{"id":49776501,"url":"https://github.com/aryanbrite/openrabbit","last_synced_at":"2026-06-06T08:00:56.066Z","repository":{"id":354428062,"uuid":"1223579568","full_name":"aryanbrite/openrabbit","owner":"aryanbrite","description":"GitHub Action that generates PR review summaries and inline comments using any LLM provider","archived":false,"fork":false,"pushed_at":"2026-06-05T17:11:26.000Z","size":191,"stargazers_count":3,"open_issues_count":6,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-06-05T19:14:50.176Z","etag":null,"topics":["actions","agentic-ai","agentic-workflows","ai","claude-code","code-review-assistant-active","workflows"],"latest_commit_sha":null,"homepage":"https://openrabbit-website.vercel.app","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aryanbrite.png","metadata":{"files":{"readme":"Readme.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":".github/FUNDING.YML","license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":null,"patreon":"deyweaver","open_collective":"deyweaver","ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"lfx_crowdfunding":null,"polar":null,"buy_me_a_coffee":null,"thanks_dev":null,"custom":null}},"created_at":"2026-04-28T13:06:45.000Z","updated_at":"2026-06-05T17:11:15.000Z","dependencies_parsed_at":"2026-05-01T16:00:38.483Z","dependency_job_id":null,"html_url":"https://github.com/aryanbrite/openrabbit","commit_stats":null,"previous_names":["aryan6673/openrabbit","aryanbrite/openrabbit"],"tags_count":61,"template":false,"template_full_name":null,"purl":"pkg:github/aryanbrite/openrabbit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aryanbrite%2Fopenrabbit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aryanbrite%2Fopenrabbit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aryanbrite%2Fopenrabbit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aryanbrite%2Fopenrabbit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aryanbrite","download_url":"https://codeload.github.com/aryanbrite/openrabbit/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aryanbrite%2Fopenrabbit/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33973868,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-06T02:00:07.033Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","agentic-ai","agentic-workflows","ai","claude-code","code-review-assistant-active","workflows"],"created_at":"2026-05-11T15:12:50.869Z","updated_at":"2026-06-06T08:00:56.050Z","avatar_url":"https://github.com/aryanbrite.png","language":"TypeScript","funding_links":["https://patreon.com/deyweaver","https://opencollective.com/deyweaver"],"categories":["AI-Powered Compilers and Code Assistants"],"sub_categories":["Multi-Agent / Orchestration Frameworks"],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://cdn.hackclub.com/019dd5c5-82e4-7a61-b2f2-47d14fa325a2/Untitled%20design%20(9).png\" width=\"128\" height=\"128\" alt=\"OpenRabbit icon\"\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003eOpenRabbit\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  free, open-source, self-hosted GitHub PR reviewer that replaces coderabbit.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cb\u003e:copilot:\u003c/b\u003e \u003ca href=\"https://github.com/Aledon8/OpenLeukemia/pull/12\"\u003e\u003cb\u003eSee Example PR\u003c/b\u003e\u003c/a\u003e\u003cbr\u003e\n  \u003csub\u003e\u003c/sub\u003e\n\u003c/p\u003e\n\n---\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://cdn.hackclub.com/019dd5c7-1c25-71b4-88c8-f04470b3d209/Untitled%20design%20(8)%20(1).png\" alt=\"OpenRabbit demo\" width=\"600\"\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ci\u003eThanks to the contributors and maintainers for making OpenRabbit possible.\u003c/i\u003e\n\u003c/p\u003e\n\u003c!--\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/aryan6673/openrabbit/graphs/contributors\"\u003e\n    \u003cimg src=\"https://contrib.rocks/image?repo=aryan6673/openrabbit\" /\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n--\u003e\n\n## Overview\n\nOpenRabbit is a free (you can even get a free llm api explained below), open-source, self-hosted GitHub Pull Request reviewer. It analyzes PR diffs, consults a pluggable LLM provider (Groq / OpenRouter / others), and posts a concise, structured review: a human-readable summary and accurate inline comments or suggestions.\n\n---\n\n### Zero Hosting Required\n\nYou don't need to pay for a subscription or manage a server. OpenRabbit runs **completely** on your own GitHub Actions environment. Your code stays in your runner; it is never proxied or stored by a central authority.\n\n---\n\n## Quickstart in 2 minutes\n\nSimply create a file at `.github/workflows/reviewer.yml` and paste the following:\n\n```yaml\nname: OpenRabbit Reviewer\n\non:\n  pull_request_target:\n    types: [opened, reopened, edited, synchronize]\n\npermissions:\n  contents: read\n  pull-requests: write\n\njobs:\n  review:\n    runs-on: ubuntu-latest\n    steps:\n      - name: OpenRabbit\n        uses: aryan6673/openrabbit@main\n        with:\n          github_token: ${{ secrets.GITHUB_TOKEN }}\n          llm_api_key: ${{ secrets.LLM_API_KEY }}\n          llm_provider: openrouter # Or groq\n          llm_model: openrouter/free # Use world-class models for $0\n          review_mode: both\n          tone_mode: balanced\n```\n\u003e [!IMPORTANT]  \n\u003e ## Setting Up Your API Key Securely\n\u003e\n\u003e Never hardcode your API key directly into your workflow file or commit it to GitHub.