{"id":48837618,"url":"https://github.com/s1rt3ge/code-review-agent","last_synced_at":"2026-04-26T17:00:40.009Z","repository":{"id":351184190,"uuid":"1209453662","full_name":"S1rt3ge/code-review-agent","owner":"S1rt3ge","description":"AI-powered GitHub PR reviews with 4 parallel agents: Security, Performance, Style, Logic. Built with FastAPI + LangGraph + React.","archived":false,"fork":false,"pushed_at":"2026-04-26T10:13:03.000Z","size":675,"stargazers_count":0,"open_issues_count":8,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-26T12:15:07.198Z","etag":null,"topics":["ai","code-review","fastapi","github-app","langgraph","llm","python","react"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/S1rt3ge.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":"docs/governance-checklist.md","roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-13T12:51:52.000Z","updated_at":"2026-04-26T10:11:37.000Z","dependencies_parsed_at":null,"dependency_job_id":"9f33846b-bb18-4b01-a72f-6788557b9c48","html_url":"https://github.com/S1rt3ge/code-review-agent","commit_stats":null,"previous_names":["s1rt3ge/code-review-agent"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/S1rt3ge/code-review-agent","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/S1rt3ge%2Fcode-review-agent","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/S1rt3ge%2Fcode-review-agent/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/S1rt3ge%2Fcode-review-agent/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/S1rt3ge%2Fcode-review-agent/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/S1rt3ge","download_url":"https://codeload.github.com/S1rt3ge/code-review-agent/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/S1rt3ge%2Fcode-review-agent/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32305039,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-26T09:34:17.070Z","status":"ssl_error","status_checked_at":"2026-04-26T09:34:00.993Z","response_time":129,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","code-review","fastapi","github-app","langgraph","llm","python","react"],"created_at":"2026-04-15T00:05:09.085Z","updated_at":"2026-04-26T17:00:39.997Z","avatar_url":"https://github.com/S1rt3ge.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AI Code Review Agent\n\n![Python](https://img.shields.io/badge/Python-3.12-3776AB?logo=python\u0026logoColor=white) ![FastAPI](https://img.shields.io/badge/FastAPI-async-009688?logo=fastapi\u0026logoColor=white) ![React](https://img.shields.io/badge/React-19-61DAFB?logo=react\u0026logoColor=black) ![PostgreSQL](https://img.shields.io/badge/PostgreSQL-queue%20backed-4169E1?logo=postgresql\u0026logoColor=white) ![GitHub Actions](https://img.shields.io/badge/CI-security%20gated-2088FF?logo=githubactions\u0026logoColor=white) ![License](https://img.shields.io/badge/License-MIT-green)\n\nA production-oriented full-stack application that reviews GitHub pull requests using multiple specialized AI agents running in parallel.\n\nThe system ingests PR events, extracts code diffs, routes them through dedicated review agents (security, performance, style, logic), aggregates findings, and surfaces results through both GitHub PR comments and a real-time web dashboard.\n\nThis project was built as an end-to-end engineering exercise in backend architecture, async workflows, frontend UX, CI/CD hardening, operational reliability, and AI-assisted developer tooling.\n\n## Key Engineering Wins\n\n- Built a **durable database-backed analysis queue** with retry, stale-lock recovery, and health diagnostics instead of transient in-memory background tasks.\n- Implemented a **multi-agent review pipeline** that separates security, performance, style, and logic concerns while aggregating results into a single developer-facing output.\n- Hardened the project with **rate limiting, release gates, secret scanning, dependency audits, SBOM generation, branch protection, and governance policies**.\n- Delivered a **full-stack authenticated product flow** with JWT auth, email verification, password reset, encrypted settings storage, and real-time WebSocket progress.