{"id":47603821,"url":"https://github.com/minhtribk12/code-review-ai","last_synced_at":"2026-04-16T18:01:44.216Z","repository":{"id":345396540,"uuid":"1180589299","full_name":"minhtribk12/code-review-ai","owner":"minhtribk12","description":"Multi-agent code review CLI using NVIDIA Nemotron 3 Super","archived":false,"fork":false,"pushed_at":"2026-04-03T19:41:14.000Z","size":500,"stargazers_count":2,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-03T19:42:07.682Z","etag":null,"topics":["ai","cli","code-review","developer-tools","llm","multi-agent","nvidia","openai-compatible","python","tui"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/minhtribk12.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-13T07:39:06.000Z","updated_at":"2026-04-03T18:01:29.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/minhtribk12/code-review-ai","commit_stats":null,"previous_names":["minhtribk12/code-review-ai"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/minhtribk12/code-review-ai","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/minhtribk12%2Fcode-review-ai","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/minhtribk12%2Fcode-review-ai/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/minhtribk12%2Fcode-review-ai/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/minhtribk12%2Fcode-review-ai/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/minhtribk12","download_url":"https://codeload.github.com/minhtribk12/code-review-ai/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/minhtribk12%2Fcode-review-ai/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31897870,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-16T17:33:00.867Z","status":"ssl_error","status_checked_at":"2026-04-16T17:32:57.401Z","response_time":69,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","cli","code-review","developer-tools","llm","multi-agent","nvidia","openai-compatible","python","tui"],"created_at":"2026-04-01T19:00:31.623Z","updated_at":"2026-04-16T18:01:44.101Z","avatar_url":"https://github.com/minhtribk12.png","language":"Python","funding_links":[],"categories":["ai"],"sub_categories":[],"readme":"# Code Review AI\n\n[![PyPI version](https://img.shields.io/pypi/v/code-review-ai)](https://pypi.org/project/code-review-ai/)\n[![Downloads](https://img.shields.io/pypi/dm/code-review-ai)](https://pypi.org/project/code-review-ai/)\n[![CI](https://github.com/minhtribk12/code-review-ai/actions/workflows/ci.yml/badge.svg)](https://github.com/minhtribk12/code-review-ai/actions/workflows/ci.yml)\n[![Python](https://img.shields.io/pypi/pyversions/code-review-ai)](https://pypi.org/project/code-review-ai/)\n[![License](https://img.shields.io/github/license/minhtribk12/code-review-ai)](LICENSE)\n\n**AI-powered code review that runs locally, works with any OpenAI-compatible LLM, and costs nothing with free-tier APIs.**\n\nMultiple specialized agents (security, performance, style, test coverage) review your code in parallel, deduplicate findings across agents, and synthesize everything into one structured report -- all from a rich interactive TUI or a single CLI command.\n\n```bash\npipx install code-review-ai \u0026\u0026 cra interactive\n# also works with: pip install code-review-ai\n```\n\nhttps://github.com/user-attachments/assets/ab246961-d592-4974-bc7f-070fd88034c9\n\n### Why Code Review AI?\n\n- **Free to run** -- works out of the box with NVIDIA and OpenRouter free-tier models\n- **Multi-agent** -- 4 built-in agents catch different issue types simultaneously\n- **Full TUI** -- git, PR management, provider switching, and config editing in one terminal\n- **Any LLM** -- NVIDIA, OpenRouter, Ollama, vLLM, or any OpenAI-compatible endpoint\n- **Extensible** -- define custom review agents in YAML, no Python needed\n- **Privacy-first** -- runs locally, your code never leaves your machine (unless you choose a cloud API)\n\n## Features\n\n**Review pipeline:**\n- 4 built-in agents (security, performance, style, test coverage) + custom YAML agents\n- Parallel execution with configurable concurrency\n- Iterative deepening -- multiple review rounds with convergence detection\n- Validation loop -- skeptical validator filters false positives\n- Cross-agent deduplication (exact, location-based, or similarity-based)\n- Token budget enforcement with automatic diff truncation\n\n**Interactive TUI:**\n- Full-screen provider browser -- add, edit, switch LLM providers and models\n- API key manager -- edit, sync, delete keys across secrets.env and .env\n- Git commands, PR workflows, findings navigator with