AI-powered code review that remembers your team's mistakes.
Most AI review tools treat every pull request in isolation. ReviewDNA doesn't. It builds a semantic memory of every issue your team has ever introduced — and the next time someone makes the same mistake, it calls it out by name, with a reference to when it happened before and the fix that worked.
Code review is broken in two ways:
- It's slow. Developers spend hours reviewing PRs manually, and critical bugs still slip through.
- It has no memory. The same mistakes — hardcoded secrets, missing null checks, N+1 queries — get introduced again and again across different PRs, by different developers, because nothing connects them.
ReviewDNA solves both.
When a pull request is opened or updated:
- ReviewDNA fetches the diff from GitHub via webhook
- Gemini 2.5 Flash reviews the code — detecting bugs, security issues, performance problems, and code quality issues
- NVIDIA NIM embeds each issue found as a 1024-dimensional semantic vector
- pgvector searches past issues — if your team has seen a semantically similar problem before, it surfaces it
- Inline comments are posted directly on the PR — with context like "Your team introduced this exact pattern in
middleware/auth.js(PR #4) — here's the fix that worked" - The issue is saved to team memory — so future PRs benefit from it
PR Opened
│
▼
Fetch Diff (Octokit)
│
▼
AI Review (Gemini 2.5 Flash)
│
├──► Security Scan (OWASP Top 10) ── if sensitive files touched
│
▼
Embed Each Issue (NVIDIA NIM · nv-embedqa-e5-v5)
│
▼
Search Team Memory (Supabase pgvector)
│
▼
Enrich Comments with Memory Context
│
▼
Post to GitHub PR ◄─────────────── inline comments + summary
│
▼
Save to Memory (for future PRs)
Every issue ReviewDNA finds is stored as a semantic vector. When a new PR arrives, it searches that memory — not by keyword, but by meaning. A comment about "hardcoded JWT fallback secret" will match a past issue about "static API key in source code" because they describe the same class of vulnerability.
General review catches bugs, performance issues, quality problems, and security issues on every PR.
Security mode activates automatically when the PR touches sensitive files (auth, middleware, JWT, session, crypto, API handlers) — running a dedicated OWASP Top 10 audit on top of the general review.
The dashboard aggregates all past reviews to answer the question every engineering lead actually cares about: what mistakes does our team keep making, and are we getting better?
| Layer | Technology |
|---|---|
| Framework | Next.js 14 (App Router) + TypeScript |
| AI Review | Google Gemini 2.5 Flash |
| Embeddings | NVIDIA NIM · nv-embedqa-e5-v5 |
| Vector Memory | Supabase + pgvector |
| GitHub Integration | Octokit (webhooks + PR comments) |
| UI | Tailwind CSS + shadcn/ui |
| Deployment | Vercel |
Two AI models, each doing what it does best — Gemini handles reasoning and code understanding, NVIDIA NIM handles semantic similarity at scale.
- Instant AI review on every PR open or update
- Inline comments posted directly on the diff, at the exact line
- Severity classification — 🔴 Critical / 🟡 Warning / 🔵 Info
- Team memory — recurring patterns flagged with past PR references
- Security mode — automatic OWASP Top 10 scan on sensitive files
- PR summary comment — issue count table + overall assessment
- Team dashboard — review history, stats, top patterns, expandable issue list
- Pattern badges — see how many times an issue type has recurred
git clone https://github.com/Krithika1627/ReviewDNA
cd ReviewDNA
npm installCreate .env.local:
GEMINI_API_KEY= # Google AI Studio
NVIDIA_NIM_API_KEY= # build.nvidia.com
SUPABASE_URL= # Supabase project settings → API
SUPABASE_ANON_KEY= # Supabase project settings → API
GITHUB_TOKEN= # Personal access token (repo + pull_requests scope)
GITHUB_WEBHOOK_SECRET= # Any random string — set same value in GitHub webhook
NEXT_PUBLIC_BASE_URL= # http://localhost:3000 (or your Vercel URL)Run schema.sql in your Supabase SQL editor. This creates the reviews and issues tables and enables the pgvector similarity search function.
npm run seedInserts 6 realistic past issues so the memory feature is active from the first review.
npm run devUse ngrok to expose your local server for GitHub webhooks:
ngrok http 3000In your repo → Settings → Webhooks → Add webhook:
Payload URL: https://your-ngrok-url/api/webhook
Content type: application/json
Secret: <same as GITHUB_WEBHOOK_SECRET>
Events: Pull requests only
# Manual trigger (no webhook needed)
curl -X POST http://localhost:3000/api/review \
-H "Content-Type: application/json" \
-d '{"owner": "your-username", "repo": "your-repo", "pullNumber": 1}'Open /dashboard to see the review history.
reviewdna/
app/
api/
webhook/route.ts ← GitHub webhook receiver
review/route.ts ← manual trigger
reviews/route.ts ← dashboard data
stats/route.ts ← aggregate metrics
issues/route.ts ← issues per review
similar/route.ts ← pattern badge lookup
dashboard/page.tsx ← team dashboard
page.tsx ← landing page
lib/
github.ts ← Octokit helpers
gemini.ts ← AI review logic
security.ts ← OWASP security scan
embeddings.ts ← NVIDIA NIM vectors
supabase.ts ← DB client + queries
verify.ts ← webhook signature
types.ts ← shared TypeScript types
components/
Header.tsx
StatsBar.tsx
ReviewCard.tsx
PatternsList.tsx
PatternBadge.tsx
scripts/
seed.ts ← seed team memory
schema.sql ← Supabase setup