Skip to main content

Privacy-first context packs for AI-assisted pull request review.

Project description

Reviewpack

Privacy-first context packs for AI-assisted pull request review.

Language

  • English: README.md
  • 简体中文: README.zh-CN.md

Reviewpack helps open-source maintainers and engineering teams prepare structured, reusable context before reviewing a pull request with a human reviewer or an AI coding assistant.

It is not another noisy AI reviewer. Reviewpack is a context layer: it collects pull request metadata, changed files, test signals, documentation signals, dependency signals, risk indicators, release note hints, reviewer checklist items, AI handoff instructions, and review focus areas into a clear review pack.

Quick Start

Install Reviewpack:

pip install reviewpack

Generate a demo review pack:

reviewpack demo

Reviewpack writes output to .reviewpack/ by default.

Show AI handoff instructions:

reviewpack handoff

If your AI assistant can read files in your workspace, ask:

Please read .reviewpack/ai-handoff.md and follow it.

If your AI assistant cannot read local files but can accept one uploaded file, upload:

.reviewpack/ai-context.md

If only copy and paste is available, use:

.reviewpack/ai-review-prompt.md

Why Reviewpack?

AI coding tools are powerful, but review quality depends heavily on context.

Direct AI review often starts from raw diffs. That can miss important project-level signals:

  • Which files are high risk?
  • Were tests updated?
  • Were docs updated?
  • Did dependencies change?
  • Is the pull request too large?
  • Does the change affect CI, configuration, or release behavior?
  • Should this PR be mentioned in release notes?
  • What should a maintainer focus on first?

Reviewpack prepares that context before review starts.

Common workflows

First-time demo

reviewpack demo

GitHub pull request

reviewpack github https://github.com/owner/repo/pull/123

Public repositories usually do not require a token.

Private repositories or rate-limited usage may require:

REVIEWPACK_GITHUB_TOKEN=YOUR_TOKEN reviewpack github https://github.com/owner/repo/pull/123

Local development

reviewpack local

By default, local mode compares:

main...HEAD

Fixture input

reviewpack from-fixture simple-pr.json

The fixture file must already exist.

For first-time usage, prefer:

reviewpack demo

Command guide

reviewpack guide

For CLI options:

reviewpack --help
reviewpack github --help
reviewpack local --help

GitHub Action

Reviewpack can run in GitHub Actions and upload the generated review pack as a workflow artifact.

Example workflow:

name: Reviewpack

on:
  pull_request:

jobs:
  reviewpack:
    runs-on: ubuntu-latest

    permissions:
      contents: read
      pull-requests: read

    steps:
      - name: Check out repository
        uses: actions/checkout@v4

      - name: Run Reviewpack
        uses: Yuanzitech/reviewpack@v0.4.0
        with:
          mode: github
          pr-url: ${{ github.event.pull_request.html_url }}
          github-token: ${{ github.token }}

The first GitHub Action integration does not post PR comments or call AI providers. It generates .reviewpack/ locally in the workflow and uploads it as an artifact.

See:

docs/github-action.md

What Reviewpack generates

A review pack may include:

  • PR summary
  • Changed file overview
  • Risk checklist
  • Reviewer checklist
  • Release note hints
  • Suggested review focus
  • AI-ready review prompt
  • AI handoff instructions
  • AI context bundle
  • AI input preview
  • Machine-readable JSON output

Example output directory:

.reviewpack/pr-summary.md
.reviewpack/risk-checklist.md
.reviewpack/reviewer-checklist.md
.reviewpack/release-note-hints.md
.reviewpack/ai-review-prompt.md
.reviewpack/ai-handoff.md
.reviewpack/ai-context.md
.reviewpack/ai-input-preview.md
.reviewpack/reviewpack.json

AI handoff

Reviewpack does not call AI providers by default.

Instead, it generates local artifacts that can be inspected and shared intentionally.

If your AI assistant can read files in your workspace, ask:

Please read .reviewpack/ai-handoff.md and follow it.

If your AI assistant cannot read local files but can accept one uploaded file, upload:

.reviewpack/ai-context.md

If only copy and paste is available, use:

.reviewpack/ai-review-prompt.md

See:

docs/ai-handoff.md

Privacy-first by default

Reviewpack runs locally by default for demo, fixture, and local git workflows.

By default, it does not send code, diffs, branch names, commit messages, environment variables, repository metadata, or terminal information to any external AI service.

