OpenRabbit

Enterprise-grade AI code review system for Gitea with automated PR review, issue triage, interactive chat, and codebase analysis.

---

Features

Feature	Description
PR Review	Inline comments, security scanning, severity-based CI failure
Issue Triage	On-demand classification, labeling, priority assignment via @codebot triage
Chat	Interactive AI chat with codebase search and web search tools
@codebot Commands	@codebot summarize, explain, suggest, triage in issue comments
Codebase Analysis	Health scores, tech debt tracking, weekly reports
Security Scanner	17 OWASP-aligned rules for vulnerability detection
Enterprise Ready	Audit logging, metrics, Prometheus export
Gitea Native	Built for Gitea workflows and API

---

Quick Start

1. Set Repository/Organization Secrets

OPENAI_API_KEY      - OpenAI API key (or use OpenRouter/Ollama)
SEARXNG_URL         - (Optional) SearXNG instance URL for web search

For Gitea:

AI_REVIEW_TOKEN     - Bot token with repo + issue permissions

For GitHub: The built-in GITHUB_TOKEN is used automatically.

2. Add Workflows to Repository

Workflows are located in .gitea/workflows/.

Gitea Example

Gitea PR Review Workflow

# .gitea/workflows/enterprise-ai-review.yml
name: AI PR Review
on: [pull_request]

jobs:
  ai-review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - uses: actions/checkout@v4
        with:
          repository: YourOrg/OpenRabbit
          path: .ai-review
          token: ${{ secrets.AI_REVIEW_TOKEN }}

      - uses: actions/setup-python@v5
        with:
          python-version: "3.11"

      - run: pip install requests pyyaml

      - name: Run AI Review
        env:
          AI_REVIEW_TOKEN: ${{ secrets.AI_REVIEW_TOKEN }}
          AI_REVIEW_REPO: ${{ gitea.repository }}
          AI_REVIEW_API_URL: https://your-gitea.example.com/api/v1
          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
        run: |
          cd .ai-review/tools/ai-review
          python main.py pr ${{ gitea.repository }} ${{ gitea.event.pull_request.number }}

See .gitea/workflows/ for all workflow examples.

3. Create Labels

Create these labels in your repository for auto-labeling:

• priority: high, priority: medium, priority: low
• type: bug, type: feature, type: question
• ai-approved, ai-changes-required

---

Project Structure

tools/ai-review/
├── agents/                 # Agent implementations
│   ├── base_agent.py       # Abstract base agent
│   ├── issue_agent.py      # Issue triage & @codebot commands
│   ├── pr_agent.py         # PR review with security scan
│   ├── codebase_agent.py   # Codebase health analysis
│   └── chat_agent.py       # Interactive chat with tool calling
├── clients/                # API clients
│   ├── gitea_client.py     # Gitea REST API wrapper
│   └── llm_client.py       # Multi-provider LLM client with tool support
├── security/               # Security scanning
│   └── security_scanner.py # 17 OWASP-aligned rules
├── enterprise/             # Enterprise features
│   ├── audit_logger.py     # JSONL audit logging
│   └── metrics.py          # Prometheus-compatible metrics
├── prompts/                # AI prompt templates
├── main.py                 # CLI entry point
└── config.yml              # Configuration

.github/workflows/          # GitHub Actions workflows
├── ai-review.yml           # PR review workflow
├── ai-issue-triage.yml     # Issue triage workflow
├── ai-codebase-review.yml  # Codebase analysis
├── ai-comment-reply.yml    # @codebot command responses
└── ai-chat.yml             # Interactive AI chat

.gitea/workflows/           # Gitea Actions workflows
├── enterprise-ai-review.yml
├── ai-issue-triage.yml
├── ai-codebase-review.yml
├── ai-comment-reply.yml
└── ai-chat.yml

---

CLI Commands

# Review a pull request
python main.py pr owner/repo 123

# Triage an issue
python main.py issue owner/repo 456

# Respond to @codebot command
python main.py comment owner/repo 456 "@codebot explain"

# Analyze codebase
python main.py codebase owner/repo

# Chat with the AI bot
python main.py chat owner/repo "How does authentication work?"
python main.py chat owner/repo "Find all API endpoints" --issue 789

---

@codebot Commands

In any issue comment:

Command	Description
@codebot triage	Full issue triage with auto-labeling and analysis
@codebot summarize	Summarize the issue in 2-3 sentences
@codebot explain	Explain what the issue is about
@codebot suggest	Suggest solutions or next steps
@codebot (any question)	Chat with AI using codebase/web search tools

---

Interactive Chat

The chat agent is an interactive AI assistant with tool-calling capabilities:

Tools Available:

• search_codebase - Search repository files and code
• read_file - Read specific files
• search_web - Search the web via SearXNG

Example:

@codebot How do I configure rate limiting in this project?

The bot will search the codebase, read relevant files, and provide a comprehensive answer.

---

Configuration

Edit tools/ai-review/config.yml:

provider: openai   # openai | openrouter | ollama

model:
  openai: gpt-4.1-mini
  openrouter: anthropic/claude-3.5-sonnet
  ollama: codellama:13b

agents:
  issue:
    enabled: true
    auto_label: true
  pr:
    enabled: true
    inline_comments: true
    security_scan: true
  codebase:
    enabled: true
  chat:
    enabled: true
    searxng_url: ""  # Or set SEARXNG_URL env var

interaction:
  respond_to_mentions: true
  mention_prefix: "@codebot"  # Customize your bot name here!
  commands:
    - summarize
    - explain
    - suggest

---

Customizing the Bot Name

The default bot name is @codebot. To change it:

Step 1: Edit tools/ai-review/config.yml:

interaction:
  mention_prefix: "@yourname"  # e.g., "@assistant", "@reviewer", etc.

Step 2: Update all workflow files in .gitea/workflows/:

• ai-comment-reply.yml
• ai-chat.yml
• ai-issue-triage.yml

Look for and update:

if: contains(github.event.comment.body, '@codebot')

Change @codebot to your new bot name.

---

Security Scanning

17 rules covering OWASP Top 10:

Category	Examples
Injection	SQL injection, command injection, XSS
Access Control	Hardcoded secrets, private keys
Crypto Failures	Weak hashing (MD5/SHA1), insecure random
Misconfiguration	Debug mode, CORS wildcard, SSL bypass

---

Documentation

Document	Description
Getting Started	Quick setup guide
Configuration	All options explained
Agents	Agent documentation
Security	Security rules reference
Workflows	GitHub & Gitea workflow examples
API Reference	Client and agent APIs
Enterprise	Audit logging, metrics
Troubleshooting	Common issues

---

LLM Providers

Provider	Model	Use Case
OpenAI	gpt-4.1-mini	Fast, reliable
OpenRouter	claude-3.5-sonnet	Multi-provider access
Ollama	codellama:13b	Self-hosted, private

---

Enterprise Features

• Audit Logging: JSONL logs with daily rotation
• Metrics: Prometheus-compatible export
• Rate Limiting: Configurable request limits
• Custom Security Rules: Define your own patterns via YAML
• Tool Calling: LLM function calling for interactive chat

---

License

MIT