Privacy-first context packs for AI-assisted pull request review.
Project description
Reviewpack
Privacy-first context packs for AI-assisted pull request review.
Language
- English: README.md
- 简体中文: README.zh-CN.md
Reviewpack helps open-source maintainers and engineering teams prepare structured, reusable context before reviewing a pull request with a human reviewer or an AI coding assistant.
It is not another noisy AI reviewer. Reviewpack is a context layer: it collects pull request metadata, changed files, test signals, documentation signals, dependency signals, risk indicators, release note hints, reviewer checklist items, AI handoff instructions, and review focus areas into a clear review pack.
Quick Start
Install Reviewpack:
pip install reviewpack
Generate a demo review pack:
reviewpack demo
Reviewpack writes output to .reviewpack/ by default.
Show AI handoff instructions:
reviewpack handoff
If your AI assistant can read files in your workspace, ask:
Please read .reviewpack/ai-handoff.md and follow it.
If your AI assistant cannot read local files but can accept one uploaded file, upload:
.reviewpack/ai-context.md
If only copy and paste is available, use:
.reviewpack/ai-review-prompt.md
Why Reviewpack?
AI coding tools are powerful, but review quality depends heavily on context.
Direct AI review often starts from raw diffs. That can miss important project-level signals:
- Which files are high risk?
- Were tests updated?
- Were docs updated?
- Did dependencies change?
- Is the pull request too large?
- Does the change affect CI, configuration, or release behavior?
- Should this PR be mentioned in release notes?
- What should a maintainer focus on first?
Reviewpack prepares that context before review starts.
Common workflows
First-time demo
reviewpack demo
GitHub pull request
reviewpack github https://github.com/owner/repo/pull/123
Public repositories usually do not require a token.
Private repositories or rate-limited usage may require:
REVIEWPACK_GITHUB_TOKEN=YOUR_TOKEN reviewpack github https://github.com/owner/repo/pull/123
Local development
reviewpack local
By default, local mode compares:
main...HEAD
Fixture input
reviewpack from-fixture simple-pr.json
The fixture file must already exist.
For first-time usage, prefer:
reviewpack demo
Command guide
reviewpack guide
For CLI options:
reviewpack --help
reviewpack github --help
reviewpack local --help
GitHub Action
Reviewpack can run in GitHub Actions and upload the generated review pack as a workflow artifact.
Example workflow:
name: Reviewpack
on:
pull_request:
jobs:
reviewpack:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Run Reviewpack
uses: Yuanzitech/reviewpack@v0.4.0
with:
mode: github
pr-url: ${{ github.event.pull_request.html_url }}
github-token: ${{ github.token }}
The first GitHub Action integration does not post PR comments or call AI providers. It generates .reviewpack/ locally in the workflow and uploads it as an artifact.
See:
docs/github-action.md
What Reviewpack generates
A review pack may include:
- PR summary
- Changed file overview
- Risk checklist
- Reviewer checklist
- Release note hints
- Suggested review focus
- AI-ready review prompt
- AI handoff instructions
- AI context bundle
- AI input preview
- Machine-readable JSON output
Example output directory:
.reviewpack/pr-summary.md
.reviewpack/risk-checklist.md
.reviewpack/reviewer-checklist.md
.reviewpack/release-note-hints.md
.reviewpack/ai-review-prompt.md
.reviewpack/ai-handoff.md
.reviewpack/ai-context.md
.reviewpack/ai-input-preview.md
.reviewpack/reviewpack.json
AI handoff
Reviewpack does not call AI providers by default.
Instead, it generates local artifacts that can be inspected and shared intentionally.
If your AI assistant can read files in your workspace, ask:
Please read .reviewpack/ai-handoff.md and follow it.
If your AI assistant cannot read local files but can accept one uploaded file, upload:
.reviewpack/ai-context.md
If only copy and paste is available, use:
.reviewpack/ai-review-prompt.md
See:
docs/ai-handoff.md
Privacy-first by default
Reviewpack runs locally by default for demo, fixture, and local git workflows.
By default, it does not send code, diffs, branch names, commit messages, environment variables, repository metadata, or terminal information to any external AI service.
GitHub mode uses network access only to fetch explicitly requested pull request metadata and changed file statistics from the GitHub API.
The GitHub Action integration generates workflow-local artifacts and does not call AI providers.