GitHub mode uses network access only to fetch explicitly requested pull request metadata and changed file statistics from the GitHub API.

The GitHub Action integration generates workflow-local artifacts and does not call AI providers.

Current privacy-oriented features include:

  • Local demo mode
  • Local fixture mode
  • Local git diff mode
  • GitHub PR metadata mode
  • GitHub Action artifact mode
  • AI-ready prompt generation without AI calls
  • AI handoff without AI calls
  • AI context bundle without AI calls
  • AI input preview without AI calls
  • Release note hints without AI calls
  • Reviewer checklist without AI calls
  • Best-effort secret redaction for preview text
  • No raw diff upload by default
  • No branch name upload by default
  • No commit message upload by default

Documentation

  • Installation guide: docs/installation.md
  • Commands guide: docs/commands.md
  • Usage guide: docs/usage.md
  • Privacy model: docs/privacy.md
  • Design notes: docs/design.md
  • Local git diff mode: docs/local-git.md
  • GitHub support: docs/github.md
  • GitHub Action: docs/github-action.md
  • AI handoff: docs/ai-handoff.md
  • AI input preview: docs/ai-preview.md
  • Release note hints: docs/release-note-hints.md
  • Reviewer checklist: docs/reviewer-checklist.md
  • Integration principles: docs/integrations.md
  • Roadmap: docs/roadmap.md
  • Release checklist: docs/release-checklist.md
  • Examples guide: examples/README.md

Core idea

Direct AI review:

PR diff -> AI -> review comments

Reviewpack workflow:

PR data -> local analysis -> structured context pack -> human reviewer or AI assistant

Current status

Reviewpack is in early development.

The current milestone supports:

  • PyPI installation
  • Demo mode
  • Local fixture input
  • Local git diff input
  • GitHub PR metadata input
  • GitHub Action artifact output
  • Structured Markdown and JSON output
  • Reviewer checklist
  • Release note hints
  • AI handoff
  • AI context bundle
  • Optional AI input preview generation
  • Secret-like value redaction in preview text
  • No AI calls by default

Non-goals

Reviewpack does not aim to:

  • Automatically approve pull requests
  • Automatically merge pull requests
  • Replace human maintainers
  • Spam line-by-line comments
  • Upload code by default
  • Require AI to be useful

Design principles

  1. Local-first
  2. Privacy-first
  3. AI-optional
  4. Human-readable
  5. Machine-readable
  6. Maintainer-controlled
  7. Tool-agnostic

Reviewpack should work with human reviewers, Codex, Cursor, Cline, OpenCode, Claude Code, GitHub Copilot, and other coding assistants.

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

reviewpack-0.5.0.tar.gz (55.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

reviewpack-0.5.0-py3-none-any.whl (28.5 kB view details)

Uploaded Python 3

File details

Details for the file reviewpack-0.5.0.tar.gz.

File metadata

  • Download URL: reviewpack-0.5.0.tar.gz
  • Upload date:
  • Size: 55.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for reviewpack-0.5.0.tar.gz
Algorithm Hash digest
SHA256 c00738456b799e643cb954bb739a8d29cce2e68f15935d53c7c46159ee669da2
MD5 8fc8dbe0b301e333c7dd03fa9deff9a9
BLAKE2b-256 cfdd7a2dfe5f869dbb3e4644a57b68f54a620ab6acc9adae4371549ac77045d7

See more details on using hashes here.

Provenance

The following attestation bundles were made for reviewpack-0.5.0.tar.gz:

Publisher: publish.yml on Yuanzitech/reviewpack

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file reviewpack-0.5.0-py3-none-any.whl.

File metadata

  • Download URL: reviewpack-0.5.0-py3-none-any.whl
  • Upload date:
  • Size: 28.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for reviewpack-0.5.0-py3-none-any.whl
Algorithm Hash digest
SHA256 c61ea7e7b1d9c77941b11bbbf18b740d0678c4cb46f51b30bc6654163a7d24ed
MD5 1ad706a88f236ef78df5a6ea1c55b036
BLAKE2b-256 7112d6c5580acd8c8fbb99e0b7abc82e2decfcc695d7d88d35102528b188e817

See more details on using hashes here.

Provenance

The following attestation bundles were made for reviewpack-0.5.0-py3-none-any.whl:

Publisher: publish.yml on Yuanzitech/reviewpack

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page