AI Code Review for Developers Who Can't Afford CodeRabbit.
CodeVibes is an intelligent code analysis tool that scans your GitHub repositories using AI to identify Security Vulnerabilities, Bugs & Performance Issues, and Code Quality improvements—giving you a quantifiable Vibe Score and actionable insights.
| Dashboard | Pre-Analysis View |
|---|---|
 |
 |
| Execution | Repo Selection |
|---|---|
 |
 |
| Post-Analysis | Detailed Stats |
|---|---|
 |
 |
| Report Insights |
|---|
 |
graph TB
subgraph "Frontend (React + Vite)"
UI[🖥️ AnalyzePage]
Store[📦 Zustand Store]
API_Client[🔗 API Client]
end
subgraph "Backend (Express + Node.js)"
Server[⚙️ Express Server]
Auth[🔐 Auth Controller]
Analysis[🔍 Analysis Controller]
History[📜 History Controller]
subgraph "Services"
GH_Service[📂 GitHub Service]
AI_Service[🧠 DeepSeek Service]
end
DB[(💾 SQLite DB)]
end
subgraph "External APIs"
GitHub[🐙 GitHub API]
DeepSeek[🤖 DeepSeek AI]
end
UI --> Store
Store --> API_Client
API_Client -->|REST API| Server
Server --> Auth
Server --> Analysis
Server --> History
Analysis --> GH_Service
Analysis --> AI_Service
History --> DB
Auth --> DB
GH_Service -->|Fetch Files| GitHub
AI_Service -->|Stream Analysis| DeepSeek
Here's how CodeVibes processes your repository:
sequenceDiagram
participant User
participant Frontend
participant Backend
participant GitHub
participant AI
User->>Frontend: 1. Paste Repo URL
Frontend->>Backend: 2. POST /api/analyze
Backend->>GitHub: 3. Fetch file tree
GitHub-->>Backend: File list
Backend->>Backend: 4. Categorize files by priority
loop For each Priority Level (P1→P2→P3)
Backend->>GitHub: 5a. Fetch file contents
GitHub-->>Backend: File content
Backend->>AI: 5b. Stream analysis request
AI-->>Backend: 5c. JSON issues (streamed)
Backend-->>Frontend: 5d. SSE: Live updates
Frontend-->>User: 5e. Display issues in real-time
end
Backend->>Backend: 6. Calculate Vibe Score
Backend-->>Frontend: 7. Final report
Frontend-->>User: 8. Show complete analysis
CodeVibes uses a three-tier priority system to analyze files in order of importance:
graph LR
subgraph "P1: Security (🛡️ First)"
A1[".env files"]
A2["auth.*, jwt.*"]
A3["*password*, *secret*"]
A4["config files"]
end
subgraph "P2: Core Logic (🧠 Second)"
B1["controllers/"]
B2["services/"]
B3["models/"]
B4["main.*, app.*"]
end
subgraph "P3: Quality (💎 Third)"
C1["tests/"]
C2["utils/"]
C3["helpers/"]
C4["Other files"]
end
A1 --> B1
A2 --> B2
A3 --> B3
A4 --> B4
B1 --> C1
B2 --> C2
B3 --> C3
B4 --> C4
| Priority | Focus | Severity Levels | Example Detections |
|---|---|---|---|
| + | P1 | Security | CRITICAL, HIGH, MEDIUM, LOW |
| + | P2 | Bugs & Performance | HIGH, MEDIUM, LOW |
| + | P3 | Code Quality | MEDIUM, LOW |
- Secret Detection: AWS keys, GitHub tokens, Stripe keys, JWTs
- Injection Attacks: SQL, NoSQL, Command, Code injection
- Auth Issues: Missing JWT verification, IDOR, Session misconfig
- XSS/CSRF: Dangerous innerHTML, Missing CSRF tokens
- Logic Errors: Null access, Off-by-one, Type coercion bugs
- Performance: N+1 queries, O(n²) algorithms, Memory leaks
- Async Issues: Unhandled promises, Race conditions
- Data Integrity: Missing transactions, Concurrent updates
- Readability: Naming, Complexity analysis
- DRY Violations: Duplicated code patterns
- Modern Practices: Deprecated APIs, Better alternatives
- Testability: Hard-to-test code patterns
A calculated 0-100 score based on:
- Issue count and severity
- Files scanned vs issues found ratio
- Security issue weight (higher penalty)
| Layer | Technology | Purpose |
|---|---|---|
| Frontend | React 18 + Vite | Fast, modern UI |
| TailwindCSS | Utility-first styling | |
| Zustand | State management | |
| Lucide Icons | Consistent iconography | |
| Backend | Node.js + Express | API server |
| Better-SQLite3 | Local database | |
| tsx | TypeScript execution | |
| AI | DeepSeek API | Code analysis |
| Integration | Octokit | GitHub API client |
- Node.js v18+
- DeepSeek API Key (Get free key)
- GitHub Token (optional, for private repos)
# 1. Clone the repository
git clone https://github.com/danish296/codevibes.git
cd codevibes
# 2. Install all dependencies
npm install
cd codevibes-backend && npm install && cd ..
