AI-powered code review automation for GitHub pull requests using configurable AI models and reviewer personas.

Inline Comments on Pull Requests:

• Flutter

• Typescript

Discord Notifications:

CLI:

See the AI reviewer providing detailed code analysis with specific suggestions and line-by-line feedback, plus real-time Discord notifications showing AI model information for review status updates.

• Multi-Provider AI Support: OpenAI GPT-4, Anthropic Claude, Google Gemini, DeepSeek, OpenRouter, xAI Grok, Groq, Z.ai, Together AI, Fireworks AI, Mistral AI, Cerebras, Novita, ZenMux, Atlas Cloud, Cohere, Minimax, Moonshot, Upstage, and DeepInfra.
• Configurable Reviewer Personas: Senior Engineer, Security Expert, Performance Specialist, Accessibility Advocate
• Smart File Processing: Large file chunking, comprehensive exclusion patterns for all major development stacks (164+ patterns)
• Discord Notifications: Real-time status updates for review start, completion, and errors with AI model information
• GitHub Integration: Seamless PR commenting with inline and general review comments
• Enterprise Ready: Secure credential management, rate limiting, comprehensive error handling, robust JSON parsing
• Universal Compatibility: Works with any technology stack (Node.js, Python, Java, Flutter, .NET, Go, Rust, PHP, Ruby, etc.)

• GitHub repository with Actions enabled
• Node.js 20+ LTS
• AI API access (OpenAI, Anthropic, or other supported providers)
• Discord server (optional, for notifications)

Add AI code review to any repository with one simple step:

1. Create .github/workflows/ai-review.yml:

   name: AI Code Review
   
   on:
     pull_request:
       types: [opened, synchronize, reopened]
   
   jobs:
     ai-review:
       runs-on: ubuntu-latest
       if: github.event.pull_request.draft == false
   
       steps:
         - name: AI Code Review
           uses: obiwancenobi/ai-code-reviewer@v1.0.22
           with:
             pr-number: ${{ github.event.pull_request.number }}
             repository: ${{ github.repository }}
           env:
             GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
             OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}

2. Set up GitHub secrets in your repository settings:

   • GITHUB_TOKEN (automatically provided by GitHub Actions)
   • OPENAI_API_KEY (or your chosen AI provider's API key)
   • DISCORD_WEBHOOK_URL (optional, for notifications)

3. Commit and push:

   git add .
   git commit -m "Add AI code review"
   git push

For a complete setup with examples:

# Run the automated setup script
curl -fsSL https://raw.githubusercontent.com/obiwancenobi/ai-code-reviewer/main/setup-workflow.sh | bash

Use repository variables for organization-wide settings:

- name: AI Code Review
  uses: obiwancenobi/ai-code-reviewer@v1.0.22
  with:
    pr-number: ${{ github.event.pull_request.number }}
    repository: ${{ github.repository }}
    ai-provider: ${{ vars.AI_PROVIDER || 'openai' }}
    ai-model: ${{ vars.AI_MODEL || 'gpt-4' }}
    ai-persona: ${{ vars.AI_PERSONA || 'senior-engineer' }}
  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
    ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
    DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }}

{
  "ai": {
    "provider": "openai",
    "model": "gpt-4",
    "persona": "senior-engineer"
  },
  "processing": {
    "maxFileSize": 1048576,
    "chunkSize": 50000,
    "excludePatterns": [
      "node_modules/**",
      "build/**",
      "dist/**",
      "*.min.js",
      "*.lock",
      "DerivedData/**",
      ".gradle/**",
      "Pods/**",
      "__pycache__/**",
      "*.pyc",
      "target/**",
      "*.class",
      ".next/**",
      ".nuxt/**"
    ]
  },
  "author": "BugBeaver"
}

Control the number of AI-generated comments to avoid overwhelming reviews. The system includes intelligent filtering and configurable limits:

If you don't specify commentLimits, the system uses these intelligent defaults:

• Maximum 5 comments per entire review
• Maximum 2 comments per code chunk
• Eliminates low-quality comments (testing suggestions, style preferences, positive feedback)
• Removes "info" severity comments automatically

Configure comment limits based on your team's needs:

Strict (Minimal Comments):

{
  "ai": {
    "commentLimits": {
      "maxComments": 3,
      "maxCommentsPerChunk": 1
    }
  }
}

Best for: Security-focused teams, important PRs, senior developer reviews

Balanced (Moderate Comments):

{
  "ai": {
    "commentLimits": {
      "maxComments": 7,
      "maxCommentsPerChunk": 3
    }
  }
}

Best for: General development teams, standard code reviews

Comprehensive (More Comments):

{
  "ai": {
    "commentLimits": {
      "maxComments": 10,
      "maxCommentsPerChunk": 4
    }
  }
}

