An AI-powered automated code review GitHub App built with Go, AWS Lambda, and Google Gemini. Installs on any GitHub repository and automatically reviews every pull request with inline comments, quality scores, and security analysis.
When a developer opens a pull request on any repo with PRism installed:
- GitHub sends a webhook to PRism's AWS Lambda endpoint
- PRism fetches the PR diff for each changed file
- Each diff is sent to Google Gemini with a carefully engineered prompt
- Gemini returns structured JSON: bugs, security issues, performance problems, suggestions
- PRism posts inline comments on the exact lines with severity labels
- A summary comment shows the overall quality score and issue breakdown
- The review record is persisted to DynamoDB for historical tracking
All of this happens within seconds of the PR being opened — automatically.
GitHub
│
│ PR opened → webhook POST
▼
┌─────────────────────────────────────────────────────┐
│ AWS Cloud │
│ │
│ API Gateway (/webhook) │
│ │ │
│ │ 1. Verify HMAC-SHA256 signature │
│ ▼ │
│ Lambda Function (Go binary on Graviton2) │
│ │ │
│ ├── 2. Parse PR event │
│ ├── 3. Fetch diff via GitHub API │
│ │ (JWT → Installation Token flow) │
│ │ │
│ ├── 4. Per-file: Send diff to Gemini API ──────┼──► Google Gemini
│ │ (structured JSON prompt) │ (AI Analysis)
│ │ │
│ ├── 5. Post inline review comments │
│ │ → GitHub PR Review API │
│ │ │
│ └── 6. Save review record ──────────────────── ┼──► DynamoDB
│ (quality score, issues, timestamp) │ (Review History)
└─────────────────────────────────────────────────────┘
PRism posts a summary comment + inline comments on the PR:
## 🔍 PRism Code Review
**PR:** Add user authentication endpoint
| Metric | Value |
|---|---|
| Quality Score | 🟡 7/10 |
| Issues Found | 3 |
| Status | ⚠️ Warnings detected |
### File Summaries
- auth.go: Implements JWT validation correctly but missing token expiry check
- handler.go: Well-structured handler with minor error handling gaps
Inline comment example:
🚨 [CRITICAL] SQL query is constructed with string concatenation.
This is vulnerable to SQL injection. Use parameterized queries instead:
db.Query("SELECT * FROM users WHERE id = ?", userID)
Category: security
| Layer | Technology | Why |
|---|---|---|
| Language | Go 1.22 | Fast cold starts, low Lambda memory footprint |
| Compute | AWS Lambda (Graviton2/ARM64) | Serverless, 20% cheaper than x86, scales to zero |
| API | AWS API Gateway | Managed HTTP endpoint for GitHub webhooks |
| Database | AWS DynamoDB | Review history persistence, serverless |
| AI | Google Gemini 1.5 Flash | Fast, capable, generous free tier |
| Auth | GitHub App JWT + Installation Tokens | Secure, scoped, revocable per-repo access |
| CI/CD | GitHub Actions + AWS SAM | Automated deploy on every push to main |
prism/
├── cmd/
│ └── lambda/
│ └── main.go # Lambda handler + initialization
├── internal/
│ ├── github/
│ │ ├── webhook.go # Signature verification, event parsing
│ │ └── client.go # GitHub API: fetch diffs, post reviews
│ ├── gemini/
│ │ └── reviewer.go # Gemini API client + prompt engineering
│ ├── review/
│ │ └── orchestrator.go # Pipeline: diff → AI → comments → store
│ └── store/
│ └── dynamodb.go # Review history persistence
├── config/
│ └── config.go # Environment-based configuration
├── deploy/
│ └── deploy.sh # One-command deployment script
├── template.yaml # AWS SAM infrastructure-as-code
├── .github/workflows/ci.yml # CI/CD: test → build → deploy
└── go.mod
- Go to github.com/settings/apps → New GitHub App
- Fill in:
- Name: PRism (or your own name)
- Homepage URL: your GitHub repo URL
- Webhook URL: (placeholder for now — update after deploy)
- Webhook Secret: generate a random string → save it
- Permissions needed:
- Pull requests: Read & Write
- Contents: Read
- Subscribe to events: Pull request
- Click Create → Note the App ID
- Scroll down → Generate a private key → download the
.pemfile
- Go to aistudio.google.com
- Click Get API Key → Create API key
- Copy the key — it's free, no credit card needed
# Clone the repo
git clone https://github.com/manohar6317/prism
cd prism
# Set environment variables
export GITHUB_APP_ID=your_app_id
export GITHUB_PRIVATE_KEY=$(cat your-key.pem | tr '\n' '\\n')
export GITHUB_WEBHOOK_SECRET=your_webhook_secret
export GEMINI_API_KEY=your_gemini_key
# Deploy (builds Go binary + deploys Lambda + API Gateway + DynamoDB)
chmod +x deploy/deploy.sh
./deploy/deploy.shThe script outputs your Webhook URL. Copy it.
- Go back to your GitHub App settings
- Paste the Webhook URL from the deploy output
- Set Content type to
application/json
- Go to your GitHub App page
- Click Install → choose a repo
- Open a pull request — PRism will review it automatically
Why AWS Lambda instead of a persistent server? PRism only runs when a webhook arrives. A persistent server would sit idle 99% of the time. Lambda scales to zero when idle (zero cost) and handles traffic spikes automatically.
Why GitHub App instead of GitHub Action? A GitHub App installs once and works across all PRs — no per-repo configuration. It also uses scoped installation tokens instead of personal access tokens, which is more secure.
Why HMAC-SHA256 signature verification? Without it, anyone who knows your webhook URL could POST fake PR events and trigger reviews. GitHub signs every payload with a shared secret — we verify it before processing anything.
Why Graviton2 (ARM64) Lambda? AWS's ARM-based Graviton2 processors are 20% cheaper and often faster for Go workloads than x86. This is a real engineering tradeoff that shows cost-consciousness.
Why low temperature (0.2) on Gemini? Higher temperature = more creative but less consistent. For code review, we want deterministic, focused analysis — not creative writing. Temperature 0.2 produces reliable structured JSON output.
MIT