Know If Your PR Will Be Rejected - Before You Push
Every team has the same problem. PRs go up, reviewers leave 12 comments, half of them are things the author already knew but forgot. The PR goes back, gets reworked, re-reviewed, and everyone loses a day.
IRA is your first reviewer before humans get involved. It reviews the full PR diff, gives you a risk score, and shows every issue inline in your editor before you push.
For individual devs: fewer rejections, faster approvals. For tech leads: fewer review rounds, less time spent on obvious catches.
IRA: Found 3 issues (Risk: MEDIUM - 47/100)
src/routes/todos.ts
[BLOCKER] SQL injection risk - user input passed directly to query
[MAJOR] Missing database index on frequently queried column
src/middleware/auth.ts
[CRITICAL] JWT secret hardcoded - move to environment variable
JIRA AC Validation (PROJ-1234):
AC 1: User can create a todo item COVERED
AC 2: Input is validated before save NOT COVERED
AC 3: Error returns 422 with details COVERED
The Feature No Other Extension Has: JIRA Ticket vs PR Validation
Your reviewer opens the PR and asks: "Does this actually cover AC #3?"
IRA answers that before they have to ask. It pulls the JIRA ticket from your branch name, reads the acceptance criteria, diffs them against your code changes, and tells you exactly which ACs are covered and which are not.
No other VS Code extension, no CI bot, and no AI tool does this. This alone saves entire review rounds.
What IRA Does
- Catches bugs that linters miss - security issues, logic gaps, and edge cases across your entire PR diff
- Enforces your team's rules - commit a
.ira-rules.json and IRA checks every PR against your standards automatically
- Validates your code against the JIRA ticket - automatically checks whether your changes satisfy the acceptance criteria, or suggests ACs when none exist
- Scores the risk (0-100) so you know if your PR is safe to submit or needs more work
- Shows issues inline in your editor - squiggly lines, CodeLens, and sidebar panel, exactly like TypeScript errors
- Generates PR descriptions from your diff and JIRA context so your PRs stop showing up with one-line descriptions
All of this runs locally. Your code never leaves your machine.
What Changes When You Use IRA
Before IRA:
- Push PR, wait 2 days for review
- Get 12 comments, half of them are things you already knew but forgot
- Reviewer asks "does this match the AC?" and you scramble to re-read the ticket
- Rework, re-push, wait again
- Repeat until everyone is annoyed
After IRA:
- Run
IRA: Review Current PR before pushing
- Fix the 3 issues IRA found in 10 minutes
- PR description is already written, JIRA ACs are validated
- Reviewer sees a clean PR, leaves one minor comment, approves
- You look like you have your act together
The difference is not the tool. The difference is that your reviewer sees a PR that has already been reviewed.
"I Already Have GitHub Copilot. Why Do I Need This?"
Copilot helps you write code. IRA tells you if that code will survive review.
|
Copilot |
IRA |
| Job |
Write code faster |
Review code before humans do |
| When |
While you type |
After you finish, before you push |
| Scope |
Current line/function |
Entire PR diff across all files |
| JIRA awareness |
None |
Validates code against acceptance criteria |
| Risk scoring |
None |
0-100 risk score with breakdown |
| SonarQube |
None |
Enriches reviews with static analysis data |
| Output |
Code suggestions |
Inline diagnostics, CodeLens, risk badge |
They are complementary. Use Copilot to write. Use IRA to review. IRA uses your existing Copilot subscription as its default AI backend, so there is nothing extra to configure. You can also use AMP CLI as the AI backend by changing the ira.aiProvider setting to amp.
Quick Start (under 2 minutes)
- Install IRA from the VS Code Marketplace
- Open a project with a GitHub or Bitbucket remote
Cmd+Shift+P → IRA: Quick Start (auto-detects your SCM, walks you through token setup, optional JIRA — all in one flow)- Done. Run
IRA: Review Current PR to start reviewing.
If you skip step 3 and run IRA: Review Current PR directly, IRA will offer to set itself up if it detects no credentials. Either path lands you in the same place.
Already on GitHub Copilot? Quick Start finishes in seconds — Copilot is the default AI backend, so no API key is needed. Have AMP CLI installed? Set ira.aiProvider to amp to use your AMP session instead.
Bitbucket Server or Data Center? Quick Start auto-detects the base URL from your git remote, prompts for an HTTP Access Token (not a password — important for Server users), and saves both. No Settings JSON to edit.
