{"id":48964156,"url":"https://github.com/martin-minghetti/code-review-orchestrator","last_synced_at":"2026-04-24T06:03:36.405Z","repository":{"id":350980317,"uuid":"1209004426","full_name":"martin-minghetti/code-review-orchestrator","owner":"martin-minghetti","description":"Paste a GitHub PR URL. 4 AI agents review it in parallel. Get a unified report in seconds.","archived":false,"fork":false,"pushed_at":"2026-04-13T20:27:18.000Z","size":978,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-18T03:34:55.496Z","etag":null,"topics":["ai","claude","code-review","multi-agent","nextjs","portfolio","typescript","vercel-ai-sdk"],"latest_commit_sha":null,"homepage":"https://code-review-orchestrator.vercel.app","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/martin-minghetti.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-04-13T02:08:59.000Z","updated_at":"2026-04-13T20:27:22.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/martin-minghetti/code-review-orchestrator","commit_stats":null,"previous_names":["martin-minghetti/code-review-orchestrator"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/martin-minghetti/code-review-orchestrator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/martin-minghetti%2Fcode-review-orchestrator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/martin-minghetti%2Fcode-review-orchestrator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/martin-minghetti%2Fcode-review-orchestrator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/martin-minghetti%2Fcode-review-orchestrator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/martin-minghetti","download_url":"https://codeload.github.com/martin-minghetti/code-review-orchestrator/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/martin-minghetti%2Fcode-review-orchestrator/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32211386,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-24T03:15:14.334Z","status":"ssl_error","status_checked_at":"2026-04-24T03:15:11.608Z","response_time":64,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","claude","code-review","multi-agent","nextjs","portfolio","typescript","vercel-ai-sdk"],"created_at":"2026-04-18T03:06:39.297Z","updated_at":"2026-04-24T06:03:36.392Z","avatar_url":"https://github.com/martin-minghetti.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# Code Review Orchestrator\n\n**Paste a GitHub PR URL. 4 AI agents review it in parallel.**\\\n**Security, impact analysis, test gaps, and documentation — unified report in seconds.**\n\n[![Live Demo](https://img.shields.io/badge/Live_Demo-code--review--orchestrator.vercel.app-black?style=flat-square)](https://code-review-orchestrator.vercel.app)\n[![Next.js](https://img.shields.io/badge/Next.js-16-black?style=flat-square\u0026logo=next.js)](https://nextjs.org/)\n[![Claude](https://img.shields.io/badge/Claude-Sonnet_+_Haiku-cc785c?style=flat-square)](https://anthropic.com)\n[![Tests](https://img.shields.io/badge/Tests-65_passing-brightgreen?style=flat-square)]()\n[![License: MIT](https://img.shields.io/badge/License-MIT-blue?style=flat-square)]()\n\n\u003cimg src=\"docs/screenshots/landing.png\" alt=\"Code Review Orchestrator — landing page\" width=\"700\"\u003e\n\n[Live Demo](https://code-review-orchestrator.vercel.app) | [Run Locally](#run-locally) | [How It Works](#how-it-works) | [Contributing](#contributing)\n\n\u003c/div\u003e\n\n---\n\n## The Problem\n\nCode reviews are slow. Reviewers miss things because they're tired, unfamiliar with the codebase, or focused on logic while security issues slip through. Teams wait hours or days for a review that catches surface-level problems a machine could flag in seconds.\n\nExisting AI review tools either give you vague suggestions (\"consider improving error handling\") or dump a wall of unstructured feedback with no connection to the actual code.\n\n## The Solution\n\nCode Review Orchestrator runs four specialized AI agents against your PR in parallel. Each agent focuses on one dimension of quality and receives only the files relevant to its job. In under 30 seconds, you get a single report where every finding is pinned to a specific file and line, backed by evidence from the code, with a concrete suggestion for how to fix it.