{"id":50900311,"url":"https://github.com/mountainowl/bubo","last_synced_at":"2026-06-16T02:01:46.210Z","repository":{"id":360747815,"uuid":"1251529764","full_name":"mountainowl/bubo","owner":"mountainowl","description":"Bubo 🦉 — agentic AI code review for GitLab MRs and GitHub PRs, with the LLM of your choice. Posts only actionable findings as inline review threads.","archived":false,"fork":false,"pushed_at":"2026-06-16T00:39:50.000Z","size":6905,"stargazers_count":1,"open_issues_count":2,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-16T01:20:39.531Z","etag":null,"topics":["ai-code-review","anthropic","automated-code-review","claude","claude-code","code-review","code-review-agent","codex","developer-tools","gitlab-ci","llm","llm-code-review","mcp","mcp-server","merge-request","openai","opentelemetry","pull-request","python","review-tools"],"latest_commit_sha":null,"homepage":"https://mountainowl.github.io/bubo/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mountainowl.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":"SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-27T17:06:36.000Z","updated_at":"2026-06-16T00:39:45.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/mountainowl/bubo","commit_stats":null,"previous_names":["mountainowl/ai-code-review","mountainowl/bubo"],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/mountainowl/bubo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mountainowl%2Fbubo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mountainowl%2Fbubo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mountainowl%2Fbubo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mountainowl%2Fbubo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mountainowl","download_url":"https://codeload.github.com/mountainowl/bubo/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mountainowl%2Fbubo/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34387472,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-16T02:00:06.860Z","response_time":126,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-code-review","anthropic","automated-code-review","claude","claude-code","code-review","code-review-agent","codex","developer-tools","gitlab-ci","llm","llm-code-review","mcp","mcp-server","merge-request","openai","opentelemetry","pull-request","python","review-tools"],"created_at":"2026-06-16T02:01:04.066Z","updated_at":"2026-06-16T02:01:46.202Z","avatar_url":"https://github.com/mountainowl.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Bubo 🦉\n\n\u003e **Agentic AI code review — with the LLM of your choice.**\n\n[![Python 3.14+](https://img.shields.io/badge/python-3.14%2B-3776ab?logo=python\u0026logoColor=white)](pyproject.toml)\n[![Managed with uv](https://img.shields.io/badge/managed%20with-uv-2f3542)](pyproject.toml)\n[![CI](https://github.com/mountainowl/bubo/actions/workflows/ci.yml/badge.svg)](https://github.com/mountainowl/bubo/actions/workflows/ci.yml)\n[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/mountainowl/bubo/badge)](https://scorecard.dev/viewer/?uri=github.com/mountainowl/bubo)\n[![Docs](https://img.shields.io/badge/docs-mountainowl.github.io%2Fbubo-4f62ad)](https://mountainowl.github.io/bubo/)\n[![License: MIT](https://img.shields.io/badge/license-MIT-111827)](LICENSE)\n\nBubo is an **agentic AI code reviewer** for GitLab MRs and GitHub PRs. It watches\nopen changes, runs a structured agentic review with **the LLM you choose** (Codex,\nClaude, or any model your CLI drives), and posts only actionable findings as inline\nreview threads — no chatbot noise, no praise, no summaries. Like the owl it's named\nfor, it stays silent until it has something worth saying.\n\n![Bubo hero](docs/images/bubo-hero.png)\n\n## 📖 Documentation\n\n**Full, rendered docs live at → [mountainowl.github.io/bubo](https://mountainowl.github.io/bubo/)**\n(the canonical reference). The `docs/*.md` files below are the source for that\nsite; this README is a teaser.\n\n👉 New here? The **[Recipes](https://mountainowl.github.io/bubo/recipes/)**\n([docs/recipes.md](docs/recipes.md)) are copy-paste setups for GitLab and\nGitHub — using Codex (the bundled default) or Claude as the review agent.\n\n## What a review looks like\n\nFindings are posted inline in a fixed shape — `Issue` / `Impact` / `Evidence` /\n`Fix` / `Confidence`:\n\n```text\nIssue: HS256 JWT fallback is skipped when Cognito URL construction fails.\nImpact: Valid local/shared-secret JWT requests return 500 instead of authenticating.\nEvidence: The changed interceptor rethrows InvalidAwsUrlException before fallback runs.