Best for: Thorough reviews, large PRs, team learning

Combine custom personas with strict limits for specialized reviews:

{
  "ai": {
    "persona": "minimal-reviewer",
    "commentLimits": {
      "maxComments": 3,
      "maxCommentsPerChunk": 1
    },
    "customPersonas": {
      "minimal-reviewer": "You are a minimal reviewer focusing ONLY on breaking changes and critical bugs. Maximum 3 comments total.",
      "security-focused": "You are a security expert focusing ONLY on vulnerabilities and critical bugs. Do not comment on style, documentation, or performance.",
      "performance-focused": "You are a performance specialist focusing ONLY on performance issues and optimization opportunities."
    }
  }
}

The system automatically filters out:

• ❌ "Info" severity comments (converted to warnings/errors only)
• ❌ Low-quality patterns:
  • "ensure thorough testing"
  • "consider discussing with team"
  • "might affect functionality"
  • Style preferences and documentation requests
• ❌ Duplicate comments (similar content)
• ❌ Positive feedback and obvious changes

• Visual Formatting: Color-coded borders (🚨 red for errors, ⚠️ yellow for warnings)
• Rich Content: Suggestions, code examples, and references included
• Emoji Indicators: Clear visual hierarchy with emojis
• Priority Sorting: Critical issues (errors) appear first

Provider-specific examples:

Anthropic Claude:

{
  "ai": {
    "provider": "anthropic",
    "model": "claude-3-sonnet",
    "persona": "security-expert"
  }
}

Google Gemini:

{
  "ai": {
    "provider": "google",
    "model": "gemini-pro",
    "persona": "performance-specialist"
  }
}

DeepSeek:

{
  "ai": {
    "provider": "deepseek",
    "model": "deepseek-coder",
    "persona": "senior-engineer"
  }
}

Note: Models listed are examples. Users can replace with any supported model for the provider as per their documentation and preferences.

• senior-engineer: General code quality, maintainability, best practices
• security-expert: Security vulnerabilities, data protection, secure coding
• performance-specialist: Performance optimization, scalability, efficiency
• accessibility-advocate: Inclusive design, WCAG compliance, user experience

You can define custom reviewer personas with your own prompts:

{
  "ai": {
    "provider": "openai",
    "model": "gpt-4",
    "persona": "code-reviewer",
    "customPersonas": {
      "code-reviewer": "You are an expert code reviewer focusing on clean code principles, SOLID design, and modern best practices. Pay special attention to naming conventions, function complexity, and code organization.",
      "team-lead": "You are a technical team lead reviewing code for architectural decisions, scalability concerns, and team standards compliance. Focus on long-term maintainability and technical debt.",
      "qa-engineer": "You are a QA engineer reviewing code for testability, error handling, and potential edge cases. Suggest improvements for debugging and monitoring."
    }
  }
}

Custom persona features:

• Define any persona name you want
• Write custom prompts tailored to your team's needs
• Mix built-in and custom personas in the same configuration
• Prompts can be as specific or general as needed

AI review comments now appear with "BugBeaver" branding instead of generic "github-actions[bot]" for better identification. The author attribution includes AI model information:

Example comment attribution:

*Reviewed by 🦫 (senior-engineer) using openai | gpt-4*

Custom Author Name: You can customize the reviewer name in your configuration:

{
  "author": "Your Company AI Reviewer"
}

This provides better branding and professional appearance while maintaining full customization options.

# Validate configuration
node index.js validate --config ai-review-config.json

# Test Discord webhook
node index.js test-discord --webhook-url YOUR_WEBHOOK_URL

# Manual review (for testing)
node index.js review --pr 123 --repo owner/repo

The system automatically excludes common build artifacts and dependencies:

• Python: __pycache__/, *.pyc, venv/, .pytest_cache/
• Java: target/, *.class, *.jar, .gradle/
• .NET/C#: bin/, obj/, packages/
• Go: vendor/, *.exe, *.test
• Rust: target/, debug/, release/
• PHP: vendor/, composer.lock
• Ruby: .bundle/, vendor/bundle/, log/, tmp/

• React/Next.js: .next/, out/, .cache/
• Vue/Nuxt: .nuxt/, dist/
• Angular: dist/, build/
• General: node_modules/, dist/, build/

• iOS: DerivedData/, xcuserdata/, Pods/, Carthage/
• Android: .gradle/, build/, app/build/
• React Native: .expo/, platforms/, plugins/
• Flutter: .dart_tool/, build/, android/app/build/
• Cordova/Ionic: platforms/, plugins/, www/build/