triage and PR posting\n- Tab autocomplete, keyboard shortcuts (Ctrl+A agents, Ctrl+P provider, Ctrl+O repo)\n\n**Input/output:**\n- GitHub PR review (`--pr owner/repo#123`) or local diff (`--diff file.patch`)\n- Rich terminal, JSON, and Markdown output formats\n- SQLite review history with trends and export\n\n**Operations:**\n- Prompt injection defense (random delimiters, instruction anchoring)\n- Cost estimation with per-model pricing\n- Graceful degradation -- partial results when agents fail\n- Retry with exponential backoff for transient API errors\n\n**Extensibility:**\n- Custom agents defined in YAML (no Python required)\n- File pattern matching -- agents run only on relevant file types\n- Provider-agnostic -- any OpenAI-compatible server, including local ones\n\n## Quick Start\n\n### Install\n\n```bash\n# Install from PyPI (recommended)\npipx install code-review-ai\n\n# Or with pip\npip install code-review-ai\n```\n\n**From source** (for development):\n\n```bash\ngit clone https://github.com/minhtribk12/code-review-ai.git\ncd code-review-ai\nmake install # requires uv\n```\n\n### Get Your Keys\n\nYou need an LLM API key and a GitHub token to get started:\n\n**NVIDIA (recommended)** -- powers the default model, [Nemotron 3 Super 120B](https://build.nvidia.com/nvidia/nemotron-3-super-120b-a12b), a 120B MoE model with only 12B active parameters and a 1M token context window:\n\n1. Go to [build.nvidia.com](https://build.nvidia.com)\n2. Sign in with your NVIDIA account (or create one free)\n3. Click any model, then **\"Get API Key\"** in the top right\n4. Copy the key (starts with `nvapi-`)\n\n**OpenRouter** -- access to 100+ models from multiple providers, many free:\n\n1. Go to [openrouter.ai/keys](https://openrouter.ai/keys)\n2. Sign in with Google/GitHub\n3. Click **\"Create Key\"**\n4. Copy the key (starts with `sk-or-`)\n\n**GitHub Token** -- required for PR commands (`pr list`, `pr review`, `pr create`, etc.):\n\n1. Go to [github.com/settings/tokens](https://github.com/settings/tokens)\n2. Click **\"Generate new token\"** (classic) with `repo` scope\n3. Copy the token and set it in your shell:\n\n```bash\nexport GITHUB_TOKEN=ghp_your-token-here\n```\n\nOr add `GITHUB_TOKEN=ghp_your-token-here` to your `.env` file (see below).\n\n### Configure\n\n**Option A: Interactive setup (easiest)** -- on first launch, a provider setup panel appears automatically. Just paste your API key:\n\n```\n LLM Provider Setup\n\n \u003e nvidia (no key) https://integrate.api.nvidia.com/v1\n openrouter (no key) https://openrouter.ai/api/v1\n\n Up/Down navigate, Enter input key, c continue, q quit\n```\n\nKeys are saved to `~/.cra/secrets.env` and persist across restarts.\n\n**Option B: Manual `.env` file** -- create a `.env` file in your project directory:\n\n```bash\nvim .env\n# or: nano .env, code .env, etc.\n```\n\n```env\nLLM_PROVIDER=nvidia\nNVIDIA_API_KEY=nvapi-your-key-here\n```\n\nThe `.env` file is loaded automatically on startup. See [docs/configuration.md](docs/configuration.md) for all settings.\n\n\n### Run\n\n```bash\n# Interactive TUI (recommended)\ncra interactive\n\n# One-shot CLI review\ncra review --diff path/to/file.patch\ncra review --pr owner/repo#123\ncra review --diff file.patch --format json --quiet\n```\n\n## Interactive TUI (Recommended)\n\nThe TUI (Terminal User Interface) is a full-screen interactive mode that runs entirely in your terminal. It provides git commands, code review, PR management, provider switching, and configuration editing -- all without leaving the terminal.\n\n```bash\ncra interactive\n```\n\n```\n code-review-ai v0.1.0\n Tab autocomplete | Ctrl+A agents | Ctrl+P provider | Ctrl+O repo | Ctrl+L graph | Ctrl+D exit\n\ncra\u003e _\n------------------------------------------------------------------------\n Branch: main | Repo: acme/app:local | Reviews: 0 | Tokens: 0 | Tier: free\n```\n\n### Git Commands\n\n```bash\n# Read\nstatus # git status (branch + changed files)\ndiff # unstaged diff\ndiff staged # staged diff\ndiff HEAD~3 # diff against N commits back\nlog # compact log (last 20)\nshow abc123 # full commit detail with diff\n\n# Write\nbranch # list local branches\nbranch switch feat/login # switch branch\nbranch create feat/new # create + switch\nadd src/main.py # stage specific file\ncommit -m \"fix: resolve bug\" # commit staged changes\nstash # stash / stash pop / stash list\ncd ~/projects/other-repo # change directory (Tab completes paths)\n```\n\n### Code Review\n\n```bash\nreview # auto-detects unstaged/staged diff\nreview staged # review staged changes