iara-reviewer 1.11.0

AI-powered code reviewer using OpenRouter LLMs

Iara - AI Code Reviewer 🧜‍♀️

🇧🇷 Leia em Português

Iara is an automated, project-agnostic, configurable code review tool designed to run in CI/CD pipelines or locally via CLI. It connects directly to the LLM provider of your choice — OpenRouter (free models), OpenAI, Google Gemini, or Anthropic Claude.

---

---

Table of Contents

• Features
• Capabilities
• Installation and Setup
• How to Use
• Privacy & Security
• Documentation
• Tests
• Contributing
• License

---

🚀 Features

• Agnostic: Configure your project context (Tech Stack, Rules) via JSON.
• Multi-Provider: Connect directly to OpenRouter, OpenAI, Google Gemini, Anthropic Claude, or Groq.
• Smart Fallback: Automatically tries free models if the preferred one fails (OpenRouter only).
• Rules-Based (Static): Identifies dangerous patterns instantly without spending tokens (e.g., GetComponent in loops in Unity).
• LLM-Based (Intelligent): Uses AI to understand logic, security, and context, going beyond syntax.
• GitHub + GitLab: Native integration with both platforms, with automatic comments on PRs/MRs.
• Multi-Language Reviews: Configure the output language — reviews can be written in English, Portuguese, Spanish, French, and more.

🧠 Capabilities

Iara combines different types of analysis for a complete review:

Type	What does it do?	Does Iara cover it?	How?
Static Analysis	Finds bugs by reading code (fast).	✅ Yes	Via Extensions (Regex) and LLM.
Linting	Fixes style and formatting.	✅ Yes	LLM can suggest Clean Code.
SAST	Finds security flaws in code.	✅ Yes	Primary focus on vulnerability detection.
Dynamic Analysis	Finds bugs by running the app (slow).	❌ No	Focus on fast CI/CD (Code Review).

What does it detect?

1. Unity / Game Dev:

   • Use of slow APIs (Find, GetComponent) in critical loops (Update).
   • Excessive memory allocation (Garbage Collection).
   • Excess logging (Debug.Log) in final builds.

2. Security (General):

   • Hardcoded credentials (Passwords, API Keys).
   • Injection vulnerabilities (SQL, Command).
   • Missing input validation.

3. Code Quality:

   • Complex or confusing logic.
   • Exception handling errors.
   • Refactoring suggestions for readability.

---

📦 Installation and Setup

1. Install

pip install iara-reviewer

2. Configure (Interactive Setup)

iara init

The wizard guides you through 5 steps:

1. Language — Choose the review output language (en, pt-br, es, fr, etc.)
2. Provider — Choose your LLM provider: openrouter (default, free), openai, gemini, anthropic, or groq
3. API Key — Enter the key for the chosen provider (validated and saved to ~/.iara/config.json)
4. Project — Name, tech stack, description
5. Preferences — Focus areas (Security, Performance, etc.)

Done! Project config is saved at .iara.json.

3. Use

git diff main | iara

Check authentication

iara auth status

Manual setup (without wizard)

Set the provider and its key via environment variables:

# OpenRouter (default — free models available)
export OPENROUTER_API_KEY="sk-or-..."

# OpenAI
export IARA_PROVIDER="openai"
export OPENAI_API_KEY="sk-..."

# Google Gemini
export IARA_PROVIDER="gemini"
export GEMINI_API_KEY="AIza..."

# Anthropic Claude
export IARA_PROVIDER="anthropic"
export ANTHROPIC_API_KEY="sk-ant-..."

API key resolution priority: environment variable > global config (~/.iara/config.json).

From source (Development)

git clone https://github.com/felipefernandes/iara.git
cd iara
pip install -e .

---

🏃 How to Use

Via Pipe (Git Diff)

git diff main | iara

Via Environment Variable

export PR_DIFF=$(git diff main)
iara

Scan Mode (Static Analysis)

iara --scan ./path/to/project

Forcing a Provider and Model

# Anthropic Claude
export IARA_PROVIDER="anthropic"
export ANTHROPIC_API_KEY="sk-ant-..."
export IARA_MODEL="claude-sonnet-4-5-20250929"
git diff | iara

# OpenAI GPT-4o
export IARA_PROVIDER="openai"
export OPENAI_API_KEY="sk-..."
export IARA_MODEL="gpt-4o"
git diff | iara

# Google Gemini
export IARA_PROVIDER="gemini"
export GEMINI_API_KEY="AIza..."
export IARA_MODEL="gemini-2.5-flash"
git diff | iara

---

🔒 Privacy & Security

Important: Iara sends your code to third-party LLM providers for analysis. While convenient, this has privacy implications you should be aware of.

What happens to your code?

• Code diffs are sent to external APIs (OpenRouter, OpenAI, Gemini, Anthropic, Groq)
• Providers may temporarily store data for processing
• Data retention and training policies vary by provider

Provider Privacy Comparison

Provider	Training on API Data	Data Retention	Enterprise Options	Best For
Anthropic	❌ No	Temporary	✅ Yes	Sensitive code
OpenAI	⚠️ Opt-out required	30 days	✅ Yes	General use
Gemini	⚠️ Varies	Not documented	✅ Yes	General use
Groq	⚠️ Not documented	Not documented	❌ No	Public code
OpenRouter	⚠️ Depends on model	Varies	❌ No	Public code

Recommendations by Use Case

• Open Source Projects: Any provider (code is already public)
• Private Projects (non-sensitive): Anthropic or Groq
• Sensitive/Proprietary Code: Anthropic Enterprise or self-hosted LLM
• Regulated Industries (HIPAA, PCI-DSS): Self-hosted LLM only (e.g., Ollama - see Issue #76)

For detailed privacy information and self-hosted options, see Privacy & Security Guide.

---

📚 Documentation

For detailed guides and configuration options, see:

• Configuration Guide - Project configuration, providers, models, RAG memory setup
• CI/CD Integration - GitHub Actions, GitLab CI, Docker, inline PR comments
• Privacy & Security Guide - Data privacy, provider policies, self-hosted options
• Contributing Guide - Development setup, testing, pull requests

Configuration Examples

Complete configuration examples are available in examples/:

• examples/iara-example.json - Standard configuration
• examples/iara-example-inline.json - Inline PR comments mode
• examples/github-workflow.yml - GitHub Actions workflow
• examples/gitlab-ci.yml - GitLab CI pipeline

Quick Links

• GitHub Marketplace - Add Iara to your repository
• PyPI Package - Install via pip
• Changelog - Version history and release notes

---

🧪 Tests

python -m unittest discover tests

---

🤝 Contributing

We welcome contributions! See our Contributing Guide for:

• Development setup
• Running tests
• Code quality standards
• Pull request guidelines
• Release process

---

📜 License

MIT