1. PR Trigger: GitHub Actions workflow activates on pull request events
2. Repository Checkout: Action checks out the target repository code
3. File Analysis: System identifies changed files, applies comprehensive exclusion filters
4. AI Processing: Code is chunked if needed and sent to configured AI model
5. Review Generation: AI analyzes code using specified persona and generates comments
6. Comment Posting: Inline and general comments posted to GitHub PR with BugBeaver branding
7. Notification: Discord webhook sends status updates with AI model information (if configured)

• GITHUB_TOKEN: Automatically provided by GitHub Actions
• One AI provider API key: OPENAI_API_KEY, ANTHROPIC_API_KEY, GOOGLE_AI_API_KEY, DEEPSEEK_API_KEY, OPENROUTER_API_KEY, XAI_API_KEY, GROQ_API_KEY, ZAI_API_KEY, TOGETHER_API_KEY, FIREWORKS_API_KEY, MISTRAL_API_KEY, CEREBRAS_API_KEY, NOVITA_API_KEY, ZENMUX_API_KEY, ATLAS_CLOUD_API_KEY, COHERE_API_KEY, MINIMAX_API_KEY, MOONSHOT_API_KEY, UPSTAGE_API_KEY, DEEPINFRA_API_KEY
• DISCORD_WEBHOOK_URL: Optional, for notifications

Settings are applied in this priority order (highest to lowest):

Config file sets:

{
  "ai": {
    "provider": "openai",
    "model": "gpt-4"
  }
}

Workflow sets:

- uses: obiwancenobi/ai-code-reviewer@v1.0.22
  with:
    ai-provider: ${{ vars.AI_PROVIDER || 'anthropic' }}
    ai-model: ${{ vars.AI_MODEL || 'claude-3-sonnet' }}

Result:

• ai-provider: anthropic (from repository variable)
• ai-model: claude-3-sonnet (from repository variable)
• Other settings from config file or defaults

For Individual Repositories:

• Use action inputs for repository-specific settings
• Use config file for baseline configuration

For Organizations:

• Set organization variables for consistent AI provider/model
• Use repository variables for team-specific overrides
• Keep sensitive settings in GitHub secrets

Your workflow must include these permissions for the AI Code Reviewer to access pull request data and create comments:

permissions:
  contents: read      # Required: Read repository contents
  pull-requests: write # Required: Read PR files and create review comments
  issues: write       # Required: Create issue comments

Example workflow configuration:

jobs:
  ai-review:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
      issues: write
    steps:
      # ... your steps

• API keys stored securely as GitHub Secrets
• No source code persistence in logs or cache
• Secure webhook validation
• Rate limiting and error handling
• Principle of least privilege for GitHub tokens

• Processing Time: <10 minutes for repositories <100MB (depends on AI provider response times)
• File Size Limit: 1MB per file (configurable)
• Chunking: Automatic splitting for large files
• Concurrency: Parallel file processing with rate limiting and error resilience

name: AI Code Review

on:
  pull_request:
    types: [opened, synchronize, reopened]

jobs:
  ai-review:
    runs-on: ubuntu-latest

    steps:
      - name: AI Code Review
        uses: obiwancenobi/ai-code-reviewer@v1.0.22
        with:
          pr-number: ${{ github.event.pull_request.number }}
          repository: ${{ github.repository }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}

name: AI Code Review

on:
  pull_request:
    types: [opened, synchronize, reopened]
    paths-ignore:
      - '**/android/**'
      - '**/ios/**'
      - '**/*.png'
      - '**/*.jpg'

jobs:
  ai-review:
    runs-on: ubuntu-latest

    steps:
      - name: AI Code Review
        uses: obiwancenobi/ai-code-reviewer@v1.0.22
        with:
          pr-number: ${{ github.event.pull_request.number }}
          repository: ${{ github.repository }}
          ai-persona: 'senior-engineer'
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}

- name: AI Code Review
  uses: obiwancenobi/ai-code-reviewer@v1.0.22
  with:
    pr-number: ${{ github.event.pull_request.number }}
    repository: ${{ github.repository }}
    ai-persona: 'performance-specialist'
  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}

- name: AI Code Review
  uses: obiwancenobi/ai-code-reviewer@v1.0.22
  with:
    pr-number: ${{ github.event.pull_request.number }}
    repository: ${{ github.repository }}
    ai-provider: 'anthropic'
    ai-model: 'claude-3-sonnet-20240229'
    ai-persona: 'security-expert'
  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}

Set these in repository Settings → Actions → Variables:

• AI_PROVIDER: anthropic
• AI_MODEL: claude-3-sonnet-20240229
• AI_PERSONA: security-expert

