I've been working on a code review app for GitHub called Crocodile for about a year. I used to work at Microsoft where we used a tool called CodeFlow for reviewing code and I missed it after I left. I know many other ex-Microsoft engineers feel the same. Here are some of the distinguishing features of Crocodile that are inspired by CodeFlow:
* Comments float above the code instead of being inline. Long discussions that are displayed inline make it really hard to review the code.
* Comment on any text selection in the file, even a single character.
* Comments don't get lost when code changes. I hate it when comments become "outdated" because I rebase or the line is edited.
I also implemented lots of features that I wish CodeFlow had which you can read more about on the blog. [1]
For those curious about the tech stack: it's mostly written in Go with Alpine.js, HTMX, and Tailwind CSS for the frontend. For storage I use PostgreSQL, S3 compatible object storage, and Redis for caching. I use Pulumi for infrastructure provisioning and Kubernetes deployments. Everything is hosted on DigitalOcean.
Feedback is welcome!
Best of luck!
For any PR that is nontrivial I will pull it locally so that I can more easily navigate to functions/data types that are used by or changed in the PR. It would be nice if the review ui provided a way to click through to the definition of a symbol that appears in the code. (I think gh does this when browsing code for some languages.)
A related helpful feature would be the ability to see “what calls this”. Currently I have to do this kind of review with ‘git grep’, after pulling locally.
I’d also love to be able to toggle into ‘git blame’ for a given bit of code, in order to better understand why the code is in its current state
The files you've chosen to use don't appear to show any difference between iteration 1 and 2, so one of your major features doesn't do anything. Is that a bug, or accidental? (I'm using Firefox 101 on MacOS 11.4).
My personal dumb suggestion: give a few demos, showing off the very worst points of code review hell, and how crocodile fixes each one. Make it a game. E.g.
"You're halfway through a large code review, and Sally has just added 2 new commits, ugh. Challenge: find the button to see the new additions, then decide if you want to include them in your current review, or review this iteration first and the new additions separately."
"Simon has just added a merge commit that fucks everything up, all the files look weird. Challenge: there's a way you can trivially see that the PR before this extra commit was looking great."
"You can spot a new method that was introduced, and you'd like to see the places where it's being called, but that's a lot of scrolling back and forth. Challenge: find how to show code hints on a selected piece of text"
> * Comment on any text selection in the file
> * Comments don't get lost when code changes
This addresses my main pet peeves with GitHub/Bitbucket reviews!
2 questions:
With regards to comments not getting lost, how well does this work across rebases and force pushes?
Are you considering supporting other products like Bitbucket and Gitlab?
Supporting other VCS providers, even non-Git ones, is on my list. The underlying data model is agnostic to GitHub so it's just a matter of having demand for it and doing the work!
One of my favorite features was a panel with every comment on the PR, sorted and organized by status. Because all files in the PR were preloaded clicking a comment instantly took you to the specific code and version. So good!
A couple improvements I made:
* You can see the whole discussion. The last time I used CodeFlow it only showed one line of the comment which often wasn't enough for me to remember what it was so in practice I always had to click on every single one to see the whole thing. Not a big deal with CodeFlow since it was so snappy as you mentioned.
* It shows a preview of the code that was commented on to provide context.
Thanks for taking a look! Great to see other CodeFlow fans out there.
I end up using open unresolved comments as the basis for changes requested now. It's hard to filter for those though.
1. More comment states. Comments start as "open". The workflow I had in mind was that once the author addresses it, they would mark it as "resolved". The reviewer can go to the comments view (in the meta section on the left nav) where they can filter to resolved comments. If it looks good, they can mark it as "closed" or "open" again if they want more changes. I have this as a suggested workflow in the docs. [1]
2. The iterations section in the left nav lets you compare any two iterations. You can use this to see what has changed since your last review. Crocodile even indicates which iteration your last review was on to make this easy.
How does Crocodile access my source code?
Crocodile stores the source code files that are part of reviews to provide a
fast user experience. Every file is encrypted with per file data encryption
keys. The data encryption keys are then encrypted with a master encryption key.
All cryptographic operations are performed using Google Tink, which is a
cryptographic library created by cryptographers at Google that is designed to be misuse resistant.
Files are encrypted using Stream AEAD using AES128_GCM_HKDF_4KB key type as recommended by Google.
The data encryption keys above are encrypted using AEAD with a master AES128 key.
The best code review tool I've ever used was a tool at Google called Critique.[0] They've open-sourced it as Gerrit[1], but there are sadly no hosted versions available for under $15k/yr, and it's complicated to self-host.
I've been using Reviewable, and my experience has been good not great. Github's native code review has caught up a bit, but Github's review tool falls apart if your review lasts more than one round.
