ai-reviewbot 1.0.0b1

AI-powered code review agent for CI/CD pipelines

AI ReviewBot

AI-powered code review tool for GitHub and GitLab that provides intelligent feedback with inline suggestions and one-click "Apply" button.

📚 Documentation • 🚀 Quick Start • 🛒 GitHub Marketplace

---

✨ Features

• 🤖 AI-Powered Analysis — Uses Google Gemini for deep code understanding
• 💡 Inline Suggestions — Comments directly on code lines with GitHub's "Apply suggestion" button
• 🔒 Security Focus — Identifies vulnerabilities with severity levels (Critical, Warning, Info)
• 🌍 Multi-Language — Responds in your PR/MR language (adaptive mode)
• ✨ Good Practices — Highlights what you're doing right, not just issues
• 📊 Transparent Metrics — Shows tokens, latency, and estimated cost
• 🦊 GitHub & GitLab — Native support for both platforms

🔍 Project Discovery

AI ReviewBot automatically analyzes your repository before each review:

• Languages & frameworks detected from GitHub/GitLab API
• CI pipeline parsed to understand what's already automated (linters, formatters, type checkers)
• Config files read to understand project conventions
• Attention Zones classify each quality area as ✅ Well Covered, ⚠️ Weakly Covered, or ❌ Not Covered

This means the bot won't duplicate feedback that your CI already catches — no formatting nits when you run Prettier, no type errors when you run mypy. Discovery results are cached via watch-files, so repeated PRs cost 0 extra tokens.

Create .reviewbot.md in your repo root to customize. You can also run ai-review discover owner/repo to preview what the bot sees.

Variable	Default	Description
AI_REVIEWER_DISCOVERY_ENABLED	true	Enable/disable project discovery
AI_REVIEWER_DISCOVERY_VERBOSE	false	Always post discovery comment
AI_REVIEWER_DISCOVERY_TIMEOUT	30	Discovery timeout in seconds

See Discovery documentation for details.

🚀 Quick Start

GitHub Actions (Recommended)

# .github/workflows/ai-review.yml
name: AI Code Review

on:
  pull_request:
    types: [opened, synchronize]

jobs:
  review:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write

    steps:
      - uses: KonstZiv/ai-code-reviewer@v1
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          google_api_key: ${{ secrets.GOOGLE_API_KEY }}

GitLab CI

# .gitlab-ci.yml
ai-review:
  image: ghcr.io/konstziv/ai-code-reviewer:1
  script:
    - ai-review
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
  variables:
    AI_REVIEWER_GOOGLE_API_KEY: $GOOGLE_API_KEY
    AI_REVIEWER_GITLAB_TOKEN: $GITLAB_TOKEN  # Project Access Token with 'api' scope

PyPI

pip install ai-reviewbot

# Set environment variables
export GOOGLE_API_KEY="your-key"
export GITHUB_TOKEN="your-token"

# Run review
ai-review --repo owner/repo --pr 123

Docker

# DockerHub
docker pull koszivdocker/ai-reviewbot:1

# GitHub Container Registry
docker pull ghcr.io/konstziv/ai-code-reviewer:1

📖 Documentation

Full documentation available in 6 languages:

Language	Link
🇬🇧 English	Documentation
🇺🇦 Українська	Документація
🇩🇪 Deutsch	Dokumentation
🇪🇸 Español	Documentación
🇲🇪 Crnogorski	Dokumentacija
🇮🇹 Italiano	Documentazione

⚙️ Configuration

Variable	Default	Description
AI_REVIEWER_GOOGLE_API_KEY	—	Required. Google Gemini API key
AI_REVIEWER_GITHUB_TOKEN	—	GitHub token (for GitHub)
AI_REVIEWER_GITLAB_TOKEN	—	GitLab token (for GitLab)
AI_REVIEWER_LANGUAGE	en	Response language (ISO 639 code)
AI_REVIEWER_LANGUAGE_MODE	adaptive	adaptive (detect from PR) or fixed
AI_REVIEWER_GEMINI_MODEL	gemini-2.5-flash	Gemini model to use
AI_REVIEWER_GEMINI_MODEL_FALLBACK	gemini-3-flash-preview	Fallback model when primary is unavailable
AI_REVIEWER_LOG_LEVEL	INFO	Logging level
AI_REVIEWER_REVIEW_MAX_COMMENT_CHARS	3000	Max characters per comment
AI_REVIEWER_REVIEW_INCLUDE_BOT_COMMENTS	true	Include bot comments in context
AI_REVIEWER_REVIEW_POST_INLINE_COMMENTS	true	Post inline comments on code lines
AI_REVIEWER_REVIEW_ENABLE_DIALOGUE	true	Enable dialogue threading
AI_REVIEWER_DISCOVERY_ENABLED	true	Enable project discovery before review

Note: Old variable names without AI_REVIEWER_ prefix still work as fallback.

See Configuration Guide for all options.

🎯 Example Output

The reviewer provides structured feedback with inline suggestions:

Summary Comment

🤖 AI Code Review

📊 Summary — Found 2 issues and 1 good practice.

Category	Critical	Warning	Info
Security	1	0	0
Code Quality	0	1	0

✨ Good Practices — Excellent error handling in api/handlers.py

---

⏱️ 1.2s | 🪙 1,540 tokens | 💰 ~$0.002

Inline Comment with "Apply" Button

⚠️ SQL Injection Risk

User input is concatenated directly into SQL query.

cursor.execute("SELECT * FROM users WHERE id = ?", (user_id,))

💡 Why this matters: SQL injection allows attackers to execute arbitrary SQL commands. Always use parameterized queries.

📚 Learn more

🛠️ Development

# Clone repository
git clone https://github.com/KonstZiv/ai-code-reviewer.git
cd ai-code-reviewer

# Install dependencies with uv
uv sync --all-groups

# Run tests
uv run pytest

# Run linters
uv run ruff check .
uv run mypy src/

# Build documentation
uv run mkdocs serve

📦 Installation Options

Method	Command	Best For
GitHub Action	uses: KonstZiv/ai-code-reviewer@v1	GitHub projects
Docker	docker pull koszivdocker/ai-reviewbot	GitLab CI
PyPI	pip install ai-reviewbot	Local testing

💰 Cost Estimate

Using Gemini 3 Flash Preview:

• Input: $0.075 / 1M tokens
• Output: $0.30 / 1M tokens
• Average review: ~$0.002 (1,500 tokens)

100 reviews/month ≈ $0.20

📄 License

Apache 2.0 — See LICENSE for details.

🤝 Contributing

Contributions are welcome! See Contributing Guide.

📬 Support

• 🐛 Report a Bug
• 💡 Request a Feature
• 📚 Documentation

---

Made with ❤️ by Kostyantin Zivenko