only\nreview HEAD~1 # review last commit\nreview --agents security # single agent\nreview --format json # JSON output\n```\n\n### PR Commands\n\n```bash\n# Read\npr list # list open PRs\npr show 42 # PR details\npr diff 42 # PR diff with syntax highlighting\npr checks 42 # CI/CD check status\npr review 42 # run code review on PR\n\n# Write\npr create --fill # auto-fill from commits\npr merge 42 --strategy squash # merge with pre-flight checks\npr approve 42 # approve PR\n\n# Workflow\npr mine # your open PRs\npr assigned # PRs where you're reviewer\npr stale --days 14 # stale PRs\npr ready # PRs ready to merge\npr conflicts # PRs with merge conflicts\npr summary --full # dashboard overview\n```\n\n### Findings Navigator\n\nAfter a review, navigate, triage, and post findings to PRs:\n\n```bash\nfindings # navigate last review\nfindings 42 # navigate saved review #42\n```\n\nKey bindings: Up/Down navigate, `f` filter, `s`/`S` sort forward/backward, `m` solved, `F` false positive,\n`I` ignored, `p` post to PR, `P` unpost from PR, `d` delete, `c` copy, `q` quit. Triage state\n(solved, false positive, ignored) is persisted to SQLite across sessions.\n\n### Other Commands\n\n```bash\nconfig # show all settings\nconfig edit # full-screen config editor (paste supported)\nconfig set llm_temperature 0.3 # session override\nconfig reset # reload from .env (preserves API keys)\nconfig factory-reset # full reset (clears history, keeps keys)\nconfig clean # remove all tool data from ~/.cra/ (confirmation panel)\n# Provider management\nprovider # full-screen provider browser (alias: pv)\nprovider add # add custom provider (wizard)\nprovider list # table view of all providers\nprovider models nvidia # list models for a provider\nprovider remove my-custom # remove a user-defined provider\nhistory # past reviews\nhistory trends --days 30 # aggregated stats\nusage # session token/cost stats\nwatch --interval 10 # continuous monitoring\nagents # list all agents (built-in + custom)\n```\n\n### Provider Browser\n\nRun `provider` or `pv` to open the full-screen provider/model browser:\n\n```\n Provider Browser (Up/Down navigate, Enter expand, a add provider, m add model, d delete, i edit, q quit)\n\n \u003e v nvidia [built-in] https://integrate.api.nvidia.com/v1 (5 models)\n nvidia/nemotron-3-super-120b-a12b (Nemotron 3 Super 120B free, 1,000,000 ctx)\n nvidia/nemotron-3-nano-30b-a3b (Nemotron 3 Nano 30B free, 1,000,000 ctx)\n \u003e openrouter [built-in] https://openrouter.ai/api/v1 (6 models)\n \u003e ollama [custom] http://localhost:11434/v1 (1 models)\n```\n\nKey bindings: `Enter` expand/collapse, `a` add provider, `m` add model to selected provider,\n`d` delete (custom only), `i` edit any field (works on built-in too), `q` quit.\n\nSee the [Interactive Guide](docs/interactive-guide.md) for the full command reference.\n\n## CLI Usage\n\nFor one-shot reviews and CI/CD integration, use the CLI directly:\n\n### Review Commands\n\n```bash\n# Local diffs\ncra review --diff changes.patch\ncra review --diff changes.patch --agents security,performance\ncra review --diff changes.patch --format json --output report.json\n\n# GitHub PRs (requires GITHUB_TOKEN)\ncra review --pr owner/repo#123\ncra review --pr https://github.com/owner/repo/pull/123\n\n# Open findings navigator after review\ncra review --diff changes.patch --findings\n```\n\n### Token Tiers\n\nToken tiers let you match the tool's behavior to your API plan. **The tool itself is completely free** -- tiers only control how much context is sent per review so you can stay within your API provider's token limits. If you use a free-tier API (like NVIDIA or OpenRouter free models), you pay nothing at all.\n\n| Tier | Default Agents | Budget | When to Use |\n|------|---------------|--------|-------------|\n| `free` | security | 5k tokens | Free-tier APIs (NVIDIA, OpenRouter free models) |\n| `standard` | all 4 built-in | 16k tokens | Pay-as-you-go APIs with 32k context models |\n| `premium` | all 4 built-in | 48k tokens | Pay-as-you-go APIs with 128k+ context models |\n\nThe tier is auto-detected from the model's context window when possible. You can override with `config set token_tier standard` or `--agents` / `MAX_PROMPT_TOKENS` on the CLI.