\n\n## Highlights\n\n- Parallel multi-agent review with deduplicated result aggregation\n- Async FastAPI backend with PostgreSQL, JWT auth, and WebSocket progress updates\n- React dashboard for review history, settings, and real-time execution state\n- Durable database-backed analysis queue with retry, stale-lock recovery, and health diagnostics\n- GitHub webhook / PR comment integration\n- Production hardening across auth, CI, release gating, dependency hygiene, and governance\n\n## Product Overview\n\nAt a high level, the application behaves like an automated AI reviewer that sits inside a normal GitHub-based pull request workflow:\n\n1. A pull request is opened or updated.\n2. GitHub sends a webhook event to the backend.\n3. A review record is created and queued for durable background processing.\n4. Code diffs are chunked and analyzed by multiple domain-specific agents in parallel.\n5. Findings are deduplicated, ranked, and stored.\n6. Results are exposed in the dashboard and can be posted back to the PR as a structured comment.\n\n## Architecture\n\n```text\nGitHub Pull Request Event\n        |\n        v\nFastAPI Webhook Receiver\n        |\n        v\nReview + Analysis Job Created\n        |\n        v\nDurable Analysis Queue (DB-backed)\n        |\n        v\nLangGraph-style Orchestrator\n        |\n        +--\u003e Security Agent\n        +--\u003e Performance Agent\n        +--\u003e Style Agent\n        +--\u003e Logic Agent\n        |\n        v\nResult Aggregation + Persistence\n        |\n        +--\u003e Dashboard API / WebSocket updates\n        +--\u003e GitHub PR comment publishing\n```\n\n## Core Capabilities\n\n### Multi-agent AI review\n\nThe backend runs several specialized review agents in parallel, each focused on a different concern:\n\n| Agent | Focus |\n|---|---|\n| Security | Injection, secret exposure, auth flaws, insecure patterns |\n| Performance | N+1 patterns, expensive loops, avoidable copies, scaling risks |\n| Style | Naming, readability, consistency, maintainability issues |\n| Logic | Boundary conditions, null handling, type mismatches, correctness bugs |\n\n### Durable background processing\n\nInstead of relying on fire-and-forget in-memory tasks, review execution is backed by a durable `analysis_jobs` queue in the database.\n\nThis includes:\n\n- queued job persistence\n- retries with backoff\n- stale lock recovery\n- queue health metrics\n- startup recovery for interrupted work\n\n### Real-time user feedback\n\nThe frontend subscribes to review progress through WebSockets so users can see analysis state changes while the backend processes a review.\n\n### Auth and account lifecycle\n\nThe application supports a complete authenticated user flow:\n\n- registration\n- login via JWT\n- email verification\n- password reset\n- verified-email enforcement for protected access\n\n### GitHub integration\n\nThe system is designed to operate as part of a GitHub PR workflow, including:\n\n- webhook validation\n- repository linkage\n- PR-triggered review creation\n- optional PR comment publishing with findings\n\n## Engineering Focus Areas\n\nThis project intentionally goes beyond a prototype and includes engineering concerns that are often missing from demo applications.\n\n### Reliability\n\n- Durable queue instead of transient in-process background work\n- Stale job recovery for long-running tasks\n- Startup recovery for interrupted review state\n- Degraded health signaling when queue risk thresholds are exceeded\n\n### Security\n\n- Auth rate limiting\n- Webhook signature validation\n- Encrypted key storage with Fernet\n- Production guardrail for default JWT secret\n- Explicit production email delivery behavior\n- Secret scanning and dependency audit gates in CI\n\n### Observability\n\n- Sentry integration hooks\n- Queue diagnostics via `/health` and dashboard stats\n- Alerting baseline for backlog, stale jobs, and runtime exceptions\n\n### Delivery discipline\n\n- Locked Python dependency workflow using `pip-tools`\n- Deterministic frontend installs without `--legacy-peer-deps`\n- Release checklist and release workflow with