Review GitHub pull requests with AI and log results to PostgreSQL and Slack
Automatically detects new GitHub Pull Requests, analyzes changed code with AI, generates detailed review comments (quality, security, performance, best practices), posts suggestions back to the PR, stores results in a...
Template notes
Automatically detects new GitHub Pull Requests, analyzes changed code with AI, generates detailed review comments (quality, security, performance, best practices), posts suggestions back to the PR, stores results in a database, and sends notifications.
Good to Know - Triggers automatically on new/updated GitHub Pull Requests via webhook (or manual test) - Fetches only changed files/diffs — no need to clone full repo - Uses AI (Grok, OpenAI, Claude, Gemini, etc.) to provide intelligent, context-aware feedback - Covers multiple dimensions: code quality, bugs, security vulnerabilities, performance issues, maintainability, style/best practices - Posts formatted review comments directly on the GitHub PR (with severity levels, suggestions, code snippets) - Stores review history & scores in PostgreSQL (or other DB) for auditing, metrics, team dashboards - Sends real-time notifications (Slack, Discord, email, etc.) for high-severity findings - Saves developers hours on initial reviews and catches issues early
How It Works
1. Trigger PR Detection - GitHub Webhook node — listens for pullrequest events (opened, synchronize, reopened, readyforreview) - Optional: Filter node to ignore drafts, dependabot PRs, or specific branches - Manual trigger available for testing
2. Fetch & Analyze Code - GitHub node — retrieves PR details (title, body, number, repo, base/head commits) - GitHub or HTTP Request — fetches list of changed files + diffs (using GitHub API /pulls/{number}/files and diff content) - Merge PR Details & Extract Diffs — combines metadata + code changes into structured format - Prepares payload: file paths, diff hunks, full file content if needed (truncated for large files)
3. AI Review & Score - Sends prepared diff data + context (language, repo conventions, custom guidelines) to AI model - Prompt engineering focuses on: - Code correctness & bugs - Security vulnerabilities (OWASP, secrets, injection risks) - Performance optimizations - Readability, maintainability, SOLID principles - Best practices & style (specific to language/framework) - Refactoring suggestions with examples - AI returns structured output: severity (low/medium/high/critical), category, comment text, suggested fix (with code block) - Optional: Score node — assigns overall PR quality score (0–100) based on findings
4. Post Review & Notify - Route by severity / issue count (e.g. critical → immediate Slack) - GitHub node — posts detailed review comments on the PR (as bot user) - Supports threaded replies, line-specific comments (if hunk positions available) - Adds label e.g. ai-reviewed, needs-changes - Store Results in PostgreSQL — logs full review (PR link, timestamp, AI output JSON, score, issues list) - Send Summary to Slack (or Discord/Email/Telegram) — concise message with key findings, link to PR, severity highlights - Log Completion — records successful execution for monitoring
Data Sources - GitHub — Pull Requests, diffs, comments, labels (via webhook + API) - AI Model — Grok (xAI), OpenAI GPT-4o / o1, Anthropic Claude, Google Gemini, or local LLM - Storage — PostgreSQL (recommended for structured querying), or Supabase, Airtable, Google Sheets - Notifications — Slack, Discord, Microsoft Teams, Email (SMTP), Telegram