Hiddenden/openrabbit
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
55230d9f69d038d44062f2752eb81e90d1cde665
openrabbit/README.md
latte 69d9963597
All checks were successful
Enterprise AI Code Review / ai-review (pull_request) Successful in 32s
Details
update
2025-12-28 14:10:04 +00:00

299 lines
7.9 KiB
Markdown
Raw Blame History

# OpenRabbit
Enterprise-grade AI code review system for **Gitea** with automated PR review, issue triage, interactive chat, and codebase analysis.
---
## Features
| Feature | Description |
|---------|-------------|
| **PR Review** | Inline comments, security scanning, severity-based CI failure |
| **Issue Triage** | On-demand classification, labeling, priority assignment via `@codebot triage` |
| **Chat** | Interactive AI chat with codebase search and web search tools |
| **@codebot Commands** | `@codebot summarize`, `explain`, `suggest`, `triage` in issue comments |
| **Codebase Analysis** | Health scores, tech debt tracking, weekly reports |
| **Security Scanner** | 17 OWASP-aligned rules for vulnerability detection |
| **Enterprise Ready** | Audit logging, metrics, Prometheus export |
| **Gitea Native** | Built for Gitea workflows and API |
---
## Quick Start
### 1. Set Repository/Organization Secrets
```
OPENAI_API_KEY - OpenAI API key (or use OpenRouter/Ollama)
SEARXNG_URL - (Optional) SearXNG instance URL for web search
```
**For Gitea:**
```
AI_REVIEW_TOKEN - Bot token with repo + issue permissions
```
**For GitHub:**
The built-in `GITHUB_TOKEN` is used automatically.
### 2. Add Workflows to Repository
Workflows are located in `.gitea/workflows/`.
#### Gitea Example
#### Gitea PR Review Workflow
```yaml
# .gitea/workflows/enterprise-ai-review.yml
name: AI PR Review
on: [pull_request]
jobs:
ai-review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/checkout@v4
with:
repository: YourOrg/OpenRabbit
path: .ai-review
token: ${{ secrets.AI_REVIEW_TOKEN }}
- uses: actions/setup-python@v5
with:
python-version: "3.11"
- run: pip install requests pyyaml
- name: Run AI Review
env:
AI_REVIEW_TOKEN: ${{ secrets.AI_REVIEW_TOKEN }}
AI_REVIEW_REPO: ${{ gitea.repository }}
AI_REVIEW_API_URL: https://your-gitea.example.com/api/v1
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
run: |
cd .ai-review/tools/ai-review
python main.py pr ${{ gitea.repository }} ${{ gitea.event.pull_request.number }}
```
See `.gitea/workflows/` for all workflow examples.
### 3. Create Labels
Create these labels in your repository for auto-labeling:
- `priority: high`, `priority: medium`, `priority: low`
- `type: bug`, `type: feature`, `type: question`
- `ai-approved`, `ai-changes-required`
---
## Project Structure
```
tools/ai-review/
├── agents/ # Agent implementations
│ ├── base_agent.py # Abstract base agent
│ ├── issue_agent.py # Issue triage & @codebot commands
│ ├── pr_agent.py # PR review with security scan
│ ├── codebase_agent.py # Codebase health analysis
│ └── chat_agent.py # Interactive chat with tool calling
├── clients/ # API clients
│ ├── gitea_client.py # Gitea REST API wrapper
│ └── llm_client.py # Multi-provider LLM client with tool support
├── security/ # Security scanning
│ └── security_scanner.py # 17 OWASP-aligned rules
├── enterprise/ # Enterprise features
│ ├── audit_logger.py # JSONL audit logging
│ └── metrics.py # Prometheus-compatible metrics
├── prompts/ # AI prompt templates
├── main.py # CLI entry point
└── config.yml # Configuration
.github/workflows/ # GitHub Actions workflows
├── ai-review.yml # PR review workflow
├── ai-issue-triage.yml # Issue triage workflow
├── ai-codebase-review.yml # Codebase analysis
├── ai-comment-reply.yml # @codebot command responses
└── ai-chat.yml # Interactive AI chat
.gitea/workflows/ # Gitea Actions workflows
├── enterprise-ai-review.yml
├── ai-issue-triage.yml
├── ai-codebase-review.yml
├── ai-comment-reply.yml
└── ai-chat.yml
```
---
## CLI Commands
```bash
# Review a pull request
python main.py pr owner/repo 123
# Triage an issue
python main.py issue owner/repo 456
# Respond to @codebot command
python main.py comment owner/repo 456 "@codebot explain"
# Analyze codebase
python main.py codebase owner/repo
# Chat with the AI bot
python main.py chat owner/repo "How does authentication work?"
