AI-powered code reviewer using OpenRouter LLMs

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for felipefernandes from gravatar.com felipefernandes

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Felipe Fernandes
  • Tags code-review , ai , llm , openrouter , github , gitlab
  • Requires: Python >=3.8
  • Provides-Extra: rag
Classifiers
Report project as malware

Project description

Iara - AI Code Reviewer 🧜‍♀️

Iara - AI Code Review Agent

🇧🇷 Leia em Português

Iara is an automated, project-agnostic, configurable code review tool designed to run in CI/CD pipelines or locally via CLI. It connects directly to the LLM provider of your choice — OpenRouter (free models), OpenAI, Google Gemini, or Anthropic Claude.

🧜‍♀️ Iara Code Review 🧪 Tests codecov PyPI - Version GitHub Marketplace License: MIT

Table of Contents

🚀 Features

  • Agnostic: Configure your project context (Tech Stack, Rules) via JSON.
  • Multi-Provider: Connect directly to OpenRouter, OpenAI, Google Gemini, Anthropic Claude, Groq, or Ollama (local, no API key).
  • Smart Fallback: Automatically tries free models if the preferred one fails (OpenRouter only).
  • Rules-Based (Static): Identifies dangerous patterns instantly without spending tokens (e.g., GetComponent in loops in Unity).
  • LLM-Based (Intelligent): Uses AI to understand logic, security, and context, going beyond syntax.
  • GitHub + GitLab: Native integration with both platforms, with automatic comments on PRs/MRs.
  • Multi-Language Reviews: Configure the output language — reviews can be written in English, Portuguese, Spanish, French, and more.

🧠 Capabilities

Iara combines different types of analysis for a complete review:

Type What does it do? Does Iara cover it? How?
Static Analysis Finds bugs by reading code (fast). Yes Via Extensions (Regex) and LLM.
Linting Fixes style and formatting. Yes LLM can suggest Clean Code.
SAST Finds security flaws in code. Yes Primary focus on vulnerability detection.
Dynamic Analysis Finds bugs by running the app (slow). ❌ No Focus on fast CI/CD (Code Review).

What does it detect?

  1. Unity / Game Dev:

    • Use of slow APIs (Find, GetComponent) in critical loops (Update).
    • Excessive memory allocation (Garbage Collection).
    • Excess logging (Debug.Log) in final builds.

  2. Security (General):

    • Hardcoded credentials (Passwords, API Keys).
    • Injection vulnerabilities (SQL, Command).
    • Missing input validation.

  3. Code Quality:

    • Complex or confusing logic.
    • Exception handling errors.
    • Refactoring suggestions for readability.

📦 Installation and Setup

1. Install

pip install iara-reviewer

2. Configure (Interactive Setup)

iara init

The wizard guides you through 5 steps:

  1. Language — Choose the review output language (en, pt-br, es, fr, etc.)
  2. Provider — Choose your LLM provider: openrouter (default, free), openai, gemini, anthropic, groq, or ollama (local)
  3. API Key — Enter the key for the chosen provider (skipped for Ollama; validated and saved to ~/.iara/config.json)
  4. Project — Name, tech stack, description
  5. Preferences — Focus areas (Security, Performance, etc.)

Done! Project config is saved at .iara.json.

3. Use

git diff main | iara

Check authentication

iara auth status

Manual setup (without wizard)

Set the provider and its key via environment variables:

# OpenRouter (default — free models available)
export OPENROUTER_API_KEY="sk-or-..."

# OpenAI
export IARA_PROVIDER="openai"
export OPENAI_API_KEY="sk-..."

# Google Gemini
export IARA_PROVIDER="gemini"
export GEMINI_API_KEY="AIza..."

# Anthropic Claude
export IARA_PROVIDER="anthropic"
export ANTHROPIC_API_KEY="sk-ant-..."

API key resolution priority: environment variable > global config (~/.iara/config.json).

From source (Development)

git clone https://github.com/felipefernandes/iara.git
cd iara
pip install -e .

