The blind spot
Every review signal you have stops at the source code
AI tripled your PR volume, but review capacity did not move. The signals you approve on cannot see below the code line.
What review sees
✓Diff looks clean
✓CI is green
✓AI bot says LGTM
✓Status code correct
static review stops here
What actually happens at runtime
UPDATE product_stock SET qty = -210invalid write
POST /product-service/sync { qty: -210 }payload leak
INSERT stock_history (audit trail for bad data)hidden write
location-service → 404 cascade on delete pathsilent failure
3× retry storm behind a fallbackretry noise
N+1 query introduced on the happy pathperf drift
None of this appears in a diff. All of it appears in a trace.
How it works
One PR. Two executions. One behavioral diff.
01
Baseline main
Capture full runtime traces on the target branch
02
Run the PR
Same scenarios, same input, on the PR branch
03
Diff behavior
Compare execution trees, writes, payloads
04
Verdict + proof
Safe to merge or fix first, with evidence attached
same request · same input · PR #1530: stock validation fix
main
POST /api/stock/update200 OK
└StockController.updateStock()
└StockService.updateProductQuantityInStock()
└StockRepository.saveAll()
└INSERT stock_historySQL
└UPDATE product_stock SET qty = -210SQL
└POST /product-service/sync { qty: -210 }REST
FIRST
DIVERGENCE
DIVERGENCE
pr-branch
POST /api/stock/update400 Bad Request
└StockController.updateStock()
└StockService.updateProductQuantityInStock()
└throws ValidationExceptionguard
└no writes executed
└no downstream calls
✓ 2 invalid writes removed✓ downstream leak sealed✓ guard moved to service layer= valid path unchanged
No fabricated confidence
Every claim is graded by how strongly it's proven
AI review prose sounds equally confident about everything. Here, runtime proof and code-level inference are never mixed. "We couldn't verify this" is a valid answer.
runtime proofstatic inference
TRACE_VERIFIED
Before/after traces compared for method-level runtime proof
REPLAY_CONFIRMED
Deterministic replay confirmed stability or intended change
HTTP_VERIFIED
Live request observed, trace depth incomplete
CODE_VERIFIED
Code inspection only; never presented as runtime proof
BLOCKED
Could not verify; the gap is reported, not papered over
A different layer
Diff bots read the patch. This runs it.
Diff-review botreads code
public void updateStock(StockRequest req) {
- repository.saveAll(req.getItems());
+ validator.check(req);
+ repository.saveAll(req.getItems());
}
🤖Nice defensive check. LGTM 👍
VS
BitDive Runtime PR Reviewruns code
✕UPDATE product_stock qty = -210removed
✕POST /product-service/syncno longer called
+ValidationException at service layernew guard
=valid stock adjustmentunchanged
✓ SAFE TO MERGE · trace-verified
Validated on real codebases, audited by an independent critic stage
0
trace-verified findings
0
pull requests reviewed
0%
independent-critic agreement
0
real-world codebases
Your next PR might have a hidden data leak
You won't see it in the diff. You won't catch it in tests. BitDive will show you before it reaches production.
AI-generated code you can't fully trustMicroservices with deep side effectsPRs where one wrong write corrupts data