# 3. Configure backend environment
cp codevibes-backend/.env.example codevibes-backend/.env
# Edit .env with your DeepSeek API key
# 4. Start both servers (use two terminals)
# Terminal 1: Backend
cd codevibes-backend && npm run dev
# Terminal 2: Frontend
npm run devCreate codevibes-backend/.env:
# Required
PORT=3001
DEEPSEEK_API_KEY=sk-your-deepseek-key
# Optional
GITHUB_TOKEN=ghp-your-github-token
DB_PATH=./data/codevibes.db
DEEPSEEK_MODEL=deepseek-chat # or deepseek-reasoner
ALLOWED_ORIGINS=http://localhost:8080codevibes/
├── src/ # React Frontend
│ ├── components/
│ │ ├── layout/ # Header, Footer, Sidebar
│ │ └── ui/ # UI primitives (Button, Card, etc.)
│ ├── pages/
│ │ ├── HomePage.tsx # Landing page
│ │ ├── AnalyzePage.tsx # Main analysis interface
│ │ └── SetupPage.tsx # API key configuration
│ ├── lib/
│ │ └── api.ts # Backend API client
│ └── store/
│ └── analysisStore.ts # Zustand state
│
├── codevibes-backend/ # Express Backend
│ ├── src/
│ │ ├── controllers/
│ │ │ ├── analysisController.ts
│ │ │ ├── historyController.ts
│ │ │ └── githubController.ts
│ │ ├── services/
│ │ │ ├── deepseekService.ts # AI prompts & streaming
│ │ │ └── githubService.ts # Repo fetching
│ │ ├── utils/
│ │ │ ├── database.ts # SQLite setup
│ │ │ └── logger.ts # Winston logging
│ │ └── server.ts # Express app
│ └── data/ # SQLite database storage
│
├── public/screenshots/ # App screenshots
└── README.md # You are here!
| Endpoint | Method | Description |
|---|---|---|
/api/analyze |
POST | Start new analysis |
/api/analyze/stream |
GET | SSE stream for live updates |
| Endpoint | Method | Description |
|---|---|---|
/api/history |
GET | List past analyses |
/api/history |
POST | Save analysis result |
/api/history/:id |
DELETE | Delete analysis |
| Endpoint | Method | Description |
|---|---|---|
/api/github/repos |
GET | List user's repos |
/api/github/validate |
POST | Check repo access |
function calculateVibeScore(issues: Issue[]): number {
const weights = {
CRITICAL: 25,
HIGH: 15,
MEDIUM: 5,
LOW: 1
};
let penalty = issues.reduce((sum, issue) =>
sum + weights[issue.severity], 0);
return Math.max(0, 100 - penalty);
}| Score Range | Label | Color |
|---|---|---|
| 90-100 | Excellent | 🟢 Green |
| 70-89 | Good | 🟡 Yellow |
| 50-69 | Needs Work | 🟠 Orange |
| 0-49 | Critical | 🔴 Red |
- Parallel file fetching: 5 concurrent requests instead of sequential (3-5x faster)
- GitHub Tree API caching: Reduced API calls by 80%
- Lazy categorization: Defer P2/P3 processing until needed (60% faster initial scan)
- Fixed history not saving: Corrected SQL parameter mismatch (duplicate
costparameter) - Fixed timer issues:
- Timer now restarts when continuing to next priority level
- Timer now stops on analysis errors
- Timer displays correctly when loading from history
- Fixed DeepSeek response truncation: Increased max_tokens from 8000 to prevent incomplete JSON responses
- Enhanced error handling: Better DeepSeek JSON parsing with truncation detection
- Improved logging: More detailed logs for debugging
- Better OAuth setup: Comprehensive setup guide with troubleshooting
- Added comprehensive
.env.examplewith all configuration options - Improved error messages and user feedback
- Better TypeScript types and interfaces
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- Issues: GitHub Issues
- Discussions: GitHub Discussions
Crafted with 💜 by Danish Akhtar
Star ⭐ this repo if you find it helpful!