AI ReviewBot

AI-powered assistant for automated code review in your CI/CD pipeline.

---

What is it?

AI Code Reviewer is a tool that automatically analyzes your Pull Requests (GitHub) and Merge Requests (GitLab), finds issues and suggests fixes with an "Apply Suggestion" button. Essentially, you get an unbiased senior developer's perspective on your code along with suggestions for improvement.

Integration with a wide range of existing LLM providers is possible (by default Google Gemini, model gemini-2.5-flash — at the time of the current release, the free tier usage limits on requests per minute and per day are sufficient for a normal workflow of a team of 4-8 full-time developers).

---

What do you get?

• Code Comments — overall code assessment and recommendations
• Task Alignment — PR/MR alignment with task context
• Inline Comments — comments directly on code lines
• Apply Suggestion — one-click button to apply fixes
• Mentoring explanations — why it matters + resource links
• Language adaptivity — detects language from PR/MR context
• Metrics — execution time, tokens
• Resilience — retry logic for 429/5xx errors

---

Quick Start

Important: to follow the next steps you'll need your personal Google API key. You can get it for free either at Google AI Studio or Google Cloud Console.

AI Code Reviewer can be configured to use different LLM providers and models, both free and paid. The following examples use the gemini-2.5-flash model. Other documentation sections explain how to connect other providers and use other models. We're interested in your opinion about the differences between various models — we'd love to read about your experience in the comments.

GitHub

In your repository, create: - in Settings → Secrets and variables [Security] → Actions → press New repository secret: - create a secret named AI_REVIEWER_GOOGLE_API_KEY with your Google API key as the value. - in the root of your project repository: - create file .github/workflows/ai-review.yml with the following content:

# .github/workflows/ai-review.yml
name: AI Code Review
on:
  pull_request:
    types: [opened, synchronize]

jobs:
  review:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
    steps:
      - uses: KonstZiv/ai-code-reviewer@v1
        with:
          google_api_key: ${{ secrets.AI_REVIEWER_GOOGLE_API_KEY }}

GitLab

In your repository, create:

1. GitLab Token (required for posting comments):

   • Personal Access Token (all plans, including Free) — go to your User Settings → Access Tokens, create token with scope api. Comments will appear under your username.
   • Project Access Token (Premium/Ultimate only) — go to Settings → Access Tokens, create token with name ai-reviewer, role Developer, scope api
   • Copy the token (shown only once!)

2. CI/CD Variables:

   • Go to Settings → CI/CD → Variables
   • Add AI_REVIEWER_GOOGLE_API_KEY: your Google API key (Masked)
   • Add AI_REVIEWER_GITLAB_TOKEN: token from step 1 (Masked)

3. CI configuration:

   • Create file .gitlab-ci.yml in the project root:

# .gitlab-ci.yml
ai-review:
  image: ghcr.io/konstziv/ai-code-reviewer:1
  script:
    - ai-review
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
  allow_failure: true

Learn more →

Create a new PR/MR — get a review.

Review quality directly depends on AI Code Reviewer's understanding of your intentions (just like with a real human reviewer). Therefore, it's a good idea to accompany the development process with documentation: - create an issue describing the problem and desired results - create a linked branch/linked PR/MR in the issue, describing the problem in more detail, the solution approach, constraints, desired results, edge cases — anything that adds context understanding, tools, results - if you work in a team — communicate in issues, comment on PR/MRs — all this adds context and improves review quality

---

Supported Platforms

Platform	Status	Integration
GitHub		GitHub Actions / GitHub Action
GitLab		GitLab CI / Docker image
Self-hosted		Docker / PyPI

---

How does it work?

graph TD
    A[PR/MR created] --> B[CI runs AI Review]
    B --> C[Get diff + context]
    C --> D[Analyze with Gemini]
    D --> E[Post Inline Comments]
    E --> F[Apply Suggestion button]

Step by step:

1. You create a PR/MR
2. CI pipeline runs AI Code Reviewer
3. The tool fetches diff, PR description, linked task
4. Gemini analyzes the code and generates recommendations
5. Results are posted as inline comments with an "Apply" button

---

Review Example

🔴 CRITICAL: Hardcoded Secret

File: config.py:15

Hardcoded API key found in code.

API_KEY = os.getenv("API_KEY")

Why does this matter?

Secrets in code end up in git history and can be stolen. Use environment variables or secret managers.

OWASP: Hardcoded Credentials

---

Issue Categories

Category	Description
Security	Vulnerabilities, hardcoded secrets
Code Quality	Readability, naming, DRY
Architecture	SOLID, design patterns
Performance	N+1, inefficient algorithms
Testing	Coverage, edge cases

---

Installation

Docker (recommended)PyPISource

docker pull ghcr.io/konstziv/ai-code-reviewer:1

pip install ai-reviewbot

git clone https://github.com/KonstZiv/ai-code-reviewer.git
cd ai-code-reviewer
uv sync

Learn more →

---

Configuration

Minimal configuration — just the API key:

export AI_REVIEWER_GOOGLE_API_KEY=your_api_key

Additional options:

Variable	Description	Default
AI_REVIEWER_LANGUAGE	Response language (ISO 639)	en
AI_REVIEWER_LANGUAGE_MODE	adaptive / fixed	adaptive
AI_REVIEWER_GEMINI_MODEL	Gemini model	gemini-2.5-flash
AI_REVIEWER_LOG_LEVEL	Logging level	INFO

Legacy names

Old variable names without AI_REVIEWER_ prefix still work as fallback.

All options →

---

Documentation

• Quick Start

  Copy-paste instructions for GitHub and GitLab

• Configuration

  All environment variables and options

• GitHub

  Permissions, secrets, workflow tips

• GitLab

  Job tokens, MR triggers, self-hosted

• CLI Reference

  Commands and parameters

• Troubleshooting

  FAQ and problem solving

---

Cost

AI Code Reviewer uses Google Gemini 3 Flash — in Free Tier mode. The free tier limits are sufficient for serving PR/MRs for a team of 4-8 full-time developers, including both reviews and meaningful comments (without flood and off-topic).

If using the paid tier (Pay-as-you-go), a typical review costs ~$0.003–$0.01.

~1000 reviews = ~$3 ... ~$10

Current pricing →

---

License

Apache 2.0 — free to use, modify, and distribute.

---

Support

• GitHub Issues — bugs and suggestions
• GitHub Discussions — questions and discussions

---

Ready to improve your code reviews? Get started →