\n\nNo vague advice. Every finding says exactly where, exactly what, and exactly how.\n\n---\n\n## The Agents\n\nEach agent receives a tailored slice of the repository — not the entire codebase, but the files most relevant to its job. This keeps token usage efficient and findings precise.\n\n| Agent | Model | What it reviews | Context it receives |\n|-------|-------|-----------------|---------------------|\n| **Security Scanner** | Claude Sonnet | Exposed secrets, missing auth checks, injection vectors, insecure dependencies | Config files, env examples, auth middleware, the diff |\n| **Change Impact Analyzer** | Claude Sonnet | Separation of concerns violations, regression risk, deviations from repo patterns | Related modules, imports, existing architecture, the diff |\n| **Test Gap Detector** | Claude Haiku | New code paths with no tests, edge cases missing from existing test suites | Existing test files, the diff, test config |\n| **Documentation Verifier** | Claude Haiku | Undocumented public API, exported functions without JSDoc, outdated README | README, docs folder, public exports, the diff |\n\nSonnet handles the agents that need deeper reasoning (security, impact). Haiku handles the ones that are more pattern-matching (tests, docs). This balances cost and quality.\n\n---\n\n## What a Finding Looks Like\n\nEvery finding the agents return includes:\n\n- **Severity** — `critical`, `warning`, or `info`\n- **Confidence** — `high`, `medium`, or `low` (agents self-assess how certain they are)\n- **File + line** — pinned to the exact location in the diff\n- **Evidence** — a direct code quote showing the problem\n- **Suggestion** — a concrete fix, not a generic recommendation\n\nThe report groups findings by agent and shows an overall assessment: **LGTM**, **REVIEW SUGGESTED**, or **NEEDS WORK**.\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/screenshots/demo-report.png\" alt=\"Demo report — security issues found in a PR\" width=\"700\"\u003e\n\u003c/p\u003e\n\n---\n\n## Try It — No API Key Needed\n\nThree precomputed reviews load instantly from bundled JSON:\n\n| Demo | What it shows |\n|------|---------------|\n| **Security Issues** | A PR that adds a raw SQL user search endpoint. The Security Scanner finds a critical SQL injection vulnerability and a hardcoded secret. The Change Impact Analyzer flags a missing auth check. |\n| **Clean PR** | A well-structured refactor that extracts a shared utility module. All four agents return clean — no findings. |\n| **Mixed** | A DataTable component PR with a warning about missing test coverage and an info-level note about undocumented props. Shows how findings from different agents are grouped together. |\n\nClick any demo card on the [home page](https://code-review-orchestrator.vercel.app) to see the full report.\n\n---\n\n## How It Works\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/architecture.svg\" alt=\"Architecture diagram\" width=\"600\"\u003e\n\u003c/p\u003e\n\n1. **Parse \u0026 fetch** — The PR URL is validated with Zod, then Octokit fetches the diff, list of changed files, and a shallow tree of the repository.\n\n2. **Build context** — For each agent, a context builder selects the most relevant existing files from the repo. The Security Scanner gets config files and auth middleware. The Test Gap Detector gets existing test files. This is how agents \"understand\" the codebase beyond just the diff.\n\n3. **Run agents in parallel** — All four agents call Claude simultaneously via `Promise.allSettled`. Each agent has its own system prompt with structured output (Zod schema). If one agent fails or times out, the others still complete and their findings appear in the report.\n\n4. **Unify \u0026 score** — Findings from all agents are aggregated. The system counts criticals, warnings, and info items, then generates a plain-English assessment. No numeric scores — just three states that map to the decision a reviewer actually needs to make: approve, comment, or request changes.\n\n---\n\n## Run Locally\n\n```bash\ngit clone https://github.com/martin-minghetti/code-review-orchestrator.git\ncd code-review-orchestrator\nnpm install\nnpm run dev\n```\n\nOpen [http://localhost:3000](http://localhost:3000). The three demo reviews work immediately with no configuration.