python main.py chat owner/repo "Find all API endpoints" --issue 789
```
---
## @codebot Commands
In any issue comment:
| Command | Description |
|---------|-------------|
| `@codebot triage` | Full issue triage with auto-labeling and analysis |
| `@codebot summarize` | Summarize the issue in 2-3 sentences |
| `@codebot explain` | Explain what the issue is about |
| `@codebot suggest` | Suggest solutions or next steps |
| `@codebot` (any question) | Chat with AI using codebase/web search tools |
---
## Interactive Chat
The chat agent is an interactive AI assistant with tool-calling capabilities:
**Tools Available:**
- `search_codebase` - Search repository files and code
- `read_file` - Read specific files
- `search_web` - Search the web via SearXNG
**Example:**
```
@codebot How do I configure rate limiting in this project?
```
The bot will search the codebase, read relevant files, and provide a comprehensive answer.
---
## Configuration
Edit `tools/ai-review/config.yml`:
```yaml
provider: openai # openai | openrouter | ollama
model:
openai: gpt-4.1-mini
openrouter: anthropic/claude-3.5-sonnet
ollama: codellama:13b
agents:
issue:
enabled: true
auto_label: true
pr:
enabled: true
inline_comments: true
security_scan: true
codebase:
enabled: true
chat:
enabled: true
searxng_url: "" # Or set SEARXNG_URL env var
interaction:
respond_to_mentions: true
mention_prefix: "@codebot" # Customize your bot name here!
commands:
- summarize
- explain
- suggest
```
---
## Customizing the Bot Name
The default bot name is `@codebot`. To change it:
**Step 1:** Edit `tools/ai-review/config.yml`:
```yaml
interaction:
mention_prefix: "@yourname" # e.g., "@assistant", "@reviewer", etc.
```
**Step 2:** Update all workflow files in `.gitea/workflows/`:
- `ai-comment-reply.yml`
- `ai-chat.yml`
- `ai-issue-triage.yml`
Look for and update:
```yaml
if: contains(github.event.comment.body, '@codebot')
```
Change `@codebot` to your new bot name.
---
## Security Scanning
17 rules covering OWASP Top 10:
| Category | Examples |
|----------|----------|
| Injection | SQL injection, command injection, XSS |
| Access Control | Hardcoded secrets, private keys |
| Crypto Failures | Weak hashing (MD5/SHA1), insecure random |
| Misconfiguration | Debug mode, CORS wildcard, SSL bypass |
---
## Documentation
| Document | Description |
|----------|-------------|
| [Getting Started](docs/getting-started.md) | Quick setup guide |
| [Configuration](docs/configuration.md) | All options explained |
| [Agents](docs/agents.md) | Agent documentation |
| [Security](docs/security.md) | Security rules reference |
| [Workflows](docs/workflows.md) | GitHub & Gitea workflow examples |
| [API Reference](docs/api-reference.md) | Client and agent APIs |
| [Enterprise](docs/enterprise.md) | Audit logging, metrics |
| [Troubleshooting](docs/troubleshooting.md) | Common issues |
---
## LLM Providers
| Provider | Model | Use Case |
|----------|-------|----------|
| OpenAI | gpt-4.1-mini | Fast, reliable |
| OpenRouter | claude-3.5-sonnet | Multi-provider access |
| Ollama | codellama:13b | Self-hosted, private |
---
## Enterprise Features
- **Audit Logging**: JSONL logs with daily rotation
- **Metrics**: Prometheus-compatible export
- **Rate Limiting**: Configurable request limits
- **Custom Security Rules**: Define your own patterns via YAML
- **Tool Calling**: LLM function calling for interactive chat
---
## License
MIT
Reference in New Issue View Git Blame Copy Permalink