🏃 How to Use

Via Pipe (Git Diff)

git diff main | iara

Via Environment Variable

export PR_DIFF=$(git diff main)
iara

Scan Mode (Static Analysis)

iara --scan ./path/to/project

Forcing a Provider and Model

# Anthropic Claude
export IARA_PROVIDER="anthropic"
export ANTHROPIC_API_KEY="sk-ant-..."
export IARA_MODEL="claude-sonnet-4-5-20250929"
git diff | iara

# OpenAI GPT-4o
export IARA_PROVIDER="openai"
export OPENAI_API_KEY="sk-..."
export IARA_MODEL="gpt-4o"
git diff | iara

# Google Gemini
export IARA_PROVIDER="gemini"
export GEMINI_API_KEY="AIza..."
export IARA_MODEL="gemini-2.5-flash"
git diff | iara

🔒 Privacy & Security

Important: Iara sends your code to third-party LLM providers for analysis. While convenient, this has privacy implications you should be aware of.

What happens to your code?

  • Code diffs are sent to external APIs (OpenRouter, OpenAI, Gemini, Anthropic, Groq)
  • Providers may temporarily store data for processing
  • Data retention and training policies vary by provider

Provider Privacy Comparison

Provider Training on API Data Data Retention Enterprise Options Best For
Ollama (local) ✅ None — code never leaves your machine None ✅ Yes Regulated / sensitive code
Anthropic ❌ No Temporary ✅ Yes Sensitive code
OpenAI ⚠️ Opt-out required 30 days ✅ Yes General use
Gemini ⚠️ Varies Not documented ✅ Yes General use
Groq ⚠️ Not documented Not documented ❌ No Public code
OpenRouter ⚠️ Depends on model Varies ❌ No Public code

Recommendations by Use Case

  • Open Source Projects: Any provider (code is already public)
  • Private Projects (non-sensitive): Anthropic or Groq
  • Sensitive/Proprietary Code: Anthropic Enterprise or Ollama (local)
  • Regulated Industries (HIPAA, PCI-DSS, GDPR): Ollama — zero data leakage, free, works offline

For detailed privacy information and self-hosted options, see Privacy & Security Guide.

📚 Documentation

For detailed guides and configuration options, see:

Configuration Examples

Complete configuration examples are available in examples/:

Quick Links

🧪 Tests

python -m unittest discover tests

🤝 Contributing

We welcome contributions! See our Contributing Guide for:

  • Development setup
  • Running tests
  • Code quality standards
  • Pull request guidelines
  • Release process

📜 License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for felipefernandes from gravatar.com felipefernandes

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Felipe Fernandes
  • Tags code-review , ai , llm , openrouter , github , gitlab
  • Requires: Python >=3.8
  • Provides-Extra: rag
Classifiers

Release history Release notifications | RSS feed

1.13.0

This version

1.12.0

1.11.1

1.11.0

1.10.0

1.9.0

1.8.0

1.7.2

1.7.1

1.7.0

1.6.0

1.5.1

1.5.0

1.4.0

1.3.1

1.3.0

1.2.1

1.2.0

1.1.1

1.1.0

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

iara_reviewer-1.12.0.tar.gz (77.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

iara_reviewer-1.12.0-py3-none-any.whl (54.7 kB view details)

Uploaded Python 3

File details

Details for the file iara_reviewer-1.12.0.tar.gz.

File metadata

  • Download URL: iara_reviewer-1.12.0.tar.gz
  • Upload date:
  • Size: 77.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for iara_reviewer-1.12.0.tar.gz
Algorithm Hash digest
SHA256 153b252c5d8b79c7eee160776a14643912855540e520fb4e567b9de38ad58326
MD5 e87b2a9fe846bc5f58a616887c265038
BLAKE2b-256 4bd5e612824b6f82a11b8fd3b4aef6679f653efd961f7e3b8f261d9fece3ac95

See more details on using hashes here.

Provenance

The following attestation bundles were made for iara_reviewer-1.12.0.tar.gz:

Publisher: publish-pypi.yml on felipefernandes/iara

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file iara_reviewer-1.12.0-py3-none-any.whl.

File metadata

  • Download URL: iara_reviewer-1.12.0-py3-none-any.whl
  • Upload date:
  • Size: 54.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for iara_reviewer-1.12.0-py3-none-any.whl
Algorithm Hash digest
SHA256 0a27d1f37eb25cf383ea996be40d1a27b51da5cd2fe474533efdb90ea78a2ad2
MD5 82a926d632f1e4139b96ae9c8c5a21c2
BLAKE2b-256 5bf3dd7b36a0e474849c84869ca96eb191d6bf0b92c0ce546148d35350854f43

See more details on using hashes here.

Provenance

The following attestation bundles were made for iara_reviewer-1.12.0-py3-none-any.whl:

Publisher: publish-pypi.yml on felipefernandes/iara

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page