# OpenRabbit Enterprise-grade AI code review system for **GitHub** and **Gitea** with automated PR review, issue triage, interactive chat (Bartender), and codebase analysis. --- ## Features | Feature | Description | |---------|-------------| | **PR Review** | Inline comments, security scanning, severity-based CI failure | | **Issue Triage** | Auto-classification, labeling, priority assignment | | **Chat (Bartender)** | Interactive AI chat with codebase search and web search tools | | **@ai-bot Commands** | `@ai-bot summarize`, `explain`, `suggest` in issue comments | | **Codebase Analysis** | Health scores, tech debt tracking, weekly reports | | **Security Scanner** | 17 OWASP-aligned rules for vulnerability detection | | **Enterprise Ready** | Audit logging, metrics, Prometheus export | | **Multi-Platform** | Works with both GitHub and Gitea | --- ## Quick Start ### 1. Set Repository/Organization Secrets ``` OPENAI_API_KEY - OpenAI API key (or use OpenRouter/Ollama) SEARXNG_URL - (Optional) SearXNG instance URL for web search ``` **For Gitea:** ``` AI_REVIEW_TOKEN - Bot token with repo + issue permissions ``` **For GitHub:** The built-in `GITHUB_TOKEN` is used automatically. ### 2. Add Workflows to Repository Workflows are provided for both platforms: | Platform | Location | |----------|----------| | GitHub | `.github/workflows/` | | Gitea | `.gitea/workflows/` | #### GitHub Example ```yaml # .github/workflows/ai-review.yml name: AI PR Review on: [pull_request] jobs: ai-review: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - uses: actions/setup-python@v5 with: python-version: "3.11" - run: pip install requests pyyaml - name: Run AI Review env: AI_REVIEW_TOKEN: ${{ secrets.GITHUB_TOKEN }} AI_REVIEW_REPO: ${{ github.repository }} AI_REVIEW_API_URL: https://api.github.com OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} run: | cd tools/ai-review python main.py pr ${{ github.repository }} ${{ github.event.pull_request.number }} ``` #### Gitea Example ```yaml # .gitea/workflows/ai-review.yml name: AI PR Review on: [pull_request] jobs: ai-review: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - uses: actions/checkout@v4 with: repository: YourOrg/OpenRabbit path: .ai-review token: ${{ secrets.AI_REVIEW_TOKEN }} - uses: actions/setup-python@v5 with: python-version: "3.11" - run: pip install requests pyyaml - name: Run AI Review env: AI_REVIEW_TOKEN: ${{ secrets.AI_REVIEW_TOKEN }} AI_REVIEW_REPO: ${{ gitea.repository }} AI_REVIEW_API_URL: https://your-gitea.example.com/api/v1 OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} run: | cd .ai-review/tools/ai-review python main.py pr ${{ gitea.repository }} ${{ gitea.event.pull_request.number }} ``` For full workflow examples, see [Workflows Documentation](docs/workflows.md). ### 3. Create Labels Create these labels in your repository for auto-labeling: - `priority: high`, `priority: medium`, `priority: low` - `type: bug`, `type: feature`, `type: question` - `ai-approved`, `ai-changes-required` --- ## Project Structure ``` tools/ai-review/ ├── agents/ # Agent implementations │ ├── base_agent.py # Abstract base agent │ ├── issue_agent.py # Issue triage & @ai-bot commands │ ├── pr_agent.py # PR review with security scan │ ├── codebase_agent.py # Codebase health analysis │ └── chat_agent.py # Bartender chat with tool calling ├── clients/ # API clients │ ├── gitea_client.py # Gitea REST API wrapper │ └── llm_client.py # Multi-provider LLM client with tool support ├── security/ # Security scanning │ └── security_scanner.py # 17 OWASP-aligned rules ├── enterprise/ # Enterprise features │ ├── audit_logger.py # JSONL audit logging │ └── metrics.py # Prometheus-compatible metrics ├── prompts/ # AI prompt templates ├── main.py # CLI entry point └── config.yml # Configuration .github/workflows/ # GitHub Actions workflows ├── ai-review.yml # PR review workflow ├── ai-issue-triage.yml # Issue triage workflow ├── ai-codebase-review.yml # Codebase analysis ├── ai-comment-reply.yml # @ai-bot command responses └── ai-chat.yml # Bartender chat .gitea/workflows/ # Gitea Actions workflows ├── enterprise-ai-review.yml ├── ai-issue-triage.yml ├── ai-codebase-review.yml ├── ai-comment-reply.yml └── ai-chat.yml ``` --- ## CLI Commands ```bash # Review a pull request python main.py pr owner/repo 123 # Triage an issue python main.py issue owner/repo 456 # Respond to @ai-bot command python main.py comment owner/repo 456 "@ai-bot explain" # Analyze codebase python main.py codebase owner/repo # Chat with Bartender python main.py chat owner/repo "How does authentication work?" python main.py chat owner/repo "Find all API endpoints" --issue 789 ``` --- ## @ai-bot Commands In any issue comment: | Command | Description | |---------|-------------| | `@ai-bot summarize` | Summarize the issue in 2-3 sentences | | `@ai-bot explain` | Explain what the issue is about | | `@ai-bot suggest` | Suggest solutions or next steps | | `@ai-bot` (any question) | Chat with Bartender using codebase/web search | --- ## Bartender Chat Bartender is an interactive AI assistant with tool-calling capabilities: **Tools Available:** - `search_codebase` - Search repository files and code - `read_file` - Read specific files - `search_web` - Search the web via SearXNG **Example:** ``` @ai-bot How do I configure rate limiting in this project? ``` Bartender will search the codebase, read relevant files, and provide a comprehensive answer. --- ## Configuration Edit `tools/ai-review/config.yml`: ```yaml provider: openai # openai | openrouter | ollama model: openai: gpt-4.1-mini openrouter: anthropic/claude-3.5-sonnet ollama: codellama:13b agents: issue: enabled: true auto_label: true pr: enabled: true inline_comments: true security_scan: true codebase: enabled: true chat: enabled: true name: "Bartender" searxng_url: "" # Or set SEARXNG_URL env var interaction: respond_to_mentions: true mention_prefix: "@ai-bot" # Customize your bot name here! commands: - summarize - explain - suggest ``` --- ## Customizing the Bot Name You can change the bot's mention trigger from `@ai-bot` to any name you prefer: **Step 1:** Edit `tools/ai-review/config.yml`: ```yaml interaction: mention_prefix: "@bartender" # or "@uni", "@joey", "@codebot", etc. ``` **Step 2:** Update the workflow files to match: For GitHub (`.github/workflows/ai-comment-reply.yml` and `ai-chat.yml`): ```yaml if: contains(github.event.comment.body, '@bartender') ``` For Gitea (`.gitea/workflows/ai-comment-reply.yml` and `ai-chat.yml`): ```yaml if: contains(github.event.comment.body, '@bartender') ``` **Example bot names:** | Name | Use Case | |------|----------| | `@bartender` | Friendly, conversational | | `@uni` | Short, quick to type | | `@joey` | Personal assistant feel | | `@codebot` | Technical, code-focused | | `@reviewer` | Review-focused | --- ## Security Scanning 17 rules covering OWASP Top 10: | Category | Examples | |----------|----------| | Injection | SQL injection, command injection, XSS | | Access Control | Hardcoded secrets, private keys | | Crypto Failures | Weak hashing (MD5/SHA1), insecure random | | Misconfiguration | Debug mode, CORS wildcard, SSL bypass | --- ## Documentation | Document | Description | |----------|-------------| | [Getting Started](docs/getting-started.md) | Quick setup guide | | [Configuration](docs/configuration.md) | All options explained | | [Agents](docs/agents.md) | Agent documentation | | [Security](docs/security.md) | Security rules reference | | [Workflows](docs/workflows.md) | GitHub & Gitea workflow examples | | [API Reference](docs/api-reference.md) | Client and agent APIs | | [Enterprise](docs/enterprise.md) | Audit logging, metrics | | [Troubleshooting](docs/troubleshooting.md) | Common issues | --- ## LLM Providers | Provider | Model | Use Case | |----------|-------|----------| | OpenAI | gpt-4.1-mini | Fast, reliable | | OpenRouter | claude-3.5-sonnet | Multi-provider access | | Ollama | codellama:13b | Self-hosted, private | --- ## Enterprise Features - **Audit Logging**: JSONL logs with daily rotation - **Metrics**: Prometheus-compatible export - **Rate Limiting**: Configurable request limits - **Custom Security Rules**: Define your own patterns via YAML - **Tool Calling**: LLM function calling for interactive chat --- ## License MIT