Current privacy-oriented features include:
- Local demo mode
- Local fixture mode
- Local git diff mode
- GitHub PR metadata mode
- GitHub Action artifact mode
- AI-ready prompt generation without AI calls
- AI handoff without AI calls
- AI context bundle without AI calls
- AI input preview without AI calls
- Release note hints without AI calls
- Reviewer checklist without AI calls
- Best-effort secret redaction for preview text
- No raw diff upload by default
- No branch name upload by default
- No commit message upload by default
Documentation
- Installation guide: docs/installation.md
- Commands guide: docs/commands.md
- Usage guide: docs/usage.md
- Privacy model: docs/privacy.md
- Design notes: docs/design.md
- Local git diff mode: docs/local-git.md
- GitHub support: docs/github.md
- GitHub Action: docs/github-action.md
- AI handoff: docs/ai-handoff.md
- AI input preview: docs/ai-preview.md
- Release note hints: docs/release-note-hints.md
- Reviewer checklist: docs/reviewer-checklist.md
- Integration principles: docs/integrations.md
- Roadmap: docs/roadmap.md
- Release checklist: docs/release-checklist.md
- Examples guide: examples/README.md
Core idea
Direct AI review:
PR diff -> AI -> review comments
Reviewpack workflow:
PR data -> local analysis -> structured context pack -> human reviewer or AI assistant
Current status
Reviewpack is in early development.
The current milestone supports:
- PyPI installation
- Demo mode
- Local fixture input
- Local git diff input
- GitHub PR metadata input
- GitHub Action artifact output
- Structured Markdown and JSON output
- Reviewer checklist
- Release note hints
- AI handoff
- AI context bundle
- Optional AI input preview generation
- Secret-like value redaction in preview text
- No AI calls by default
Non-goals
Reviewpack does not aim to:
- Automatically approve pull requests
- Automatically merge pull requests
- Replace human maintainers
- Spam line-by-line comments
- Upload code by default
- Require AI to be useful
Design principles
- Local-first
- Privacy-first
- AI-optional
- Human-readable
- Machine-readable
- Maintainer-controlled
- Tool-agnostic
Reviewpack should work with human reviewers, Codex, Cursor, Cline, OpenCode, Claude Code, GitHub Copilot, and other coding assistants.
License
MIT
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file reviewpack-0.5.0.tar.gz.
File metadata
- Download URL: reviewpack-0.5.0.tar.gz
- Upload date:
- Size: 55.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c00738456b799e643cb954bb739a8d29cce2e68f15935d53c7c46159ee669da2
|
|
| MD5 |
8fc8dbe0b301e333c7dd03fa9deff9a9
|
|
| BLAKE2b-256 |
cfdd7a2dfe5f869dbb3e4644a57b68f54a620ab6acc9adae4371549ac77045d7
|
Provenance
The following attestation bundles were made for reviewpack-0.5.0.tar.gz:
Publisher:
publish.yml on Yuanzitech/reviewpack
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
reviewpack-0.5.0.tar.gz -
Subject digest:
c00738456b799e643cb954bb739a8d29cce2e68f15935d53c7c46159ee669da2 - Sigstore transparency entry: 1754746749
- Sigstore integration time:
-
Permalink:
Yuanzitech/reviewpack@605f95b0c7867a41a8b032c22d8e2b7447cdcf3f -
Branch / Tag:
refs/heads/main - Owner: https://github.com/Yuanzitech
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@605f95b0c7867a41a8b032c22d8e2b7447cdcf3f -
Trigger Event:
workflow_dispatch
-
Statement type:
File details
Details for the file reviewpack-0.5.0-py3-none-any.whl.
File metadata
- Download URL: reviewpack-0.5.0-py3-none-any.whl
- Upload date:
- Size: 28.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c61ea7e7b1d9c77941b11bbbf18b740d0678c4cb46f51b30bc6654163a7d24ed
|
|
| MD5 |
1ad706a88f236ef78df5a6ea1c55b036
|
|
| BLAKE2b-256 |
7112d6c5580acd8c8fbb99e0b7abc82e2decfcc695d7d88d35102528b188e817
|
Provenance
The following attestation bundles were made for reviewpack-0.5.0-py3-none-any.whl:
Publisher:
publish.yml on Yuanzitech/reviewpack
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
reviewpack-0.5.0-py3-none-any.whl -
Subject digest:
c61ea7e7b1d9c77941b11bbbf18b740d0678c4cb46f51b30bc6654163a7d24ed - Sigstore transparency entry: 1754746758
- Sigstore integration time:
-
Permalink:
Yuanzitech/reviewpack@605f95b0c7867a41a8b032c22d8e2b7447cdcf3f -
Branch / Tag:
refs/heads/main - Owner: https://github.com/Yuanzitech
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@605f95b0c7867a41a8b032c22d8e2b7447cdcf3f -
Trigger Event:
workflow_dispatch
-
Statement type: