Quick Start¶
Get AI Code Reviewer running in 5 minutes on GitHub or GitLab.
Step 1: Choose Your LLM Provider & Get an API Key¶
AI Reviewer supports multiple LLM providers. Pick one (or use both for fallback):
- Go to Google AI Studio
- Sign in with your Google account
- Click "Get API key" โ "Create API key"
- Copy the key (it starts with
AIza...)
Free tier
Gemini API has a generous free tier: 15 requests per minute, sufficient for most teams of 4-8 developers.
- Go to Mistral Console
- Sign up or sign in
- Navigate to API Keys โ Create new key
- Copy the key (it starts with
sk-...)
Free tier
Mistral offers a free tier for experimentation. After signing up, you get free API credits to try all models. Check Mistral Pricing for current limits.
Codestral free tier
Codestral (a code-specialized model) has its own free tier with a separate endpoint and key:
- Go to codestral.mistral.ai
- Generate a Codestral API key
- Set
AI_REVIEWER_MISTRAL_API_URL=https://codestral.mistral.ai - Set
AI_REVIEWER_MISTRAL_MODEL=codestral-latest
This key works only with codestral-latest at the Codestral endpoint.
Get both keys using the instructions above. This gives you:
- Mistral as the primary model (e.g.
mistral-large-latest) - Google Gemini as automatic fallback if Mistral is unavailable
This is the most reliable setup for production use.
Save the key
API keys are shown only once. Save them in a secure place.
Step 2: Add Secrets to Your Repository¶
Path: Repository โ Settings โ Secrets and variables โ Actions โ New repository secret
| Name | Value |
|---|---|
AI_REVIEWER_GOOGLE_API_KEY |
Your Gemini key (AIza...) |
| Name | Value |
|---|---|
AI_REVIEWER_MISTRAL_API_KEY |
Your Mistral key (sk-...) |
| Name | Value |
|---|---|
AI_REVIEWER_MISTRAL_API_KEY |
Your Mistral key (sk-...) |
AI_REVIEWER_GOOGLE_API_KEY |
Your Gemini key (AIza...) |
Click "Add secret" for each one.
Detailed instructions with screenshots
- Open your repository on GitHub
- Click Settings (gear icon in the top menu)
- In the left menu find Secrets and variables โ Actions
- Click the green New repository secret button
- Enter the name and paste your key
- Click Add secret
- Repeat for each secret
For GitLab you also need a GitLab token for posting comments.
Step 2a: Create a GitLab Token¶
Path: User avatar โ Edit profile โ Access Tokens
| Field | Value |
|---|---|
| Token name | ai-reviewer |
| Expiration date | Choose a date (max 1 year) |
| Scopes |  api |
Click "Create personal access token" โ Copy the token (shown only once!)
Comments will appear under your username
A Personal Access Token is tied to your account. All review comments will be posted on your behalf.
Maintainer rights required
To create a Project Access Token you need the Maintainer or Owner role in the project.
Path: Project โ Settings โ Access Tokens
| Field | Value |
|---|---|
| Token name | ai-reviewer |
| Expiration date | Choose a date (max 1 year) |
| Role | Developer |
| Scopes | api |
Click "Create project access token" โ Copy the token (shown only once!)
Step 2b: Add Variables to CI/CD¶
Path: Project โ Settings โ CI/CD โ Variables
| Key | Value | Flags |
|---|---|---|
AI_REVIEWER_GOOGLE_API_KEY |
Your Gemini key | Mask,  Uncheck Protected |
AI_REVIEWER_GITLAB_TOKEN |
Token from step 2a | Mask, Uncheck Protected |
| Key | Value | Flags |
|---|---|---|
AI_REVIEWER_MISTRAL_API_KEY |
Your Mistral key | Mask, Uncheck Protected |
AI_REVIEWER_GITLAB_TOKEN |
Token from step 2a | Mask, Uncheck Protected |
| Key | Value | Flags |
|---|---|---|
AI_REVIEWER_MISTRAL_API_KEY |
Your Mistral key | Mask, Uncheck Protected |
AI_REVIEWER_GOOGLE_API_KEY |
Your Gemini key | Mask, Uncheck Protected |
AI_REVIEWER_GITLAB_TOKEN |
Token from step 2a | Mask, Uncheck Protected |
Uncheck ยซProtectedยป!
By default GitLab marks new variables as Protected. Protected variables are only available in protected branches (e.g. main), but MR pipelines run on unprotected source branches โ the variable will be empty and you'll get 401 Unauthorized.
CI_JOB_TOKEN does not work
GitLab's automatic CI_JOB_TOKEN cannot post comments to Merge Requests.
You must create a Personal Access Token (or Project Access Token on Premium+).
Step 3: Add AI Review to CI¶
Create file .github/workflows/ai-review.yml:
name: AI Code Review
on:
pull_request:
types: [opened, synchronize, reopened]
concurrency:
group: ai-review-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs:
review:
runs-on: ubuntu-latest
if: github.event.pull_request.head.repo.full_name == github.repository
permissions:
contents: read
pull-requests: write
steps:
- uses: KonstZiv/ai-code-reviewer@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
google_api_key: ${{ secrets.AI_REVIEWER_GOOGLE_API_KEY }}
name: AI Code Review
on:
pull_request:
types: [opened, synchronize, reopened]
concurrency:
group: ai-review-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs:
review:
runs-on: ubuntu-latest
if: github.event.pull_request.head.repo.full_name == github.repository
permissions:
contents: read
pull-requests: write
steps:
- uses: KonstZiv/ai-code-reviewer@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
mistral_api_key: ${{ secrets.AI_REVIEWER_MISTRAL_API_KEY }}
llm_provider: mistral
name: AI Code Review
on:
pull_request:
types: [opened, synchronize, reopened]
concurrency:
group: ai-review-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs:
review:
runs-on: ubuntu-latest
if: github.event.pull_request.head.repo.full_name == github.repository
permissions:
contents: read
pull-requests: write
steps:
- uses: KonstZiv/ai-code-reviewer@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
mistral_api_key: ${{ secrets.AI_REVIEWER_MISTRAL_API_KEY }}
google_api_key: ${{ secrets.AI_REVIEWER_GOOGLE_API_KEY }}
llm_provider: mistral
llm_fallback_provider: google
name: AI Code Review
on:
pull_request:
types: [opened, synchronize, reopened]
concurrency:
group: ai-review-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs:
review:
runs-on: ubuntu-latest
if: github.event.pull_request.head.repo.full_name == github.repository
permissions:
contents: read
pull-requests: write
steps:
- uses: KonstZiv/ai-code-reviewer@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
mistral_api_key: ${{ secrets.AI_REVIEWER_MISTRAL_API_KEY }}
llm_provider: mistral
mistral_model: codestral-latest
mistral_api_url: https://codestral.mistral.ai
Codestral key
Use the key from codestral.mistral.ai, not the regular Mistral API key.
About GITHUB_TOKEN
secrets.GITHUB_TOKEN is an automatic token that GitHub creates for each workflow run. You don't need to add it to secrets manually โ it's already available.
Create or update .gitlab-ci.yml:
stages:
- review
ai-review:
image: ghcr.io/konstziv/ai-code-reviewer:1
stage: review
script:
- ai-review
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
allow_failure: true
CI/CD variables AI_REVIEWER_GOOGLE_API_KEY and AI_REVIEWER_GITLAB_TOKEN from Step 2b are available automatically.
stages:
- review
ai-review:
image: ghcr.io/konstziv/ai-code-reviewer:1
stage: review
variables:
AI_REVIEWER_LLM_PROVIDER: mistral
script:
- ai-review
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
allow_failure: true
CI/CD variables AI_REVIEWER_MISTRAL_API_KEY and AI_REVIEWER_GITLAB_TOKEN from Step 2b are available automatically.
stages:
- review
ai-review:
image: ghcr.io/konstziv/ai-code-reviewer:1
stage: review
variables:
AI_REVIEWER_LLM_PROVIDER: mistral
AI_REVIEWER_LLM_FALLBACK_PROVIDER: google
script:
- ai-review
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
allow_failure: true
All three CI/CD variables (AI_REVIEWER_MISTRAL_API_KEY, AI_REVIEWER_GOOGLE_API_KEY, AI_REVIEWER_GITLAB_TOKEN) from Step 2b are available automatically.
stages:
- review
ai-review:
image: ghcr.io/konstziv/ai-code-reviewer:1
stage: review
variables:
AI_REVIEWER_LLM_PROVIDER: mistral
AI_REVIEWER_MISTRAL_MODEL: codestral-latest
AI_REVIEWER_MISTRAL_API_URL: https://codestral.mistral.ai
script:
- ai-review
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
allow_failure: true
CI/CD variables AI_REVIEWER_MISTRAL_API_KEY (use Codestral key) and AI_REVIEWER_GITLAB_TOKEN from Step 2b are available automatically.
Step 4: Check the Result¶
Now AI Review will run automatically on:
| Platform | Event |
|---|---|
| GitHub | PR creation, new commits in PR, reopening PR |
| GitLab | MR creation, new commits in MR |
What You'll See¶
After the CI job completes, the PR/MR will have:
- Inline comments โ attached to specific code lines
- "Apply suggestion" button โ for quick fixes (GitHub)
- Summary comment โ general overview with metrics
Each comment contains:
/ 
/ 
Severity badge- Problem description
- Fix suggestion
- Collapsible "Why does this matter?" section
The footer shows which model and provider was used:
Model: Google / gemini-2.5-flash | Tokens: 1,234 | Latency: 2.3s | Est. cost: $0.0012
Troubleshooting¶
Review not appearing?¶
Check the checklist:
- Is the API key added as a secret? (
AI_REVIEWER_GOOGLE_API_KEYorAI_REVIEWER_MISTRAL_API_KEY) - Is
llm_providerset correctly if using Mistral? (default isgoogle) - Is
github_tokenpassed explicitly? (for GitHub) - For GitLab: is
AI_REVIEWER_GITLAB_TOKENset to a Personal Access Token? - Did the CI job complete successfully? (check logs)
- For GitHub: do you have
permissions: pull-requests: write? - For fork PRs: secrets are not available โ this is expected behavior
Rate limit?¶
- Gemini free tier: 15 requests per minute
- Mistral free tier: check Mistral Pricing for current limits
Wait a minute and try again, or configure a fallback provider.
What's Next?¶
| Task | Document |
|---|---|
| Configure response language | Configuration |
| Advanced LLM provider settings | Configuration โ LLM |
| Switch models without changing code | GitHub โ Variable-Driven Config |
| Advanced GitHub settings | GitHub Guide |
| Advanced GitLab settings | GitLab Guide |
| Workflow examples | Examples |