Enterprise-grade AI code review system for GitHub and Gitea with automated PR review, issue triage, interactive chat (Bartender), and codebase analysis.

Features

Feature	Description
PR Review	Inline comments, security scanning, severity-based CI failure
Issue Triage	Auto-classification, labeling, priority assignment
Chat (Bartender)	Interactive AI chat with codebase search and web search tools
@ai-bot Commands	`@ai-bot summarize`, `explain`, `suggest` in issue comments
Codebase Analysis	Health scores, tech debt tracking, weekly reports
Security Scanner	17 OWASP-aligned rules for vulnerability detection
Enterprise Ready	Audit logging, metrics, Prometheus export
Multi-Platform	Works with both GitHub and Gitea

Quick Start

1. Set Repository/Organization Secrets

OPENAI_API_KEY      - OpenAI API key (or use OpenRouter/Ollama)
SEARXNG_URL         - (Optional) SearXNG instance URL for web search

For Gitea:

AI_REVIEW_TOKEN     - Bot token with repo + issue permissions

For GitHub: The built-in GITHUB_TOKEN is used automatically.

2. Add Workflows to Repository

Workflows are provided for both platforms:

Platform	Location
GitHub	`.github/workflows/`
Gitea	`.gitea/workflows/`

GitHub Example

# .github/workflows/ai-review.yml
name: AI PR Review
on: [pull_request]

jobs:
  ai-review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - uses: actions/setup-python@v5
        with:
          python-version: "3.11"

      - run: pip install requests pyyaml

      - name: Run AI Review
        env:
          AI_REVIEW_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          AI_REVIEW_REPO: ${{ github.repository }}
          AI_REVIEW_API_URL: https://api.github.com
          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
        run: |
          cd tools/ai-review
          python main.py pr ${{ github.repository }} ${{ github.event.pull_request.number }}

Gitea Example

# .gitea/workflows/ai-review.yml
name: AI PR Review
on: [pull_request]

jobs:
  ai-review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - uses: actions/checkout@v4
        with:
          repository: YourOrg/OpenRabbit
          path: .ai-review
          token: ${{ secrets.AI_REVIEW_TOKEN }}

      - uses: actions/setup-python@v5
        with:
          python-version: "3.11"

      - run: pip install requests pyyaml

      - name: Run AI Review
        env:
          AI_REVIEW_TOKEN: ${{ secrets.AI_REVIEW_TOKEN }}
          AI_REVIEW_REPO: ${{ gitea.repository }}
          AI_REVIEW_API_URL: https://your-gitea.example.com/api/v1
          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
        run: |
          cd .ai-review/tools/ai-review
          python main.py pr ${{ gitea.repository }} ${{ gitea.event.pull_request.number }}

For full workflow examples, see Workflows Documentation.

3. Create Labels

Create these labels in your repository for auto-labeling:

priority: high, priority: medium, priority: low
type: bug, type: feature, type: question
ai-approved, ai-changes-required

Project Structure

tools/ai-review/
├── agents/                 # Agent implementations
│   ├── base_agent.py       # Abstract base agent
│   ├── issue_agent.py      # Issue triage & @ai-bot commands
│   ├── pr_agent.py         # PR review with security scan
│   ├── codebase_agent.py   # Codebase health analysis
│   └── chat_agent.py       # Bartender chat with tool calling
├── clients/                # API clients
│   ├── gitea_client.py     # Gitea REST API wrapper
│   └── llm_client.py       # Multi-provider LLM client with tool support
├── security/               # Security scanning
│   └── security_scanner.py # 17 OWASP-aligned rules
├── enterprise/             # Enterprise features
│   ├── audit_logger.py     # JSONL audit logging
│   └── metrics.py          # Prometheus-compatible metrics
├── prompts/                # AI prompt templates
├── main.py                 # CLI entry point
└── config.yml              # Configuration

.github/workflows/          # GitHub Actions workflows
├── ai-review.yml           # PR review workflow
├── ai-issue-triage.yml     # Issue triage workflow
├── ai-codebase-review.yml  # Codebase analysis
├── ai-comment-reply.yml    # @ai-bot command responses
└── ai-chat.yml             # Bartender chat