Here are my gripes with Reviewable:
Steep learning curve - Every new developer who joins the team spends their first few reviews being confused and frustrated by Reviewable.
Performance - Reviewable has awful performance. It takes about 10 seconds to load a code review. It seems like it's doing some odd websockets stuff where sometimes my "connection" to Reviewable will drop and I can't add comments. I've never experienced this with any other web app. It's gotten better over the last few years, but it's still annoyingly frequent.
Complicated configuration - I just want the reviewer to be able to hit an "LGTM" button to mark their approval. Reviewable's decision about when a PR is approved is based on this complicated function combining whether the reviewer typed the text ":lgtm", how many people looked at the review, whether they also hit the approve button. Each repo has its own configuration, and I can't make org-level changes without changing every repo one at a time.
Excessive permissions - This might be a Github thing, but you can't grant Reviewable permissions to a particular private repo - you have to grant it permissions to all of your private repos. Several developers who join my team need to create a dedicated Github account to avoid exposing their other private repos to Reviewable.
Thread state is unclear - The options are "discussing", "satisfied," "blocking," or "working," and it's not obvious who's supposed to move the thread to what state at what point.
No development - I've been a paying customer of Reviewable for about 7 years, and I can remember only 1-2 minor features that have been added during that time. They haven't updated their blog[2] in 6 years, and they've never communicated with me as a paying customer to tell me anything they're doing.
I checked out Crocodile, and it looks like it has potential. I'm not sure I'd pitch it to my team to switch yet. Here are some of my thoughts:
* When do the reviewer's comments become visible to the author? One of the must-have features for me is that both author and reviwer(s) can prepare a set of notes, but they're not visible to anyone else until they hit "publish" to share them with the team. Sometimes I make comments in one spot, and then as I read more of the code, I revise a previous comment. If all my comments publish immediately, I can't revise comments like that. Github, Reviewable, and Gerrit all support a flow of preparing comments and then committing them in a separate step.
* Crocodile touts the floating thread thing, and I've never used a tool that has it, but it doesn't seem better to me. Inline comments do break the flow, but floating comments actually cover up the code and prevent me from reading it. I see I can close threads, but I can't figure out how to get them back.
* Being able to comment on character-level granularity is cool!
* I think your thread state is better than Reviewable's, but I'd prefer an even simpler model where threads are either "open" or "resolved." When an author responds to a comment, the default action is to resolve it, but the author can override the default and leave it "open" if their comment is asking for clarification rather than declaring a fix. The reviewer can reopen a thread if they feel that the author has misunderstood the note. 95% of the time in my reviews, the reviewer makes a note and the author resolves it, so having a whole extra confirmation phase for that last 5% feels unnecessary when the reviewer can just reopen it instead.
* Ditto for review state. The only two states I've ever needed for a code review are "pending approval" and "approved." I've never wanted to mark a PR as "rejected" unless it's just a spam submission from a stranger on an open-source repo, and even then, I'd close it from Github rather than my code review tool. The worst I'll do to a teammate is withhold approval until they address my notes, but I'd never mark it as "rejected." I don't need an explicit state for "pending review" or "waiting for author" because if the author is the last commenter, it's implicitly pending review.
* I like that there's a view of all the comments at once. I like to review all my comments before pushing them to the author.
* I'd like a way to mark a comment as "no action required" when I just want to say something nice[2] about the code that doesn't require action from the author.
* I couldn't understand the "iterations" UI control. It's not obvious to me what the different circles represent.[4] Once I compared two diffs, I couldn't figure out how to compare to the the full PR to the base branch (i.e., all commits aggregated). I think it's replicating a control that Reviewable actually does pretty well, so I recommend giving it a look for inspiration.
* It looks like I'm only allowed to make code-level comments, but I'd like to make review-level comments as well for high-level notes about the review as a whole.
Hope that's useful. I'm very interested in code reviews, so if you want to do user interviews, feel free to reach out. You can find my contact info through my HN profile.
[0] https://abseil.io/resources/swe-book/html/ch19.html
[1] https://www.gerritcodereview.com/
[2] http://blog.reviewable.io/
[3] https://mtlynch.io/human-code-reviews-2/#offer-sincere-prais...
I've made a couple notes based on this to help me prioritize next. Thanks for taking the time to provide all this amazing feedback!
> "Being able to comment on character-level granularity is cool!" This is something that I really like too - I'd go so far as to say PR titles, file names, etc, nearly everything should be commentable.
Have you checked out graphite.dev? Its iterating rapidly and incorporating a lot of what Phabricator and Gerrit did well.
Not sure if you've gotten this feedback, but the demos on your website are illegible. They're squeezing a terminal session into a tiny 350px width box:
https://i.imgur.com/UBnNWNT.png
Also, would be good to disclose that you're the co-founder if you're commenting about it publicly.
