools:
  - browse_code
  - git_tools
conclusion: failure
---

Review for security vulnerabilities:
- SQL injection, XSS, CSRF
- Hardcoded secrets or credentials
- Insecure authentication patterns

Check imports and data flow across
files, not just the changed lines.

Security Review

Check failed — blocks merge

Catches a SQL injection that ESLint would miss — the vulnerability spans two files with user input flowing through a helper function into an unparameterized query.

SQL injection: user input from req.query flows through formatFilter() into raw SQL in db.query()

Missing CSRF token validation on POST /api/transfer

No hardcoded secrets detected

Legacy tools vs. Macroscope

Macroscope is not a static analysis tool. It's a different category — here's the difference.

Legacy static analysisMacroscope (custom AI code review)
Regex / AST pattern matchingCodebase-aware AI agents
Custom rules = YAML or DSLCustom rules = plain English markdown
Applies to entire codebase uniformlyScope to specific paths, globs, or languages per rule
One model, no tuningChoose model + reasoning depth + effort per check
Pass / fail onlyBlock merge or advise — per check
Scheduled scans (nightly / CI)Runs on every PR open + push
80%+ false positive rate (industry)98% precision (published benchmark)
Misses semantic bugsBuilt to catch semantic bugs
Per-seat licensingUsage-based, no seat fees
Configuration = engineer-weekConfiguration = markdown file, versioned with code

Languages supported

Deep AST-level analysis with full reference graphs across your entire codebase.

Python
TypeScript
JavaScript
Kotlin
Java
Rust
Swift
Go

Frequently Asked Questions

No. Macroscope is custom AI code review — a different category entirely. Static analyzers match patterns against your code using regex, AST rules, or DSL. Macroscope is an AI agent that reads your codebase and applies your team's rules, written in plain English. The difference matters: static analysis finds syntax patterns, Macroscope finds semantic bugs.

No — Macroscope is a different category. It's custom AI code review, not a static analyzer. Static analyzers match patterns against your code with regex, AST, or DSL rules. Macroscope is an AI agent that reads your codebase and applies your team's rules — written in plain English in a markdown file.

Most teams running SAST or dependency-scanning tools keep them alongside Macroscope. Macroscope replaces the code review side of the stack, not SAST.

Yes. Macroscope catches security vulnerabilities including SQL injection, XSS, CSRF, hardcoded secrets, insecure authentication patterns, and more. Because it understands your codebase semantically rather than matching regex patterns, it catches vulnerabilities that static pattern matchers miss — like injection risks that span multiple files or auth bypasses hidden in complex control flow.

ESLint catches syntax patterns — formatting issues, unused variables, simple anti-patterns. Macroscope catches semantic bugs — null dereferences, race conditions, logic errors, breaking API changes, security vulnerabilities. They operate at different levels. ESLint tells you about a missing semicolon; Macroscope tells you about a null pointer that will crash in production. Most teams keep ESLint for formatting and use Macroscope for real bug detection.

Macroscope supports Python, TypeScript, JavaScript, Kotlin, Java, Rust, Swift, and Go with deep AST-level analysis. It builds full reference graphs for each language, tracking function calls, type references, and imports across your entire codebase.

A rule is a markdown file in .macroscope/check-run-agents/ in your repository. Frontmatter sets the dials — model, reasoning depth, effort level, include/exclude file globs, and whether failures block merging. The body is plain-English instructions describing what the agent should check for.

Each rule becomes an agentic check run on every PR. Agents can browse your full codebase, run git commands, read GitHub metadata, and pull context from connected integrations like Sentry, Linear, and BigQuery. Rules are versioned with your code — they go through PR review like any other change. See the full docs.

Macroscope has 98% precision per our published benchmark — the highest of any AI code reviewer. This is far below the industry-standard 80%+ false positive rate of regex-based static analysis tools. Macroscope achieves this by understanding what your code does semantically, not just pattern-matching against syntax. See our benchmark results.

$100 in free usage and 1,000 free agent credits every month. After that, pricing is usage-based with no per-seat fees. Code review is $0.05 per KB reviewed, and agent credits are $0.01 each.

Most teams pay less than they would with per-seat static analysis tools. You can set monthly budget limits and per-review caps to control costs.

About 60 seconds. Install the Macroscope GitHub App, and it starts reviewing your pull requests immediately. For custom rules, add a markdown file to your repo — no configuration files, no CI pipeline changes, no YAML to write. The agent picks up the rule on the next PR.

Simple, usage-based pricing

No per-seat fees. Pay for what you use. Most teams pay less than legacy static analysis tools.

$100

In free usage to get started. No credit card required.

1,000

Free agent credits every month for custom check run agents.

$0

Per-seat fees. Ever. Pricing scales with usage, not headcount.

60s

To set up. Install the GitHub App and start catching bugs immediately.

Go beyond static analysis

Replace linter noise with custom AI code review that actually reads your code. Get started in 60 seconds.

GitHubGet started free

$100 in free usage and 1,000 free agent credits every month. No seat fees.

Check Run AgentsAI Code ReviewBenchmark Results

Ready to Get Started?

Join teams building with Macroscope to catch more bugs and merge PRs faster than ever. Simple usage-based pricing. No seat fees, no surprises.

GitHubGet started free
Book a demo