gating checks\n- SBOM generation in CI\n- Branch protection, CODEOWNERS, and governance documentation\n\n## Tech Stack\n\n### Backend\n\n- Python 3.12\n- FastAPI\n- SQLAlchemy (async)\n- PostgreSQL\n- SlowAPI\n- JWT auth\n- Sentry SDK\n\n### Frontend\n\n- React 19\n- Vite 8\n- JavaScript with JSDoc typing\n- Tailwind CSS 4\n- Zustand\n- Vitest + Testing Library\n\n### AI / orchestration\n\n- Multi-agent orchestration pattern inspired by LangGraph-style execution\n- model/provider routing abstraction\n- support for hosted and local model execution paths\n\n### Tooling / Ops\n\n- Docker / Docker Compose\n- GitHub Actions\n- Dependabot\n- Gitleaks\n- pip-audit / npm audit\n- CycloneDX SBOM generation\n\n## Repository Structure\n\n```text\nbackend/\n  agents/         # AI review agent implementations and orchestration\n  routers/        # API endpoints\n  services/       # queueing, GitHub, aggregation, notifications, extraction\n  models/         # ORM models and API schemas\n  utils/          # auth, crypto, DB, rate limiting, helpers\n\nfrontend/\n  src/\n    pages/        # route-level screens\n    components/   # reusable UI pieces\n    hooks/        # API / websocket / settings hooks\n    store/        # Zustand state\n\nsupabase/migrations/\n  SQL schema and incremental database migrations\n\n.github/\n  workflows/      # CI, release, PR labeling\n  CODEOWNERS\n  ISSUE_TEMPLATE/\n```\n\n## Selected Implementation Details\n\n### Queue health model\n\nThe queue layer exposes operational metrics such as:\n\n- pending job count\n- running job count\n- error job count\n- retry count\n- stale running job count\n- oldest pending age\n\nThese metrics are surfaced through:\n\n- `/health`\n- `/api/dashboard/stats`\n\n### Release workflow\n\nThe manual release workflow validates:\n\n- semantic version format\n- target branch correctness\n- required check-runs are green\n- changelog has non-empty unreleased notes\n\n### Cross-platform Python dependency strategy\n\nThe project uses:\n\n- `requirements.in` as the source spec\n- `requirements.txt` as the canonical locked runtime dependency set\n- `requirements-dev-windows.in` as a Windows-specific local development overlay\n\nThis keeps CI/runtime deterministic while still allowing local development on Windows.\n\n## Local Development\n\n### Prerequisites\n\n- Python 3.12\n- Node.js 20+\n- PostgreSQL (or Docker)\n\n### Backend\n\n```bash\npip install -r requirements.txt -r requirements-dev-windows.in  # Windows local dev\nuvicorn backend.main:app --reload\n```\n\n### Frontend\n\n```bash\ncd frontend\nnpm ci\nnpm run dev\n```\n\n### Docker\n\n```bash\ndocker compose up --build\n```\n\n## Testing\n\n### Backend\n\n```bash\npytest -m \"not integration\" --tb=short -q\npytest -m integration --tb=short -q\n```\n\n### Frontend\n\n```bash\ncd frontend\nnpm test -- --run\nnpm run build\n```\n\n### CI gates\n\nThe repository includes automated checks for:\n\n- backend tests\n- frontend build\n- secret scanning\n- dependency auditing\n- SBOM generation\n- linting\n\n## What This Project Demonstrates\n\nThis repository is intentionally strong as a hiring portfolio project because it demonstrates more than feature implementation.\n\nIt shows experience with:\n\n- Designing async backend systems\n- Building full-stack authenticated products\n- Integrating external platforms such as GitHub\n- Orchestrating AI-driven workflows\n- Making systems production-capable through queueing, recovery, release gates, and operational docs\n- Improving developer experience through automation and governance\n\n## Notes\n\nSome operational details in this repository are intentionally documented at a policy/process level rather than tied to any personal or private infrastructure. The goal is to show engineering quality and production thinking without exposing sensitive configuration or deployment specifics.\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fs1rt3ge%2Fcode-review-agent","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fs1rt3ge%2Fcode-review-agent","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fs1rt3ge%2Fcode-review-agent/lists"}