\n\n### Custom Agents\n\nDefine domain-specific agents in YAML without writing Python:\n\n```yaml\n# ~/.cra/agents/django_security.yaml\nname: django_security\ndescription: \"Django-specific security review\"\nsystem_prompt: |\n You are a Django security expert. Focus on:\n - CSRF token usage in views\n - SQL injection via raw() and extra()\n - Insecure deserialization with pickle\npriority: 10\nfile_patterns:\n - \"*.py\"\n```\n\n```bash\n# Use custom agents alongside built-in ones\ncra review --diff changes.patch --agents security,django_security\n```\n\nSee [docs/custom-agents.md](docs/custom-agents.md) for the full guide and the [CLI Guide](docs/cli-guide.md) for all flags and CI/CD integration.\n\n## Architecture\n\n```\nCLI (Typer) / Interactive REPL\n |\n v\nOrchestrator\n |-- Token budget enforcement (truncate oversized diffs)\n |-- Prompt injection scan\n |-- Agent dispatch (parallel, ThreadPoolExecutor)\n | |-- [Security Agent] \\\n | |-- [Performance Agent] |-- built-in\n | |-- [Style Agent] |\n | |-- [Test Coverage Agent] /\n | |-- [Custom YAML Agents] --- file_patterns filtering\n |-- Cross-agent deduplication\n |-- Iterative deepening loop (convergence-based)\n |-- Synthesis (LLM merges findings into summary + risk level)\n |-- Validation loop (skeptical validator filters false positives)\n |\n v\nReviewReport -\u003e Rich terminal / JSON / Markdown\n -\u003e SQLite history storage\n -\u003e Findings navigator (interactive triage + PR posting)\n```\n\nSee [docs/architecture.md](docs/architecture.md) for full design details.\n\nFor the full command reference with all flags, smart behaviors, and\nworkflows, see the detailed guides:\n- **[Interactive Guide](docs/interactive-guide.md)** -- all TUI commands, findings navigator, PR workflows\n- **[CLI Guide](docs/cli-guide.md)** -- one-shot CLI commands, flags, CI/CD integration, exit codes\n\n## Documentation\n\n| Document | Description |\n|----------|-------------|\n| [docs/interactive-guide.md](docs/interactive-guide.md) | TUI commands, findings navigator, PR workflows |\n| [docs/cli-guide.md](docs/cli-guide.md) | One-shot CLI commands, flags, CI/CD integration |\n| [docs/architecture.md](docs/architecture.md) | System design, pipeline flow, component responsibilities |\n| [docs/configuration.md](docs/configuration.md) | All settings, provider URL resolution, secrets handling |\n| [docs/data-models.md](docs/data-models.md) | Pydantic models, StrEnums, LLM contracts |\n| [docs/custom-agents.md](docs/custom-agents.md) | YAML agent schema, examples, discovery, file patterns |\n\n## Development\n\n```bash\nmake install # Install dependencies\nmake fmt # Auto-format code\nmake lint # Run ruff linter\nmake typecheck # Run mypy (strict mode)\nmake test # Run pytest with coverage\nmake check # lint + typecheck + test\n```\n\n### Test Suite\n\n650+ unit tests covering models, config, LLM client, agents, agent loader,\nCLI, report, orchestrator, deduplication, GitHub client, and the interactive TUI.\n\n## Project Structure\n\n```\nsrc/code_review_agent/\n agents/\n base.py # BaseAgent ABC with priority + validation\n security.py # OWASP-focused security review\n performance.py # Complexity, memory, I/O analysis\n style.py # Naming, readability, dead code\n test_coverage.py # Missing tests, edge cases\n interactive/\n commands/ # REPL commands (git, pr, review, config, etc.)\n tabs/ # Textual TUI tabs\n completers.py # Tab completion\n provider_browser.py # Full-screen provider/model browser\n provider_cmd.py # Provider management commands\n repl.py # REPL loop, dispatch, toolbar\n session.py # Session state, PR cache\n startup_keys.py # First-launch provider key setup panel\n agent_loader.py # Custom YAML agent discovery + loading\n config.py # Settings with pydantic-settings\n providers.py # Provider registry (bundled + user ~/.cra/providers.yaml)\n provider_registry.yaml # Bundled provider/model knowledge base\n connection_test.py # LLM connection verification\n dedup.py # Cross-agent finding deduplication\n github_client.py # GitHub API (PR read + write + rate limiting)\n llm_client.py # OpenAI-compatible client with retry + JSON parsing\n main.py # Typer CLI entry point\n models.py # Pydantic models + StrEnums\n orchestrator.py # Agent dispatch, deepening, validation, synthesis\n prompt_security.py # Prompt injection defense\n report.py # Rich terminal + Markdown rendering\n storage.py # SQLite review history\n token_budget.py # Tiers, budgets, cost estimation\n\ntests/ # 650+ unit tests\ndocs/ # Architecture, configuration, models, custom agents\n```\n\n## License\n\nApache License 2.0 -- see [LICENSE](LICENSE) for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fminhtribk12%2Fcode-review-ai","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fminhtribk12%2Fcode-review-ai","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fminhtribk12%2Fcode-review-ai/lists"}