- name: AI Code Review
  uses: obiwancenobi/ai-code-reviewer@v1.0.22
  with:
    pr-number: ${{ github.event.pull_request.number }}
    repository: ${{ github.repository }}
    ai-provider: ${{ vars.AI_PROVIDER || 'openai' }}
    ai-model: ${{ vars.AI_MODEL || 'gpt-4' }}
    ai-persona: ${{ vars.AI_PERSONA || 'senior-engineer' }}
  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
    ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
    DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }}

Create ai-review-config.json in your repository:

{
  "ai": {
    "customPersonas": {
      "team-lead": "You are a technical team lead reviewing for architecture and scalability..."
    }
  },
  "processing": {
    "maxFileSize": 2097152,
    "excludePatterns": [
      "custom-exclude/**"
    ]
  },
  "author": "BugBeaver"
}

For complete setup with examples, run:

curl -fsSL https://raw.githubusercontent.com/obiwancenobi/ai-code-reviewer/main/setup-workflow.sh | bash

This creates workflow examples for different approaches and provides setup guidance.

• Code snippets, prompts, and related metadata are transmitted to third-party AI providers, which may log or store this data for their operations.
• Refrain from including sensitive credentials, proprietary information, or personal data in reviews unless you're confident in the provider's security practices.

• External AI services may enforce usage limits, alter their APIs or model behaviors abruptly, or become temporarily unavailable.
• Treat AI-generated outputs as preliminary suggestions; incorporate manual checks before relying on them in live environments.

• AI responses might include factual errors, rely on obsolete information, or fabricate elements not present in the input.
• Independently validate all recommendations, code modifications, or analyses provided by the AI before integration.

• Error: "Missing API key for [provider]. Set [ENV_VAR] environment variable."
  • Solution: Ensure the correct environment variable is set in GitHub Secrets (e.g., OPENAI_API_KEY, COHERE_API_KEY). Verify the variable name matches the provider exactly.
• Error: "Invalid API key" or 401 Unauthorized.
  • Solution: Double-check the API key from the provider dashboard. Regenerate if necessary and update the secret.

• Error: "Unsupported AI provider: [provider]"
  • Solution: Confirm the provider name in ai-review-config.json or workflow inputs matches the enum (e.g., 'cohere-ai', not 'cohere'). Check the Supported AI Providers table for exact names.

• Error: 429 Too Many Requests or similar from AI provider.
  • Solution: Wait and retry, or upgrade to a higher tier on the provider. The tool includes retry logic (3 attempts), but persistent issues may require adjusting concurrency or using a different provider.

• Error: "Invalid ai.provider" or schema errors in logs.
  • Solution: Run CLI validation: node index.js validate --config ai-review-config.json. Fix enum mismatches or missing required fields like ai.model.

• Error: "Resource not accessible by integration" or no comments posted.
  • Solution: Add permissions to workflow:

    permissions:
      contents: read
      pull-requests: write
      issues: write

    Ensure GITHUB_TOKEN has repo scope.

• Error: "Discord webhook failed" in logs.
  • Solution: Verify DISCORD_WEBHOOK_URL secret is correct and the webhook has permissions in the Discord channel. Test with CLI: node index.js test-discord --webhook-url YOUR_URL.

• Error: "File too large" or incomplete reviews.
  • Solution: Increase processing.maxFileSize in config (default 1MB). For very large files, adjust chunkSize (default 50k tokens). Exclude binary/large files via excludePatterns.

• Error: "Failed to parse AI response as JSON" in logs; fallback general comment.
  • Solution: The tool uses robust parsing with fallbacks. If persistent, check provider response format or refine the prompt in custom personas. Test with a simple code snippet.

• Error: Workflow succeeds but no comments appear.
  • Solution: Check workflow logs for skipped files (exclusions). Ensure PR is not draft (if: github.event.pull_request.draft == false). Verify changed files are code (not docs/images).

• Error: No action runs on PR.
  • Solution: Confirm workflow file in .github/workflows/ and PR events in on: pull_request. Check repository Actions settings for approval if required.

• Enable Debug Logs: Set DEBUG=* env var in workflow for verbose output.
• Test Locally: Use CLI for manual reviews: node index.js review --pr <number> --repo <owner/repo>.
• Check Provider Status: Visit provider dashboards for outages or quota issues.
• Review Logs: GitHub Actions logs show detailed errors; search for "AI code review" or provider names.

For persistent issues, open an issue with workflow logs and config (redact keys).

1. Fork the repository
2. Create a feature branch: git checkout -b feature/amazing-feature
3. Commit changes: git commit -m 'Add amazing feature'
4. Push to branch: git push origin feature/amazing-feature
5. Open a Pull Request

This project is licensed under the MIT License - see the LICENSE file for details.

• Built with Node.js
• Powered by multiple AI providers
• Integrated with GitHub Actions
• Notifications via Discord

• 📖 Quick Start Guide
• 🐛 Issues
• 💬 Discussions
• 📧 Setup Script