> Steep learning curve
Guilty as charged. I think it's cohesive and efficient once you learn it but the learning curve is quite steep. We keep trying to think of ways to flatten it a bit but haven't had any great ideas so far. If you have thoughts on this -- or could point us to a great UX designer with dev tools experience -- it would be much appreciated!
> Performance
There are some obvious things we're working towards to improve it but these days most reviews load in 3-4 seconds for me, even on a not-very-awesome laptop. What kind of platform are you seeing 10 second load times on, and how's your Internet latency to us-central? Please open an issue and we can work through it together.
> Complicated configuration
Yeah, there's a lot of support for legacy and highly customized workflows in there. But these days the primary and default integration is with GitHub's approve/request changes workflow, which gives you one-click approve -- have you tried using that? (Efficient multi-repo config updates are also on the todo list, but never quite rose to the top.)
> Excessive permissions
This is an unavoidable side-effect of using GitHub's OAuth authorization mechanism. GitHub Apps allow finer-grained permissions but they didn't exist when we created Reviewable and don't have a good answer for listing PRs, which would make our dashboard significantly less useful. We do have a transition planned out but at this point our main customers are enterprise folks who run their own GHE Server and don't much care about fine-grained permissions, so the ROI doesn't pencil out.
> Thread state is unclear
Huh, I'm surprised by this one. The basic flow is: 1. Reviewer creates a discussion (disposition defaults to Blocking). 2. Author responds with questions/comments (disposition defaults to Discussing). 3. Reviewer clarifies (disposition unchanged) or clicks the big Resolve button (disposition changes to Satisfied, discussion is resolved). 4. Author addresses the comment and clicks the big Done button (disposition changes to Satisfied). 5. Reviewer checks and, if satisfied, clicks Resolve (disposition changes to Satisfied and discussion is resolved).
Basically, at every step you either reply to keep the discussion going, or click the button to indicate that you're fine with closing it out. You shouldn't even need to care about the specific disposition unless you're trying to run more advanced workflows.
> No development
Yeah, I pretty much abandoned the blog and should probably take it down. However, we do ship new features regularly and post updates on Headway [1]. These should also pop up as the "red circle new stuff counter" in the UI, but perhaps your browser is blocking that third-party connection. (Headway only gets major feature posts, but there's a lot more work going on in the background that's only reported on the enterprise changelog [2].) I'm not a fan of spammy email newsletters so we don't send those.
Again, thanks for the feedback, and don't be a stranger -- it's easy to reach us through email, chat, issues, etc., and we respond promptly to every message. Even if we have to hunt them down on HN. :)
[1] https://headwayapp.co/reviewable-changelog [2] https://github.com/Reviewable/Reviewable/blob/master/enterpr...
>>Thread state is unclear
>Huh, I'm surprised by this one...
>Basically, at every step you either reply to keep the discussion going, or click the button to indicate that you're fine with closing it out.
I think there are two problems here:
1) It's not obvious enough that a user is supposed to declare a state after writing a response 2) There are more states than necessary
For (1), the UI flow doesn't hint to the user that they're supposed to do anything after they type their reply. I just tried it and I see this:
https://i.imgur.com/DimycTB.png
It sounds like you're saying the expectation is that users click the circle at the upper right and then choose a state, but that hasn't been obvious to anyone I've introduced to Reviewable.
For (2), this is more personal opinion, but I think comment threads are similar to Github issues in that there only need to be two states: closed or open. The states Reviewable offers to me as the author are:
(1) Discussing, (2) Satisfied, (3) Blocking, (4) Working, (5) Pondering
1, 3, 4, and 5 are all "open" for my purposes, and (2) is closed. It's rare in my experience for a developer to respond halfway through a round of review to say they're still working on or pondering a comment, so I don't need dedicated states for that. They can just keep it open and write a comment like "still working on this one!" I don't see a difference between (1) and (3), as all notes are blocking until they're resolved.
My somewhat controversial opinion is that the author and reviewer should trust each other enough that the author can respond to a note and mark it resolved without awaiting confirmation from the reviewer who wrote the note. It's rare in my experience for an author to incorrectly resolve a note, and when it happens, the reviewer can just reopen it and say, "Hey, I think there was a misunderstanding on this one, and the changes haven't addressed this note." I think forcing the flow into "Discussing" -> "Pending resolution" -> "Confirm resolution" just adds needless friction.
>You shouldn't even need to care about the specific disposition unless you're trying to run more advanced workflows.
We don't, but I see it as a missed opportunity because there's useful information there.
In Critique, it was easy to see at a glance whether a note was active or resolved (active notes had an orange background and resolved notes had a gray background IIRC). In Reviewable, we have to read all the notes more closely to see which are active and which are resolved.
>I'm not a fan of spammy email newsletters so we don't send those.
