Enterprise-grade GitHub App for intelligent code review automation
A production-ready GitHub App that provides intelligent, AI-powered code reviews for pull requests. Built with functional programming principles and modern FastAPI architecture, this system automatically analyzes code changes, identifies bugs, security vulnerabilities, and performance issues, then provides actionable feedback directly in GitHub PRs.
- AI-Powered Bug Detection: Uses OpenAI GPT-3.5 to identify critical bugs, security flaws, and logic errors
- Multi-Language Support: Supports Python, JavaScript, TypeScript, Java, C++, Go, Rust, and 15+ languages
- Context-Aware Analysis: Analyzes code changes with surrounding context for accurate issue detection
- Severity Classification: Categorizes issues by severity (error/warning/info) and type (bug/security/performance)
- CodeRabbit-Style Progress: Live progress indicators showing review status
- Instant Feedback: Comments appear as analysis completes
- Non-blocking Webhooks: Async processing ensures fast webhook responses
- Commit Validation: Ensures reviews target the latest commit
- GitHub App Authentication: Secure JWT-based GitHub App integration
- Webhook Signature Verification: HMAC-SHA256 signature validation
- Input Sanitization: Comprehensive payload validation and size limits
- OWASP Compliance: Security-first design with safe defaults
- Functional Architecture: Pure functions, no classes - easier testing and maintenance
- Async/Await: Non-blocking I/O for high concurrency
- Structured Logging: Comprehensive logging with contextual information
- Error Recovery: Graceful error handling with detailed status reporting
┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐
│ GitHub PR │ │ PR Reviewer │ │ OpenAI API │
│ (Webhook) │───▶│ FastAPI App │───▶│ (Analysis) │
└─────────────────┘ └──────────────────┘ └─────────────────┘
│
▼
┌──────────────────┐
│ GitHub Comments │
│ & Status API │
└──────────────────┘
| Component | Purpose | Key Features |
|---|---|---|
webhooks.py |
GitHub event handling | Signature verification, event routing |
handlers.py |
PR processing logic | Metadata extraction, commit validation |
review.py |
Review orchestration | Progress tracking, workflow management |
analysis.py |
AI-powered code analysis | OpenAI integration, issue classification |
diff_parser.py |
Diff processing | Line-by-line parsing, context extraction |
auth.py |
GitHub authentication | JWT generation, installation tokens |
- Python 3.10+
- GitHub App with webhook permissions
- OpenAI API key
# Clone repository
git clone <your-repo>
cd pr-reviewer
# Create virtual environment
python -m venv .venv
source .venv/bin/activate # On Windows: .venv\Scripts\activate
# Install dependencies
pip install -r requirements.txt# Create .env file
cat > .env << EOF
# GitHub App Configuration
GITHUB_APP_ID=your_app_id
GITHUB_PRIVATE_KEY_PATH=./private-key.pem
GITHUB_WEBHOOK_SECRET=your_webhook_secret
# OpenAI Configuration
OPENAI_API_KEY=your_openai_key
# Application Configuration
ENVIRONMENT=development
HOST=0.0.0.0
PORT=8000
LOG_LEVEL=INFO
# Security Configuration
ALLOWED_HOSTS=localhost,127.0.0.1
ALLOWED_ORIGINS=http://localhost:3000
RATE_LIMIT=100
EOF- Create a GitHub App with these permissions:
- Pull requests: Read & Write
- Commit statuses: Write
- Contents: Read
- Generate and download private key
- Install app on target repositories
- Configure webhook URL:
https://your-domain.com/webhook
# Development
uvicorn app.main:app --reload --host 0.0.0.0 --port 8000
# Production
uvicorn app.main:app --host 0.0.0.0 --port 8000 --workers 4| Endpoint | Method | Purpose |
|---|---|---|
/health |
GET | Health check with service status |
/webhook |
POST | GitHub webhook handler |
/docs |
GET | Interactive API documentation (dev only) |
| Variable | Required | Description | Default |
|---|---|---|---|
GITHUB_APP_ID |
✅ | GitHub App ID | - |
GITHUB_PRIVATE_KEY_PATH |
✅ | Path to private key file | - |
GITHUB_WEBHOOK_SECRET |
✅ | Webhook secret for validation | - |
OPENAI_API_KEY |
✅ | OpenAI API key | - |
ENVIRONMENT |
❌ | Environment (development/production) | development |
LOG_LEVEL |
❌ | Logging level | INFO |
ALLOWED_HOSTS |
❌ | Comma-separated allowed hosts | localhost,127.0.0.1 |
RATE_LIMIT |
❌ | Requests per minute | 100 |
pr-reviewer/
├── app/
│ ├── main.py # FastAPI application entry point
│ ├── config.py # Configuration management
│ ├── server.py # Server setup and middleware
│ └── github/
│ ├── webhooks.py # Webhook handling and validation
│ ├── handlers.py # PR event processing
│ ├── review.py # AI review workflow
│ ├── analysis.py # OpenAI code analysis
│ ├── diff_parser.py # Diff parsing and processing
│ ├── auth.py # GitHub App authentication
│ ├── api.py # GitHub API client
│ ├── inline_comments.py # Comment generation
│ ├── summary.py # Review summarization
│ └── prompts.py # AI prompts and templates
├── requirements.txt # Python dependencies
├── pyproject.toml # Project configuration
└── README.md # This file
- Functional Programming: No classes, pure functions only
- Type Hints: Full type annotations for better IDE support
- Error Handling: Comprehensive exception handling with logging
- Security: Input validation, secure defaults, OWASP compliance
- Testing: Unit tests for critical functions (add tests as needed)
graph TD
A[PR Webhook] --> B[Signature Validation]
B --> C[Parse Payload]
C --> D[Extract PR Metadata]
D --> E[Fetch Latest Commit]
E --> F[Get PR Diff]
F --> G[Parse Changed Lines]
G --> H[AI Analysis per Line]
H --> I[Generate Issues]
I --> J[Post Inline Comments]
J --> K[Update PR Status]
K --> L[Post Summary Comment]
Built with: Python 3.10+, FastAPI, OpenAI GPT-3.5, GitHub App API | Features: Functional programming, async/await, security-first design, real-time analysis