Auto-Pilot
Updated a month ago

autobot-review

Bbinhmuc
0.0k
binhmuc/autobot-review
72
Agent Score

πŸ’‘ Summary

English summary.

🎯 Target Audience

Persona 1Persona 2Persona 3

πŸ€– AI Roast: β€œPowerful, but the setup might scare off the impatient.”

Security AnalysisMedium Risk

Risk: Medium. Review: shell/CLI command execution; outbound network access (SSRF, data egress); API keys/tokens handling and storage; dependency pinning and supply-chain risk. Run with least privilege and audit before enabling in production.

ReviewBot - AI-Powered GitLab Code Review System

NestJS React TypeScript PostgreSQL Azure OpenAI

Automated code review bot for GitLab using Azure OpenAI Haiku 4.5. Provides intelligent code analysis, security checks, performance suggestions, and inline comments directly on merge requests.

πŸ“Έ Screenshots

Dashboard

Dashboard Overview Real-time metrics showing code quality scores, issue breakdown, and review history

GitLab Integration

Inline Comments AI-powered inline comments directly on merge request code changes

MR Summary Comprehensive merge request summary with quality score and categorized issues

Developer Analytics

Developer Metrics Track individual developer performance and improvement trends over time

Note: Add your screenshots to the /images folder to display them here.

🌟 Features

Code Review Intelligence

  • AI-Powered Analysis: Utilizes Azure OpenAI Haiku 4.5 for fast, accurate code reviews
  • Multi-Language Support: Analyzes TypeScript, JavaScript, Python, Java, Go, Rust, PHP, and more
  • Smart Batching: Combines multiple file changes into single LLM call for efficiency (≀500 lines)
  • False Positive Filtering: Verifies LLM findings against actual file content to reduce noise

Review Capabilities

  • Inline Comments: Posts comments directly on specific code lines for critical/high/medium issues
  • Comprehensive Summary: Detailed MR-level summary with quality scores and issue breakdown
  • Issue Categorization:
    • Severity: Critical, High, Medium, Low
    • Type: Security, Performance, Logic, Style
  • Context-Aware: Includes Β±10 lines of context and imports for accurate analysis

Developer Metrics

  • Quality Scoring: 0-100 score based on issue severity
  • Historical Tracking: Review history and trends per developer
  • Project Analytics: Aggregate metrics across projects

Integration

  • GitLab Webhooks: Automatic review on MR open/update
  • Queue Processing: Async job processing with Bull + Redis
  • API Access: RESTful API for frontend consumption

πŸ—οΈ Architecture

reviewbot/
β”œβ”€β”€ reviewbot-backend/     # NestJS API + Queue Processor
β”‚   β”œβ”€β”€ src/
β”‚   β”‚   β”œβ”€β”€ webhook/       # GitLab webhook receiver
β”‚   β”‚   β”œβ”€β”€ llm/           # Azure OpenAI integration
β”‚   β”‚   β”œβ”€β”€ queue/         # Bull queue processing
β”‚   β”‚   β”œβ”€β”€ gitlab/        # GitLab API client
β”‚   β”‚   └── prisma/        # Database models
β”‚   β”œβ”€β”€ prisma/            # Database schema
β”‚   └── docker-compose.yml # Infrastructure stack
β”‚
└── reviewbot-frontend/    # React + Vite Dashboard
    └── src/
        β”œβ”€β”€ pages/         # Dashboard, Projects, Developers, Reviews
        β”œβ”€β”€ components/    # Reusable UI components
        └── api/           # API client

Tech Stack

Backend:

  • NestJS (Node.js framework)
  • Prisma ORM
  • PostgreSQL (database)
  • Redis + Bull (queue processing)
  • Azure OpenAI API (Haiku 4.5)
  • GitLab REST API (@gitbeaker/rest)

Frontend:

  • React 19
  • Vite (build tool)
  • TanStack Query (data fetching)
  • Tailwind CSS + shadcn/ui
  • Recharts (visualization)

πŸ“‹ Prerequisites

  • Node.js: v18+ (backend and frontend)
  • Docker & Docker Compose: For PostgreSQL and Redis
  • Azure OpenAI: API key and Haiku 4.5 deployment
  • GitLab: Personal access token with API scope
  • Git: For version control

πŸš€ Quick Start

1. Clone Repository

git clone <your-repo-url> cd reviewbot

2. Backend Setup

cd reviewbot-backend # Install dependencies npm install # Copy environment template cp .env.example .env # Edit .env with your credentials nano .env

Required Environment Variables:

# Database DATABASE_URL=postgresql://reviewbot:your_password@localhost:5432/reviewbot DB_PASSWORD=your_password # Redis REDIS_HOST=localhost REDIS_PORT=6379 # Azure OpenAI AZURE_OPENAI_KEY=your_api_key AZURE_OPENAI_ENDPOINT=https://your-resource.cognitiveservices.azure.com/ AZURE_OPENAI_DEPLOYMENT=haiku-4-5 AZURE_OPENAI_MODEL_NAME=haiku-4-5 # GitLab GITLAB_HOST=https://gitlab.com GITLAB_WEBHOOK_SECRET=your_webhook_secret GITLAB_ACCESS_TOKEN=your_gitlab_token # Auth JWT_SECRET=your_jwt_secret ADMIN_USERNAME=admin ADMIN_PASSWORD=change_me

3. Start Infrastructure

# Start PostgreSQL and Redis docker-compose up -d postgres redis # Run database migrations npm run prisma:generate npm run prisma:migrate