\n\u003e\n\u003e Instead, store it safely using **GitHub Actions Secrets**:\n\u003e\n\u003e 1. Open your GitHub repository  \n\u003e 2. Go to **Settings**  \n\u003e 3. Navigate to **Secrets and variables → Actions**  \n\u003e 4. Click **New repository secret**  \n\u003e 5. Create a secret named `LLM_API_KEY`  \n\u003e 6. Paste your API key as the value  \n\u003e 7. Click **Add secret**\n\u003e\n\u003e OpenRabbit will automatically use the secret securely inside your GitHub Actions workflow.\n\u003e\n\u003e This keeps your API key encrypted and prevents accidental leaks in commits, logs, or pull requests.\n---\n\n## The Open Source Fight\n\n**OpenRabbit is a stand for [Open Source Ethics](https://www.openresourcelibrary.com/concepts/ethics/).**\n\nCentralized companies like **[CodeRabbit](https://www.coderabbit.ai/)** have become \"blast-radius multipliers\". In late 2025, a critical security vulnerability in their platform exposed [over 1 million repositories](https://kudelskisecurity.com/research/how-we-exploited-coderabbit-from-a-simple-pr-to-rce-and-write-access-on-1m-repositories) to potential [Remote Code Execution (RCE)](https://www.cloudflare.com/learning/security/what-is-remote-code-execution/) because users were forced to grant broad write access to a third-party cloud.\n\nOpenRabbit **destroys this risk** by shifting the power back to the developer. By running client-side in your own CI/CD, you maintain **total data sovereignty**. We believe you shouldn't have to trade your project's security for AI productivity.\n\n---\n\n## Features\n\n- **Fixes the \"Context Blindness\" Problem**  \n  Most AI reviewers act like your code exists in isolation, which is kinda dumb. OpenRabbit actually tries to understand the whole project:  \n  - **Two-Stage File Fetch**: If it feels like it’s missing context, it can pull in extra files instead of just judging the diff blindly.  \n  - **Linked Issue Awareness**: It reads linked GitHub issues so it knows what the code is *supposed* to do, not just if it compiles.\n\n- **\"Socratic Scaffold\" (Basically a Mentor Mode)**  \n  Instead of just dumping the answer, it acts like a mentor and asks questions so you figure stuff out yourself. It explains *why* something is wrong or risky, not just *what* is wrong. It only gives direct fixes when it’s something simple or obvious.\n\n- **\"Performance \u0026 Scalability Expert\"**  \n  This one is for serious code. It checks for things like race conditions, memory leaks, and slow logic (like O(n²)). It also makes sure you’re not ignoring caching or rewriting stuff that already exists. Basically, it asks: “Will this still work if traffic becomes 10x?”\n\n- **\"Security Auditor\" (Catches Real Issues, Not Fake Ones)**  \n  It ignores the PR description at first so it doesn’t get biased and just looks at the code. Then it checks for real problems like SQL injection, XSS, or broken auth. It also calls out fake “security improvements” where someone removes checks but claims things got safer.\n\n- **No More \"AI Slop\"**  \n  You know that polished but useless AI feedback? Yeah, this avoids that:  \n  - **Suggestion Validation**: It checks if suggestions actually match your code before showing them.  \n  - **Senior Engineer Voice**: It talks more like a real tech lead instead of nitpicking random naming stuff.\n\n- **Stops \"Vibe Coding\" (DRIFT Detection)**  \n  It flags when you change stuff that has nothing to do with the PR. Like random refactors or cleanup. It tells you to move that into a separate PR so things stay clean and easy to review.\n\n---\n\n## Getting a Free API Key\n\nBy default, this project uses the **OpenRouter free model pool**.  \nIt’s not perfect, the main issue is rate limits. To deal with that, it automatically rotates between different free models on OpenRouter so you don’t keep hitting the same limit again and again. It works, but it’s not super reliable or consistent.\n\nIf you want better performance and fewer interruptions, you should use your own API key.\n\n---\n\n## Review Modes\n\n- **summary:** single summary review comment (no inline comments)  \n- **inline:** post only inline comments and suggestions  \n- **both:** post both the summary and inline comments (default)\n\n---\n\n## Contributing\n\n- Open an issue or PR  \n- See `src/llm` for adding new provider adapters  \n\n---\n\n## License\n\nLicensed under the MIT license.\n\n---\n\n![version](https://img.shields.io/badge/version-v0.6.4-orange)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faryanbrite%2Fopenrabbit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faryanbrite%2Fopenrabbit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faryanbrite%2Fopenrabbit/lists"}