.gitea/workflows/           # Gitea Actions workflows
├── enterprise-ai-review.yml
├── ai-issue-triage.yml
├── ai-codebase-review.yml
├── ai-comment-reply.yml
└── ai-chat.yml

CLI Commands

# Review a pull request
python main.py pr owner/repo 123

# Triage an issue
python main.py issue owner/repo 456

# Respond to @ai-bot command
python main.py comment owner/repo 456 "@ai-bot explain"

# Analyze codebase
python main.py codebase owner/repo

# Chat with Bartender
python main.py chat owner/repo "How does authentication work?"
python main.py chat owner/repo "Find all API endpoints" --issue 789

@ai-bot Commands

In any issue comment:

Command	Description
`@ai-bot summarize`	Summarize the issue in 2-3 sentences
`@ai-bot explain`	Explain what the issue is about
`@ai-bot suggest`	Suggest solutions or next steps
`@ai-bot` (any question)	Chat with Bartender using codebase/web search

Bartender Chat

Bartender is an interactive AI assistant with tool-calling capabilities:

Tools Available:

search_codebase - Search repository files and code
read_file - Read specific files
search_web - Search the web via SearXNG

Example:

@ai-bot How do I configure rate limiting in this project?

Bartender will search the codebase, read relevant files, and provide a comprehensive answer.

Configuration

Edit tools/ai-review/config.yml:

provider: openai   # openai | openrouter | ollama

model:
  openai: gpt-4.1-mini
  openrouter: anthropic/claude-3.5-sonnet
  ollama: codellama:13b

agents:
  issue:
    enabled: true
    auto_label: true
  pr:
    enabled: true
    inline_comments: true
    security_scan: true
  codebase:
    enabled: true
  chat:
    enabled: true
    name: "Bartender"
    searxng_url: ""  # Or set SEARXNG_URL env var

interaction:
  respond_to_mentions: true
  mention_prefix: "@ai-bot"  # Customize your bot name here!
  commands:
    - summarize
    - explain
    - suggest

Customizing the Bot Name

You can change the bot's mention trigger from @ai-bot to any name you prefer:

Step 1: Edit tools/ai-review/config.yml:

interaction:
  mention_prefix: "@bartender"  # or "@uni", "@joey", "@codebot", etc.

Step 2: Update the workflow files to match:

For GitHub (.github/workflows/ai-comment-reply.yml and ai-chat.yml):

if: contains(github.event.comment.body, '@bartender')

For Gitea (.gitea/workflows/ai-comment-reply.yml and ai-chat.yml):

if: contains(github.event.comment.body, '@bartender')

Example bot names:

Name	Use Case
`@bartender`	Friendly, conversational
`@uni`	Short, quick to type
`@joey`	Personal assistant feel
`@codebot`	Technical, code-focused
`@reviewer`	Review-focused

Security Scanning

17 rules covering OWASP Top 10:

Category	Examples
Injection	SQL injection, command injection, XSS
Access Control	Hardcoded secrets, private keys
Crypto Failures	Weak hashing (MD5/SHA1), insecure random
Misconfiguration	Debug mode, CORS wildcard, SSL bypass

Documentation

Document	Description
Getting Started	Quick setup guide
Configuration	All options explained
Agents	Agent documentation
Security	Security rules reference
Workflows	GitHub & Gitea workflow examples
API Reference	Client and agent APIs
Enterprise	Audit logging, metrics
Troubleshooting	Common issues

LLM Providers

Provider	Model	Use Case
OpenAI	gpt-4.1-mini	Fast, reliable
OpenRouter	claude-3.5-sonnet	Multi-provider access
Ollama	codellama:13b	Self-hosted, private

Enterprise Features

Audit Logging: JSONL logs with daily rotation
Metrics: Prometheus-compatible export
Rate Limiting: Configurable request limits
Custom Security Rules: Define your own patterns via YAML
Tool Calling: LLM function calling for interactive chat

License

MIT