https://github.com/mountainowl/bubo
Bubo ๐ฆ โ agentic AI code review for GitLab MRs and GitHub PRs, with the LLM of your choice. Posts only actionable findings as inline review threads.
https://github.com/mountainowl/bubo
ai-code-review anthropic automated-code-review claude claude-code code-review code-review-agent codex developer-tools gitlab-ci llm llm-code-review mcp mcp-server merge-request openai opentelemetry pull-request python review-tools
Last synced: 6 days ago
JSON representation
Bubo ๐ฆ โ agentic AI code review for GitLab MRs and GitHub PRs, with the LLM of your choice. Posts only actionable findings as inline review threads.
- Host: GitHub
- URL: https://github.com/mountainowl/bubo
- Owner: mountainowl
- License: mit
- Created: 2026-05-27T17:06:36.000Z (about 2 months ago)
- Default Branch: main
- Last Pushed: 2026-07-02T18:08:59.000Z (10 days ago)
- Last Synced: 2026-07-02T20:07:38.325Z (10 days ago)
- Topics: ai-code-review, anthropic, automated-code-review, claude, claude-code, code-review, code-review-agent, codex, developer-tools, gitlab-ci, llm, llm-code-review, mcp, mcp-server, merge-request, openai, opentelemetry, pull-request, python, review-tools
- Language: Python
- Homepage: https://mountainowl.github.io/bubo/
- Size: 8.32 MB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
- Support: SUPPORT.md
Awesome Lists containing this project
README
# Bubo ๐ฆ
[](https://pypi.org/project/bubo/)
[](https://github.com/mountainowl/bubo/blob/main/pyproject.toml)
[](https://github.com/mountainowl/bubo/pkgs/container/bubo)
[](https://github.com/mountainowl/bubo/actions/workflows/ci.yml)
[](https://scorecard.dev/viewer/?uri=github.com/mountainowl/bubo)
[](https://github.com/mountainowl/bubo/releases)
[](https://slsa.dev)
[](https://github.com/astral-sh/ruff)
[](https://github.com/astral-sh/uv)
[](https://mountainowl.github.io/bubo/)
[](https://github.com/mountainowl/bubo/blob/main/LICENSE)
**Agentic AI code review with the LLM of your choice.** Bubo reviews your GitLab
MRs and GitHub PRs with the model *you* run, and posts only the findings worth
acting on as inline threads โ no chatbot noise, no praise, no summaries.
- ๐ **Self-hosted** โ code, diffs, and review data stay on your infrastructure
- ๐ง **Bring-your-own-LLM** โ Codex, Claude, or any model your CLI drives
- ๐ **GitLab & GitHub** โ one config, identical behavior on both
- ๐ฏ **Inline findings only** โ with one "all good" ack on a clean change
- ๐ก๏ธ **Governance, provenance & an auditable on-prem report**
- ๐ **OpenTelemetry metrics** โ cosign-signed releases with SBOMs
๐ **Full documentation โ [mountainowl.github.io/bubo](https://mountainowl.github.io/bubo/)**
## Install
```sh
uv tool install bubo # or: pipx install bubo
bubo init # idempotent; seeds config + workspace + DB
bubo doctor # verify before the first poll
bubo-poller # one poll cycle โ dry-run by default, posts nothing
```
Prefer a container? `docker pull ghcr.io/mountainowl/bubo` (multi-arch; the
review-agent CLI is BYO). Full walkthrough in
[Install and configure](https://mountainowl.github.io/bubo/install-and-configure/).
## Documentation
Everything lives on the docs site โ this README is just the front door.
| | |
|---|---|
| [Recipes](https://mountainowl.github.io/bubo/recipes/) | Copy-paste GitLab / GitHub / in-house-model setups. |
| [Features](https://mountainowl.github.io/bubo/features/) | The full capability list. |
| [Configuration](https://mountainowl.github.io/bubo/configuration/) | Every setting, per section, plus a quick-start config. |
| [Operate](https://mountainowl.github.io/bubo/operate/) | Deploy, schedule, grade outcomes, governance report. |
| [Troubleshooting](https://mountainowl.github.io/bubo/troubleshooting/) | Host / infra fixes (sandbox, AppArmor). |
| [Metrics & telemetry](https://mountainowl.github.io/bubo/telemetry/) | Emitted `llm_review.*` metrics and dashboards. |
## Status
- **GitLab & GitHub posting via polling** โ production path, at outcome-metric
parity. Set `[scm].provider = "github"` (or `BUBO_PROVIDER=github`).
- **MCP server (`bubo-mcp`)** โ read-only metrics + triggered reviews; stdio or HTTP.
- **Codex or Claude** โ Bubo runs the review through a wrapper around your agent
CLI; Codex ships pre-wired.
- **Webhook-driven triggering** โ not yet; polling is the only path.
Review execution sits outside CI/CD by design โ run it as a poller beside your
existing pipelines.
## Security
- `config/env.toml` is gitignored and holds tokens. **Do not print or commit real values.**
- Review-agent stdout is redacted (`GITLAB_TOKEN=`, `OPENAI_API_KEY=`, `glpat-โฆ`,
`sk-โฆ`, credentialed Git URLs) before it touches reports, logs, or the database.
- The reviewer subprocess runs under a strict env allowlist โ host secrets aren't
handed wholesale to the LLM agent.
- Releases are cosign-signed via Sigstore keyless OIDC, with an SBOM on every release.
- Report vulnerabilities per [SECURITY.md](SECURITY.md).
## Community
[Contributing](CONTRIBUTING.md) ยท [Security policy](SECURITY.md) ยท [Support](SUPPORT.md) ยท [Code of conduct](CODE_OF_CONDUCT.md) ยท [License: MIT](LICENSE)