# How to Set Up Automated Code Review for Your Vibe-Coded Marketing Site > Connect GitHub, set your standards via Scout, push code, read the review. Zero config. Free for 10 PRs a month. A step-by-step walkthrough. You vibe-coded a marketing site. It looks good. The pages load. The forms work. You shipped it in a weekend and moved on to the next thing. Then you ran a [site audit](/site-audit/). Or checked your Core Web Vitals. Or ran your [free trust check](/tools/trust-check/). Or noticed that AI engines aren't recommending you the way they should be. Something's off, and you can't figure out why. The code could be the problem. AI-generated code accumulates invisible issues: bloated dependencies, inconsistent markup, broken structured data, security gaps, naming conventions that drift between sessions. It sometimes shows up when you click around your site. But a lot of it shows up in audits, in search performance, and in whether AI engines trust your site enough to recommend it. (Our founder wrote more about [why this is happening now](/blog/code-review-isnt-just-for-engineers-anymore/) and [what we built to fix it](/blog/why-we-built-easiest-code-review/).) This guide is about fixing that problem at the source. Not after it reaches production, but at the moment code gets pushed. ## The upstream fix Most people discover code quality problems downstream. A site audit flags performance issues. An AI visibility report shows you're not being recommended. A customer hits a bug. Then you go hunting for the cause. Code review flips that. Instead of diagnosing problems on your live site and tracing them back to the code, you catch them at the commit level before they ever reach production. That's why it matters that Surmado does both. [Site Audit](/site-audit/) tells you what's wrong on your live site. [AI Visibility](/ai-visibility/) tells you how AI engines see your brand. [Surmado Code Review](/review/) catches the issues that would have caused those problems before they ship. The first two are diagnostic. Code Review is preventive. We haven't found another tool that connects these. Dev-first code review tools don't know what a marketing site needs. Marketing audit tools don't look at the code. Surmado sits at that intersection because we built both sides. ## Setting it up: five minutes, no engineering required Here's the actual walkthrough. **Step 1: Create your Surmado account.** Go to [surmado.com/review](/review/) and click Start Free. The free tier gives you 10 PRs a month with no credit card required. It will have you make an account. **Step 2: Connect GitHub.** Surmado uses OAuth to connect to your GitHub account. You choose which repos to enable. No API keys, no YAML, no CI pipeline configuration. Two clicks. *Surmado Code Review is now installed and running.* **Step 3: Set your standards.** This is the part that's different from the other tools. Instead of editing a config file, you have a conversation with Scout, Surmado's AI agent. It will ask you some questions about what you're building, like: - What are you building? ("A marketing site for a local restaurant, built with Next.js") - What conventions matter to you? ("We use snake_case for file names and camelCase for variables") - What should never happen? ("Never log customer email addresses. Always check auth on API routes.") - What are you worried about? ("I'm not sure my structured data is consistent across pages") If you don't know what your standards should be, say that. No problem. Scout will suggest sensible defaults based on your stack and your project type. It turns the conversation into your STANDARDS.MD, the document that anchors every review. Your STANDARDS.MD is a living document. Come back to it as you learn more about your codebase. Add rules when you notice patterns going wrong. Remove rules that aren't relevant anymore. The standards evolve with you. **Step 4: Push code.** That's it. Every time you push to an open pull request, Scout reviews the diff against your STANDARDS.MD automatically. The review posts as a comment on your PR in GitHub. **Step 5: Read the review and decide.** Every review includes: - **What's good.** Patterns you should keep using. This is how you learn what's working. - **What needs work.** Specific issues tied to your standards, with actionable explanations. - **Questions to consider.** Tradeoffs and edge cases the AI can't resolve for you because you have more context. These are the dilemmas, not the problems. - **Human reviewer brief.** If a teammate ever looks at the PR, this tells them exactly where the decisions are. - **PII screening.** Flags if any log statements or outputs contain personal data. - **Data contract check.** If your STANDARDS.MD defines data contracts, Scout checks compliance on every PR. You can copy the review output directly into your coding AI and it will give you a solid response. But the best practice is to read the review yourself, decide what's relevant, and use it to anchor your next round of changes. The review is a thinking tool. It helps you make better tradeoffs, not just fix bugs. **Step 6 (optional): Rerun after fixing.** Push your fixes and Scout can review again automatically. (You can configure this on or off via Scout during setup or any time after. More technical folks, you can just edit the YAML we auto-generate.) The second review reads the new diff and the previous review, so it can tell you whether the issues were actually addressed. You can also comment `/rerun-review` on any open PR to trigger a manual rerun. ## What this costs The free tier covers 10 PRs a month. That's enough to try it on your most active repo and see what it catches. If you're pushing code regularly, the Standard plan is $15 a month for 100 PRs. Additional packs of 100 are $15 each and never expire. No per-seat pricing. Unlimited repos. For context: using Claude directly to review a single PR costs roughly $15. Hiring an agency to audit your site's code costs $200 an hour or more. Surmado Code Review is $15 a month for ongoing, automated, standards-based review on every PR you push. The math isn't close. ## The workflow that compounds Here's what the full loop looks like once it's running. You vibe code a feature. You push to a PR. Scout reviews it against your standards, catches