\n\n**To review real PRs**, create a `.env.local` file:\n\n```env\nANTHROPIC_API_KEY=sk-ant-...\nGITHUB_TOKEN=ghp_...          # optional — for private repos or to avoid rate limits\n```\n\nOr use the web form directly — paste your Anthropic API key in the form field. The key is sent to the server, used once to call the Claude API, and discarded. It is never stored, logged, or cached. You can verify this in [`src/app/api/review/route.ts`](src/app/api/review/route.ts).\n\n---\n\n## Tech Stack\n\n| Layer | Technology | Why |\n|-------|-----------|-----|\n| Framework | Next.js 16 (App Router) | Server components for the landing, client components for interactive report |\n| AI | Vercel AI SDK v6 + `@ai-sdk/anthropic` | Structured output with Zod schemas, parallel agent execution |\n| Models | Claude Sonnet (security, impact) · Claude Haiku (tests, docs) | Cost/quality balance — reasoning-heavy tasks get Sonnet |\n| GitHub | Octokit v5 | Diff fetching, file content, repo tree traversal |\n| UI | shadcn/ui + Tailwind CSS v4 | Dark/light theme, responsive layout |\n| Validation | Zod v4 | Input validation, API response schemas, agent output schemas |\n| Testing | Vitest + Testing Library (65 tests) | Unit tests for parsers, schemas, context builder, components |\n\n---\n\n## Design Decisions\n\n**Why no AST parsing?**\nThe agents receive raw diffs and surrounding file context. Claude understands code structure well enough for the findings this tool targets — security issues, missing tests, undocumented APIs. AST parsing would add a native dependency (tree-sitter) and significant complexity without meaningfully improving output quality at this scope.\n\n**Why `Promise.allSettled` instead of streaming per-finding?**\nAll four agents run in parallel and resolve together. The unified assessment at the top of the report depends on aggregate counts across all agents (e.g., \"2 critical, 3 warnings\"). Streaming individual findings would require either deferring the assessment or recomputing it as findings arrive. The current approach keeps the report renderer simple and the assessment accurate.\n\n**Why no user accounts or login?**\nThe tool is stateless by design. Reviews are cached in-memory by `repo + PR number + commit SHA` for the lifetime of the server process. There's nothing to persist across sessions, and no reason to require an account to use a tool that calls an API you're already paying for.\n\n**Why three assessment states instead of a numeric score?**\nA score like \"72/100\" implies a precision that doesn't exist. The three states — LGTM / REVIEW SUGGESTED / NEEDS WORK — map directly to the three actions a code reviewer can take on a GitHub PR: approve, comment, or request changes. No ambiguity about what to do next.\n\n**Why TypeScript/JavaScript only?**\nThe context builder fetches file content from the repo to give agents relevant background. Scoping to TS/JS files keeps context focused and token usage efficient. The agents themselves are language-agnostic in their prompts — adding more languages means extending the context builder to know which files matter for each language.\n\n---\n\n## Contributing\n\nContributions are welcome. Some areas where help would be useful:\n\n- **Language support** — Extend the context builder to handle Python, Go, Rust, etc.\n- **Agent improvements** — Better system prompts, new agent types (performance, accessibility)\n- **UI/UX** — Report readability, mobile layout, diff viewer integration\n\nTo contribute:\n\n1. Fork the repo\n2. Create a branch (`git checkout -b feature/your-feature`)\n3. Make your changes\n4. Run tests (`npm test`)\n5. Open a PR\n\nPlease keep PRs focused — one feature or fix per PR.\n\n---\n\n## Community\n\n- **Issues** — [GitHub Issues](https://github.com/martin-minghetti/code-review-orchestrator/issues) for bugs and feature requests\n- **Discussions** — [GitHub Discussions](https://github.com/martin-minghetti/code-review-orchestrator/discussions) for questions and ideas\n\n---\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmartin-minghetti%2Fcode-review-orchestrator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmartin-minghetti%2Fcode-review-orchestrator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmartin-minghetti%2Fcode-review-orchestrator/lists"}