AI Code Review Bot

An intelligent code review agent powered by LLM reasoning models that automatically analyzes pull requests, detects bugs, security vulnerabilities, and suggests improvements with contextual explanations.

Architecture

┌─────────────────────────────────────────────────┐
│              AI Code Review Bot                   │
├─────────────────────────────────────────────────┤
│                                                   │
│  ┌───────────┐  ┌───────────┐  ┌───────────┐   │
│  │  Diff     │  │  Context  │  │  Pattern  │   │
│  │  Parser   │  │  Builder  │  │  Detector │   │
│  └─────┬─────┘  └─────┬─────┘  └─────┬─────┘   │
│        │               │               │         │
│        └───────────────┼───────────────┘         │
│                        ▼                         │
│              ┌─────────────────┐                 │
│              │   LLM Reasoning │                 │
│              │     Engine      │                 │
│              └────────┬────────┘                 │
│                       ▼                          │
│              ┌─────────────────┐                 │
│              │ Review Reporter │                 │
│              └─────────────────┘                 │
│                                                   │
└─────────────────────────────────────────────────┘

Features

• Multi-language support: Python, JavaScript, TypeScript, Go, Rust, Java
• Security scanning: Detects SQL injection, XSS, hardcoded secrets, insecure dependencies
• Bug detection: Null pointer dereferences, race conditions, memory leaks, off-by-one errors
• Performance analysis: N+1 queries, unnecessary allocations, blocking I/O in async contexts
• Style enforcement: Configurable coding standards with auto-fix suggestions
• Context-aware reviews: Understands project conventions by analyzing existing codebase patterns

How It Works

1. Webhook Listener — Receives PR/MR events from GitHub/GitLab
2. Diff Parser — Extracts changed files, hunks, and surrounding context
3. Context Builder — Gathers related files, imports, type definitions for full understanding
4. LLM Analysis — Sends structured prompts to reasoning model for deep code analysis
5. Pattern Detector — Cross-references LLM findings with known vulnerability patterns
6. Review Reporter — Posts inline comments on the PR with severity levels and fix suggestions

Installation

pip install -r requirements.txt
cp .env.example .env
# Configure your API keys and webhook secret
python -m bot.main

Configuration

# config.yaml
review:
  severity_threshold: "warning"  # info, warning, error, critical
  max_files_per_review: 50
  languages:
    - python
    - javascript
    - typescript
  
security:
  scan_dependencies: true
  check_secrets: true
  owasp_top_10: true

llm:
  model: "mimo-v2.5-reasoning"
  temperature: 0.1
  max_tokens: 4096
  chain_of_thought: true

Usage

# Run as webhook server
python -m bot.main --port 8080

# Review a specific PR manually
python -m bot.review --repo owner/repo --pr 42

# Scan local directory
python -m bot.scan ./src --format markdown

Token Usage

• Average PR review: ~3,000-8,000 tokens (input) + ~1,500 tokens (output)
• Large PR (50+ files): ~25,000 tokens (input) + ~5,000 tokens (output)
• Daily usage across 20 PRs: ~200,000 tokens
• Monthly projected: ~4M tokens

License

MIT