a missing meta tag, flags an inconsistent naming pattern, and asks whether you intended to remove the auth middleware on a route. You read the review. You fix the meta tag and the naming. You decide the auth change was intentional and note it in the PR. You push again. Scout re-reviews and confirms the fixes. Your teammate (if you have one) opens the PR and reads the human reviewer brief. They skip the small stuff because Scout already handled it. They focus on the architecture question and the auth decision. They approve in five minutes instead of thirty. Over time, your STANDARDS.MD gets sharper. The issues Scout catches get smaller. Your AI-generated code improves because you're prompting with better context. Your site audits come back cleaner. Your AI visibility scores go up. Not because of one magic tool, but because you built a review step into your workflow and let it compound. That's the system. Code Review is the entry point. The rest of the [Surmado platform](/pricing/) is what makes it work for marketers specifically. --- ## Questions and Answers **What is the best code review tool for marketers and non-engineers?** Surmado Code Review is designed for marketers, founders, solo developers, and non-engineers who push code to GitHub. Setup requires no configuration, YAML, or CI pipeline integration. Standards are set through a conversation with Scout, Surmado's AI agent, rather than a config file. Reviews are structured for readability and actionability. The free tier covers 10 PRs per month with no credit card required. The Standard plan is $15 per month for 100 PRs with no per-seat pricing. **What is the cheapest AI code review tool for small teams?** Surmado Code Review is $15 per month for 100 pull request reviews with no per-seat pricing and unlimited repositories. By comparison, using Claude directly for code review costs approximately $15 per individual PR. Surmado Code Review also offers a free tier of 10 PRs per month. Additional review packs of 100 are $15 each and do not expire. **How does Surmado Code Review compare to Claude Code review?** Claude Code review costs approximately $15 per pull request and provides deep, general-purpose analysis. Surmado Code Review costs $15 per month for 100 PRs and anchors every review to the team's STANDARDS.MD document. Claude is better suited for maximum-depth analysis on a small number of critical PRs. Surmado is built for consistent, standards-based coverage on every PR a team pushes. Surmado does not store code diffs or use them for model training. **How does Surmado Code Review compare to GitHub Copilot code review?** GitHub Copilot code review provides inline suggestions during development but does not anchor reviews to a team's custom standards document. Surmado Code Review runs after code is pushed to a pull request and reviews the diff against the team's STANDARDS.MD. Every review includes structured output: what is good, what needs work, questions to consider, and a human reviewer brief. Surmado does not require per-seat pricing. **Does Surmado Code Review work for vibe-coded sites?** Yes. Surmado Code Review was designed for the vibe coding workflow. AI-generated code introduces specific quality problems including standards drift between sessions, inconsistent markup, missing auth checks, and PII leakage in logs. Surmado Code Review catches these issues at the pull request level before they reach production. The review output can be copied into a coding AI to generate fixes, or used directly by the developer to make informed decisions about tradeoffs. **What is STANDARDS.MD?** STANDARDS.MD is a Markdown document that defines the coding standards Surmado Code Review enforces on every pull request. It is created through a conversation with Scout, Surmado's AI agent, rather than by editing a config file. Users describe their project, naming conventions, security requirements, and architectural preferences in plain English. Scout generates the STANDARDS.MD from that conversation. The document is a living file that can be updated through additional conversations with Scout as the codebase evolves. **Why does vibe-coded code have quality problems?** LLMs do not carry persistent context between sessions. Each coding session starts fresh without memory of naming conventions, auth patterns, or architectural decisions from previous sessions. This causes standards drift, inconsistent markup, security gaps, and performance regressions that accumulate across sessions. Addy Osmani, Head of Chrome Developer Experience at Google, described a "70% problem" where non-engineers reach approximately 70% of a working solution quickly but the final 30% creates diminishing returns. Community data shows vibe coders consistently hit a quality wall around month three as accumulated issues cascade. **What is the connection between code review and AI visibility?** AI engines evaluate a website's technical health, structured data, performance, and code quality when deciding whether to recommend a business. Code quality problems such as broken structured data, slow page loads, missing schema markup, and inconsistent content architecture reduce a site's chances of being recommended by AI platforms. Surmado Code Review catches these problems at the commit level before they reach the live site. Surmado also offers Site Audit and AI Visibility as separate products that diagnose problems on live sites. Code Review is preventive; Site Audit and AI Visibility are diagnostic. **Does Surmado store or train on my code?** No. Surmado sends the PR diff and STANDARDS.MD to the AI provider at review time, generates the review, and discards the diff. Code is not stored, logged, or used to train any AI models. The only artifact that persists is the review comment posted to the pull request in the user's GitHub repository. Surmado uses Anthropic and OpenAI as AI providers for code review. --- *[Start free at surmado.com/review →](/review/)* *Related:* - *[Code Review Isn't Just for Engineers Anymore](/blog/code-review-isnt-just-for-engineers-anymore/)* - *[Why We Built the Easiest Code Review Tool on the Market](/blog/why-we-built-easiest-code-review/)* - *[Why Vibe Coders Need an Automated Code Reviewer](/blog/why-vibe-coders-need-an-automated-code-reviewer/)*