JIRA? Optional. Quick Start asks once and pre-fills a sensible URL when it can derive one from your Bitbucket setup.
SonarQube? Optional. Set the URL in Settings, and IRA prompts for the token on first use. Stored securely in the OS keychain, never in plaintext.
Custom Review Rules
Your team has standards that no linter enforces. "Always use parameterized queries." "Never log PII." "API routes must validate request bodies." These rules exist in a wiki somewhere, and every reviewer checks for them manually.
Put them in .ira-rules.json at your repo root. IRA enforces them on every review.
{
"rules": [
{
"message": "Use parameterized queries for all SQL operations",
"bad": "db.query(`SELECT * FROM users WHERE id = ${userId}`)",
"good": "db.query('SELECT * FROM users WHERE id = $1', [userId])",
"severity": "CRITICAL",
"paths": ["src/db/**", "src/api/**"]
},
{
"message": "Never use console.log in production code",
"severity": "MINOR"
}
]
}
Run IRA: Init Rules File from the command palette to scaffold one. IRA ships a JSON Schema, so you get autocomplete and validation as you edit. Rules are scoped by paths (optional) and enforced in every review surface with no license gating.
Sensitive Areas
Mark critical parts of your codebase so IRA reviews them with extra scrutiny:
{
"rules": [],
"sensitiveAreas": [
"src/services/payment/**",
"**/auth/**"
]
}
When a reviewed file matches a sensitive path, the AI applies deeper analysis and the risk score is amplified. Issues in sensitive code weigh heavier because the blast radius is bigger. A 🔒 badge shows in the output so reviewers know which files need extra attention.
Where IRA Pays for Itself
Friday PR, Monday surprise. You push before the weekend. Monday morning there are 14 comments. IRA catches 11 of those before you push. The other 3 are style opinions. You cannot automate taste, but you can automate catching a missing null check.
The PR that broke production. A SQL query was vulnerable, and the review missed it. IRA flags injection risks, hardcoded secrets, missing input validation, and auth bypasses. It catches what the review checklist was supposed to catch.
3 rounds of review per PR. Junior devs submit PRs that bounce back repeatedly. Give them IRA. The obvious issues get caught before they reach your desk.
Security
| Secret |
Storage |
| GitHub / GHE token |
VS Code OAuth, stored in OS keychain (same as Copilot) |
| Bitbucket token |
Prompted once via masked input, stored in OS keychain |
| SonarQube token |
OS keychain via SecretStorage |
| JIRA token |
OS keychain via SecretStorage |
| AI API key |
OS keychain via SecretStorage |
No tokens in plaintext settings.json. GitHub tokens auto-refresh and IRA invalidates stale sessions automatically. IRA: Sign Out wipes all secrets from the keychain in one command. No cloud service, no telemetry, no token forwarding. Everything runs locally.
Commands
All commands are available via Cmd+Shift+P (or Ctrl+Shift+P on Windows/Linux).
| Command |
What it does |
IRA: Quick Start |
One-command guided setup — auto-detects SCM from git remote, prompts for tokens with the right copy for Bitbucket Server/Cloud/GitHub, optionally configures JIRA |
IRA: Review Current PR |
Review all changed files in a pull request, or review local changes without a PR |
IRA: Generate PR Description |
Generate a PR description from the diff and JIRA context |
IRA: Generate Tests |
Generate test cases from JIRA acceptance criteria |
IRA: Init Rules File |
Scaffold a .ira-rules.json in the workspace root |
IRA: Sign In (GitHub / Bitbucket) |
Authenticate with your SCM provider |
IRA: Sign Out |
Clear all stored credentials from the OS keychain |
IRA: Configure |
Open IRA settings |
Under the Hood
- AI Providers: GitHub Copilot (default, zero config), AMP CLI, GitHub Copilot CLI (also for headless / CI workflows via the npm package), OpenAI, Azure OpenAI, Anthropic, Ollama (fully local)
- SCM Providers: GitHub, GitHub Enterprise, Bitbucket Cloud, Bitbucket Server/Data Center
- JIRA: Cloud (Atlassian-hosted) and Server/Data Center (self-hosted) with auto-detection
- Integrations: SonarQube (static analysis enrichment), JIRA (acceptance criteria validation), Slack and Teams (review notifications)
Links
- npm package (CLI + CI integration)
- GitHub (docs, setup guides, CI examples)
- Support: patilmayur5572@gmail.com