4. Start Backend

# Development mode with hot-reload npm run start:dev # Production mode npm run build npm run start:prod

Backend runs on http://localhost:3000

5. Frontend Setup

cd ../reviewbot-frontend # Install dependencies npm install # Create .env.local echo "VITE_API_URL=http://localhost:3000" > .env.local # Start development server npm run dev

Frontend runs on http://localhost:5173

βš™οΈ Configuration

GitLab Webhook Setup

  1. Go to your GitLab project β†’ Settings β†’ Webhooks
  2. Add webhook:
    • URL: http://your-server:3000/webhook
    • Secret Token: Use value from GITLAB_WEBHOOK_SECRET
    • Trigger: βœ… Merge request events
    • SSL verification: Enable if using HTTPS
  3. Click Add webhook
  4. Test by creating a test MR

Azure OpenAI Setup

  1. Create Azure OpenAI resource in Azure Portal
  2. Deploy Haiku 4.5 model (or your preferred model)
  3. Get API key and endpoint from Keys and Endpoint section
  4. Update .env with credentials

πŸ“Š Usage

Dashboard

Access the frontend at http://localhost:5173 to view:

  • Code Quality Metrics: Issues found, review scores, trends
  • Project Management: Configure webhooks, view project stats
  • Developer Performance: Individual metrics, improvement trends
  • Review History: Full review details with inline comments

API Endpoints

Webhook (GitLab calls this):

  • POST /webhook - Receive MR events

Projects:

  • GET /projects - List all projects
  • POST /projects - Add project
  • GET /projects/:id/reviews - Project review history

Reviews:

  • GET /reviews - List all reviews
  • GET /reviews/:id - Review details

Developers:

  • GET /developers - List all developers
  • GET /developers/:id/stats - Developer metrics

Review Workflow

  1. Developer creates/updates MR β†’ GitLab webhook fires
  2. Backend receives webhook β†’ Creates review job in queue
  3. Queue processor:
    • Fetches MR diffs from GitLab
    • Collects file context (imports, surrounding lines)
    • Decides batching strategy (≀500 lines = batch)
    • Calls Azure OpenAI for review
    • Verifies issues to filter false positives
    • Posts inline comments (critical/high/medium)
    • Posts summary comment with all issues
  4. Frontend displays:
    • Summary comment appears on MR
    • Inline comments appear on specific lines
    • Dashboard shows updated metrics

πŸ”§ Development

Project Structure

reviewbot-backend/src/
β”œβ”€β”€ main.ts                # Application entry point
β”œβ”€β”€ webhook/
β”‚   β”œβ”€β”€ webhook.controller.ts    # Webhook endpoint
β”‚   └── webhook.service.ts       # Webhook validation
β”œβ”€β”€ llm/
β”‚   β”œβ”€β”€ llm.service.ts           # Azure OpenAI integration
β”‚   β”œβ”€β”€ diff-processor.ts        # Diff parsing
β”‚   └── issue-verifier.service.ts # False positive filter
β”œβ”€β”€ queue/
β”‚   └── review-processor.ts      # Bull queue job handler
β”œβ”€β”€ gitlab/
β”‚   └── gitlab.service.ts        # GitLab API client
└── prisma/
    └── prisma.service.ts        # Database client

Database Schema

model Project { id String @id @default(cuid()) gitlabProjectId Int @unique name String webhookUrl String? reviews Review[] } model Developer { id String @id @default(cuid()) gitlabUserId Int @unique username String email String? reviews Review[] } model Review { id String @id @default(cuid()) mergeRequestIid Int projectId String developerId String reviewContent Json qualityScore Int issuesFound Int status ReviewStatus createdAt DateTime @default(now()) project Project @relation(...) developer Developer @relation(...) }

Running Tests

# Backend tests cd reviewbot-backend npm test # Frontend tests cd reviewbot-frontend npm run test

Building for Production

# Backend cd reviewbot-backend npm run build # Frontend cd reviewbot-frontend npm run build

🐳 Docker Deployment

Option 1: Docker Compose (Full Stack)

cd reviewbot-backend # Build and start all services docker-compose up -d # View logs docker-compose logs -f # Stop services docker-compose down

Services:

  • PostgreSQL: localhost:5432
  • Redis: localhost:6379
  • Backend: localhost:3000
  • Frontend: localhost:5173

Option 2: Separate Services

# Start only infrastructure docker-compose up -d postgres redis # Run backend locally npm run start:dev # Run frontend locally cd ../reviewbot-frontend npm run dev

πŸ” Monitoring & Debugging

Logs

# Backend logs (development) npm run start:dev # Docker logs docker-compose logs -f backend # Redis queue monitoring npm run pri
5-Dim Analysis
Clarity8/10
Novelty6/10
Utility8/10
Completeness7/10
Maintainability7/10
Pros & Cons

Pros

  • p1
  • p2

Cons

  • c1
  • c2

Related Skills

claude-domain-skills

B
toolAuto-Pilot
72/ 100

β€œPowerful, but the setup might scare off the impatient.”

my-skills

B
toolAuto-Pilot
72/ 100

β€œPowerful, but the setup might scare off the impatient.”

terraform-ibm-modules-skills

B
toolAuto-Pilot
72/ 100

β€œPowerful, but the setup might scare off the impatient.”

Disclaimer: This content is sourced from GitHub open source projects for display and rating purposes only.

Copyright belongs to the original author binhmuc.