I don't like those when it's baldly trying to wring more money out of me, but I like it when vendors tell me what's going on and how they're improving the product.
One thing I've always wondered is why all these review tools use centralised databases. Git itself is a distributed model and reviews tend to boil down to code comments on set of lines or characters. I'm always surprised no one has created a review tool that ships around reviews like patch files. Even if there was a server as an option, like github, I could then work offline and build little tools to help make my review process more efficient.
I suppose it's not quite as easy to monitise as it's decentralised, but I'd love to see one crop up some day. Then my review process can match up with my coding process.
Either way this looks like a big improvement in some areas over the GitHub tools so I'll definitely be checking it out.
https://app.crocodile.dev/reviews/rwsfSKbgZoSt?change=README...
Do you support features like github suggestions which can be committed easily by author?
Given your history with Microsoft and their internal tool which this is inspired by, how long until github copies some of the ideas?
How many active users does this have?
Are there potential problems you see outside of current product?
I remember a startup providing paid code reviews as a service launched on HN a while ago. That could be a pivot for example in providing more value.
Not right now. The suggestion feature is something I want to add in the future if there's interest though!
> Given your history with Microsoft and their internal tool which this is inspired by, how long until github copies some of the ideas?
No idea! But CodeFlow had been around for many years before they acquired GitHub so they've had plenty of time to do it! I think this is an existential fear that anyone building code review tools has. For Crocodile, I think the long term strategy will be to decouple this from GitHub so that it can work with any source control provider. I architected it this way from the beginning but decided to target GitHub first because they have mindshare and because it made it really easy to dogfood since I host my code on GitHub.
> Are there potential problems you see outside of current product?
There's the one you already mentioned, which is GitHub improving their PR system, but there's not much I can do about that. Current problems I'm looking at are roadmap related. I have a few ideas of features I'd like to add, but no real indication on what to do next. Hence, posting on HN to get feedback. :)
Thanks for taking a look and the feedback!
It does seem that the demo review is broken in Safari, I get a JS error and the UI doesn't seem to work completely:
> [Error] TypeError: e.connect is not a function. (In 'e.connect(l,s)', 'e.connect' is undefined)
Also, is there any way to keep up-to-date on the project? I don't see a newsletter or Twitter link on your homepage.
No newsletter yet, but you can follow me on Twitter for now @jameslao.
I’ve been looking for this feature forever. A changed line might impact code that wasn’t changed. There wasn’t a convenient way to comment on those. Looking forward to trying this.
Compliance is a PITA but it's a real thing for companies. How are you planning on clearing that hurdle? I wouldn't want to put you through the vendor survey gauntlet and SOC2 is a lot to ask of a solo dev but the aforementioned IT team could likely be persuaded if you did Type 1 at least.
Crocodile has its own organization and member list. Billing is based on the max number of users in the Crocodile org for the month.
If you told me that your solution help my team ship faster and saves an hour per engineer per week then that's easy math: your product pays for itself.
Suggestions:
- Make all base features free (the ones on your site currently)
- Add analytics to your product, collect data and put it behind a paywall (entirely or partially by truncating historical data)
- Iterate on premium features that improves critical metrics
- Offer analytics with a trial of 2 to 3 months, enough time for graphs to speak for themselves
- Make sure the gains are seen by the manager or business owner or whoever is the person in charge
- It sounds like you’re micromanaging your team’s metrics at a rate that’s fractional to one contributor’s hourly cost even though you don’t understand what helps them to be productive. Don’t do that.
- You’re asking for a Show HN to eliminate its price tag and give you everything the poster finds valuable for free, and offer an entirely different product. I’m pretty sure you’re not the audience for this product.
You are seeing micro-management where I am looking for visibility and automation. I physically cannot micro manage my team.
> - You’re asking for a Show HN to eliminate its price tag and give you everything the poster finds valuable for free, and offer an entirely different product. I’m pretty sure you’re not the audience for this product.
1. OP said feedback was welcome.
2. I already pay for those features on Github. I suggested a different path to a bigger price tag.
3. I realize I am not the target audience. Simply providing a different perspective.IMHO if the one-month free trial isn’t enough to know whether a SaaS solution is worth an $8/head price, it’s probably not worth that price.
Imagine trying to sell a better WYSIWYG editor for WordPress for example. You can be better, save time, etc. - it's still always going to be a tough sell to charge more than a fraction of WP itself which offers a WYSIWYG editor and everything else.
The trial has always just been a cherry on top.
I haven’t ever used the entire trial for the sake of “trying” and then choosing to not use the product further.
Is it still better? Maybe it is.
I don’t think that turning a PR comment into a floating box is a value-add… anyone can do that with a userscript or inline bookmark.
And ultimately…you can’t solve a people problem with tech.