This project implements a fully automated AI code-review system that runs inside GitHub CI/CD, analyzes pull requests using Gemini, and posts precise, line-level review comments.
- GitHub Actions: Triggers on PR events and gathers changed files.
- Gemini API: Analyzes the diff with a structured prompt.
- Reviewer Script: Parses the LLM output and annotates the PR using Octokit.
- Register the App: Use the
app.ymlmanifest to register your GitHub App. - Deploy the Service: Host the
server.json a platform like Heroku, Vercel, or a VPS. - Configure Secrets:
APP_ID,PRIVATE_KEY,WEBHOOK_SECRETfrom your GitHub App settings.ENCRYPTION_SECRET: A random string for securing user keys.
- User Onboarding:
- Once a user installs the app, they are redirected to
/config.html. - They enter their Installation ID and Gemini API Key.
- The bot is now ready to review their Pull Requests!
- Once a user installs the app, they are redirected to
Users can also choose to NOT use the hosted settings and instead set a repository secret:
- Secret Name:
GEMINI_API_KEY - The bot will check for this secret if no key is found in the database.
.github/workflows/llm-review.yml: The Action workflow definition..github/actions/llm-review/reviewer.js: The core logic for interactions.
The system uses a strict JSON schema for LLM responses to ensure reliability:
{
"summary": "Short overall summary",
"findings": [
{
"file": "path/to/file",
"start_line": 10,
"end_line": 15,
"issue": "Description of the issue",
"severity": "HIGH",
"confidence": 0.9,
"suggestion": "Fix details"
}
]
}- Secrets are stored in GitHub Secrets.
- Read-only analysis of diffs (no execution of untrusted code).
- Versioned prompt templates.