{"id":50900311,"url":"https://github.com/mountainowl/bubo","last_synced_at":"2026-07-07T06:00:20.788Z","repository":{"id":360747815,"uuid":"1251529764","full_name":"mountainowl/bubo","owner":"mountainowl","description":"Bubo 🦉 — agentic AI code review for GitLab MRs and GitHub PRs, with the LLM of your choice. Posts only actionable findings as inline review threads.","archived":false,"fork":false,"pushed_at":"2026-07-02T18:08:59.000Z","size":8720,"stargazers_count":1,"open_issues_count":6,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-07-02T20:07:38.325Z","etag":null,"topics":["ai-code-review","anthropic","automated-code-review","claude","claude-code","code-review","code-review-agent","codex","developer-tools","gitlab-ci","llm","llm-code-review","mcp","mcp-server","merge-request","openai","opentelemetry","pull-request","python","review-tools"],"latest_commit_sha":null,"homepage":"https://mountainowl.github.io/bubo/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mountainowl.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":"SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-27T17:06:36.000Z","updated_at":"2026-07-02T18:09:23.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/mountainowl/bubo","commit_stats":null,"previous_names":["mountainowl/ai-code-review","mountainowl/bubo"],"tags_count":20,"template":false,"template_full_name":null,"purl":"pkg:github/mountainowl/bubo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mountainowl%2Fbubo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mountainowl%2Fbubo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mountainowl%2Fbubo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mountainowl%2Fbubo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mountainowl","download_url":"https://codeload.github.com/mountainowl/bubo/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mountainowl%2Fbubo/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35216572,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-07T02:00:07.222Z","response_time":90,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-code-review","anthropic","automated-code-review","claude","claude-code","code-review","code-review-agent","codex","developer-tools","gitlab-ci","llm","llm-code-review","mcp","mcp-server","merge-request","openai","opentelemetry","pull-request","python","review-tools"],"created_at":"2026-06-16T02:01:04.066Z","updated_at":"2026-07-07T06:00:20.782Z","avatar_url":"https://github.com/mountainowl.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Bubo 🦉\n\n[![PyPI](https://img.shields.io/pypi/v/bubo?logo=pypi\u0026logoColor=white)](https://pypi.org/project/bubo/)\n[![Python 3.14+](https://img.shields.io/badge/python-3.14%2B-3776ab?logo=python\u0026logoColor=white)](https://github.com/mountainowl/bubo/blob/main/pyproject.toml)\n[![Docker: GHCR](https://img.shields.io/badge/docker-ghcr.io-2496ED?logo=docker\u0026logoColor=white)](https://github.com/mountainowl/bubo/pkgs/container/bubo)\n[![CI](https://github.com/mountainowl/bubo/actions/workflows/ci.yml/badge.svg)](https://github.com/mountainowl/bubo/actions/workflows/ci.yml)\n[![OpenSSF Scorecard](https://img.shields.io/ossf-scorecard/github.com/mountainowl/bubo?label=OpenSSF%20Scorecard)](https://scorecard.dev/viewer/?uri=github.com/mountainowl/bubo)\n[![Signed with cosign](https://img.shields.io/badge/release-cosign%20signed-2bb4ab?logo=sigstore\u0026logoColor=white)](https://github.com/mountainowl/bubo/releases)\n[![SLSA 3](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev)\n[![Ruff](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json)](https://github.com/astral-sh/ruff)\n[![Managed with uv](https://img.shields.io/badge/managed%20with-uv-2f3542)](https://github.com/astral-sh/uv)\n[![Docs](https://img.shields.io/badge/docs-mountainowl.github.io%2Fbubo-4f62ad)](https://mountainowl.github.io/bubo/)\n[![License: MIT](https://img.shields.io/badge/license-MIT-111827)](https://github.com/mountainowl/bubo/blob/main/LICENSE)\n\n**Agentic AI code review with the LLM of your choice.** Bubo reviews your GitLab\nMRs and GitHub PRs with the model *you* run, and posts only the findings worth\nacting on as inline threads — no chatbot noise, no praise, no summaries.\n\n- 🔒 **Self-hosted** — code, diffs, and review data stay on your infrastructure\n- 🧠 **Bring-your-own-LLM** — Codex, Claude, or any model your CLI drives\n- 🔀 **GitLab \u0026 GitHub** — one config, identical behavior on both\n- 🎯 **Inline findings only** — with one \"all good\" ack on a clean change\n- 🛡️ **Governance, provenance \u0026 an auditable on-prem report**\n- 📊 **OpenTelemetry metrics** — cosign-signed releases with SBOMs\n\n📖 **Full documentation → [mountainowl.github.io/bubo](https://mountainowl.github.io/bubo/)**\n\n## Install\n\n```sh\nuv tool install bubo     # or: pipx install bubo\nbubo init                # idempotent; seeds config + workspace + DB\nbubo doctor              # verify before the first poll\nbubo-poller              # one poll cycle — dry-run by default, posts nothing\n```\n\nPrefer a container? `docker pull ghcr.io/mountainowl/bubo` (multi-arch; the\nreview-agent CLI is BYO). Full walkthrough in\n[Install and configure](https://mountainowl.github.io/bubo/install-and-configure/).\n\n## Documentation\n\nEverything lives on the docs site — this README is just the front door.\n\n| | |\n|---|---|\n| [Recipes](https://mountainowl.github.io/bubo/recipes/) | Copy-paste GitLab / GitHub / in-house-model setups. |\n| [Features](https://mountainowl.github.io/bubo/features/) | The full capability list. |\n| [Configuration](https://mountainowl.github.io/bubo/configuration/) | Every setting, per section, plus a quick-start config. |\n| [Operate](https://mountainowl.github.io/bubo/operate/) | Deploy, schedule, grade outcomes, governance report. |\n| [Troubleshooting](https://mountainowl.github.io/bubo/troubleshooting/) | Host / infra fixes (sandbox, AppArmor). |\n| [Metrics \u0026 telemetry](https://mountainowl.github.io/bubo/telemetry/) | Emitted `llm_review.*` metrics and dashboards. |\n\n## Status\n\n- **GitLab \u0026 GitHub posting via polling** — production path, at outcome-metric\n  parity. Set `[scm].provider = \"github\"` (or `BUBO_PROVIDER=github`).\n- **MCP server (`bubo-mcp`)** — read-only metrics + triggered reviews; stdio or HTTP.\n- **Codex or Claude** — Bubo runs the review through a wrapper around your agent\n  CLI; Codex ships pre-wired.\n- **Webhook-driven triggering** — not yet; polling is the only path.\n\nReview execution sits outside CI/CD by design — run it as a poller beside your\nexisting pipelines.\n\n## Security\n\n- `config/env.toml` is gitignored and holds tokens. **Do not print or commit real values.**\n- Review-agent stdout is redacted (`GITLAB_TOKEN=`, `OPENAI_API_KEY=`, `glpat-…`,\n  `sk-…`, credentialed Git URLs) before it touches reports, logs, or the database.\n- The reviewer subprocess runs under a strict env allowlist — host secrets aren't\n  handed wholesale to the LLM agent.\n- Releases are cosign-signed via Sigstore keyless OIDC, with an SBOM on every release.\n- Report vulnerabilities per [SECURITY.md](SECURITY.md).\n\n## Community\n\n[Contributing](CONTRIBUTING.md) · [Security policy](SECURITY.md) · [Support](SUPPORT.md) · [Code of conduct](CODE_OF_CONDUCT.md) · [License: MIT](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmountainowl%2Fbubo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmountainowl%2Fbubo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmountainowl%2Fbubo/lists"}