\nFix: Treat Cognito validation construction failures as failed Cognito auth when fallback is allowed.\nConfidence: 0.94\n```\n\nWhen a review finds nothing actionable, Bubo posts one short change-level\nacknowledgement (`Automated review ran — no issues found.`) so a clean MR/PR is\ndistinguishable from one the reviewer never touched. It's default-on, dedup'd by\nbot author + exact body, and configurable under `[agents]` (see the\n[configuration reference](docs/configuration.md)).\n\nReal (sanitized) inline findings on GitLab MRs:\n\n![Sanitized inline finding — data primer](docs/images/gitlab-mr-review-data-primer.png)\n\n![Sanitized inline finding — exception handler](docs/images/gitlab-mr-review-exception-handler.png)\n\nMore sanitized examples are in [docs/examples/README.md](docs/examples/README.md).\nDemo GIF: [docs/media/bubo-demo.gif](docs/media/bubo-demo.gif).\n\n## 60-second quickstart\n\nInstall prereqs (uv, Python 3.14+, Git, plus the CLI for your SCM and a Codex\nagent — see [prerequisites](docs/prerequisites.md)), then:\n\n```sh\nuv tool install git+https://github.com/mountainowl/bubo@v0.8.0\nbubo init                # idempotent; --dry-run to preview\n\n# Edit ~/.local/share/bubo/config/env.toml:\n#   [gitlab].token, [agents].llm_model, [agents].llm_api_key,\n#   [agents].llm_api_key_env, and at least one [[projects]] entry.\n\nbubo doctor              # verify before first poll\nbubo-poller              # one poll cycle; exits at the end\n```\n\nThe first cycle runs with `[review].dry_run = true` (the default) — findings are\nplanned but no comments are posted. Flip to `false` once a real review looks\nright. The full walkthrough is in the\n**[Recipes](https://mountainowl.github.io/bubo/recipes/)** and\n[install and configure](docs/install-and-configure.md); poller flags and the\nbundled MCP server are in [run](docs/run.md).\n\n## Further reading\n\nThese render on the [docs site](https://mountainowl.github.io/bubo/) and as\nplain Markdown in the repo:\n\n| Doc | What's in it |\n|---|---|\n| [Prerequisites](docs/prerequisites.md) | macOS / Linux runtime, per-provider tools, credentials, install verification. |\n| [Install and configure](docs/install-and-configure.md) | `uv tool install`, `bubo init`, the minimum `config/env.toml`, GitLab and GitHub bot setup. |\n| [Run](docs/run.md) | One-off review, the poller, the bundled `bubo-mcp` MCP server, and upstream wrappers. |\n| [Configuration reference](docs/configuration.md) | Every `[scm]` / `[gitlab]` / `[github]` / `[review]` / `[poller]` / `[agents]` / `[telemetry]` / `[[projects]]` setting and its default. |\n| [Operate](docs/operate.md) | Remote deploy, scheduling under cron or systemd, `--sync-outcomes` grading, one-shot backfill. |\n| [Telemetry](docs/telemetry.md) | Emitted `llm_review.*` metrics, ready-made dashboard queries, cardinality discipline. |\n\n## Status\n\n- **GitLab \u0026 GitHub posting via polling** — production path, at outcome-metric\n  parity. Set `[scm].provider = \"github\"` (or `BUBO_PROVIDER=github`).\n- **MCP server (`bubo-mcp`)** — read-only metrics + triggered reviews; stdio or HTTP.\n- **Codex or Claude** — Bubo runs the review through a wrapper around your\n  agent CLI. Codex ships pre-wired as the bundled default; Claude works the\n  same way once you point the wrapper at it.\n- **Webhook-driven triggering** — not implemented; polling is the only path.\n\nReview execution is intentionally outside CI/CD. Run it as a poller beside your existing pipelines.\n\n## Security\n\n- `config/env.toml` is gitignored and holds tokens. **Do not print or commit\n  real values from it.**\n- Review-agent stdout is redacted (`GITLAB_TOKEN=`, `OPENAI_API_KEY=`, `glpat-…`,\n  `sk-…`, and credentialed Git URLs) before being written to reports, logs, or\n  the database error column.\n- The reviewer subprocess is launched under a strict env allowlist — host\n  secrets are not passed wholesale into the LLM agent. Releases are cosign-signed\n  with an SBOM. Report vulnerabilities per [`SECURITY.md`](SECURITY.md).\n\n## Bot avatar\n\nUpload [`assets/bubo.png`](assets/bubo.png) as the GitLab (or future GitHub) bot avatar.\n\n![Bubo avatar preview](docs/images/bubo-avatar-preview.png)\n\n## Community\n\n[Contributing](CONTRIBUTING.md) · [Security policy](SECURITY.md) ·\n[Support](SUPPORT.md) · [Code of conduct](CODE_OF_CONDUCT.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmountainowl%2Fbubo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmountainowl%2Fbubo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmountainowl%2Fbubo/lists"}