AI Code Review Bot β Multi-perspective review + Voting + Cross-review debate
π νκ΅μ΄ λ¬Έμ (Korean)
Four expert agents review your PR in parallel, cross-validate each other's findings, and deliver high-confidence code reviews with inline comments.
- π Security β Hardcoded secrets, injection, XSS, auth gaps
- β‘ Performance β O(nΒ²), N+1, memory leaks, caching
- π§Ή Quality β Naming, DRY, error handling, SOLID principles
- π¨ UX β Loading states, a11y, empty states, responsive design
Agents automatically vote based on issue severity:
- β approve β No critical issues
β οΈ conditional (0.5 vote) β Warnings present- β reject β Critical issue(s) found
Automatically adjusts agent weights based on PR file types:
| PR Type | Security | Performance | Quality | UX |
|---|---|---|---|---|
Frontend (.tsx, .css) | Γ1.0 | Γ0.8 | Γ1.0 | Γ1.5 |
Backend (.ts, .sql) | Γ1.5 | Γ1.2 | Γ1.0 | Γ0.5 |
Infra (.yml, .tf) | Γ2.0 | Γ0.5 | Γ1.0 | Γ0.3 |
Agents cross-validate each other's findings:
- Round 1 β Independent review (4 agents in parallel, max 3 issues per agent)
- Round 2 β Cross-review (each agent evaluates others' issues with agree/disagree/abstain)
β Per-issue confidence score β issues below 50% confidence are filtered out automatically
Automatically generates a concise summary of PR changes using LLM. Respects the output.language setting. Also generated for deletion-only PRs.
High-confidence issues are posted as inline comments directly on the code (not just a single big comment). The bot always uses COMMENT review event (never REQUEST_CHANGES), so it won't block your PR β human reviewers decide to approve or reject.
Agents follow strict severity guidelines:
- π΄ critical β Immediately exploitable (injection, auth bypass) or will cause bugs/crashes
- π‘ warning β Needs attention but not immediately dangerous (missing validation, memory leak potential)
- π‘ info β Minor suggestion or best practice
Agents do NOT suggest architecture changes (e.g., "use Redis") β they only review the code as written.
Automatically applies PR labels based on vote results:
review:approvedπ’review:changes-requestedπ΄review:needs-discussionπ‘
Type /review in a PR comment to re-trigger the review.
Automatically skips review for oversized PRs (default: 300 files or 10,000 lines). Deletion-only files are also skipped (no point reviewing removed code).
# .github/workflows/review.yml
name: AI Code Review
on:
pull_request:
types: [opened, synchronize]
issue_comment:
types: [created] # For /review re-trigger
permissions:
contents: read
pull-requests: write
jobs:
review:
runs-on: ubuntu-latest
if: |
github.event_name == 'pull_request' ||
(github.event_name == 'issue_comment' &&
github.event.issue.pull_request &&
contains(github.event.comment.body, '/review'))
steps:
- uses: actions/checkout@v4
- uses: minjihan/simple-review-bot@v1
with:
openai_api_key: ${{ secrets.OPENAI_API_KEY }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}# OpenAI (default)
- uses: minjihan/simple-review-bot@v1
with:
openai_api_key: ${{ secrets.OPENAI_API_KEY }}
# Claude
- uses: minjihan/simple-review-bot@v1
with:
provider: claude
claude_api_key: ${{ secrets.CLAUDE_API_KEY }}
# Gemini
- uses: minjihan/simple-review-bot@v1
with:
provider: gemini
gemini_api_key: ${{ secrets.GEMINI_API_KEY }}
# Gemini via GCP Vertex AI (no API key needed)
- uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.GCP_SA_KEY }}
- uses: minjihan/simple-review-bot@v1
with:
provider: gemini
gcp_project: ${{ secrets.GCP_PROJECT_ID }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}Create .github/pr-lens.yml for advanced settings:
# LLM Provider
provider:
type: openai
model: gpt-4o
# Agent configuration (boolean or object)
agents:
security: true
performance: true
quality:
enabled: true
model: gpt-4o-mini # Per-agent model override
ux:
enabled: true
provider: gemini # Per-agent provider
model: gemini-2.5-flash
# Tiered model selection (auto-select model by diff size)
tiered_model:
enabled: true
# Hard cut β skip oversized PRs
hard_cut:
enabled: true
max_changed_files: 300
max_changed_lines: 10000
# PR summary generation
summary:
enabled: true
# Voting
voting:
required_approvals: 2
conditional_weight: 0.5
# Cross-review debate (enabled by default)
debate:
enabled: true # default: true
trigger: always # always | on-critical | on-disagreement (default: always)
# Auto weight detection
weights:
auto_detect: true
# Auto labels
labels:
enabled: true
approved: "review:approved"
rejected: "review:changes-requested"
discussion: "review:needs-discussion"
# Output style
output:
style: detailed # detailed | summary
language: ko # en, ko, ja, zh, es, fr, de, pt
# Ignore patterns
ignore:
files:
- "*.lock"
- "*.generated.*"
paths:
- "node_modules/"
- "dist/"Create .github/review-bot/ to customize agent prompts:
.github/review-bot/
βββ common.md # Appended to ALL agents
βββ security.md # Replaces Security agent prompt
βββ performance.md # Replaces Performance agent prompt
βββ quality.md # Replaces Quality agent prompt
βββ ux.md # Replaces UX agent prompt
Priority:
- Agent-specific
.md(if exists) β replaces built-in prompt - Built-in prompt (fallback)
common.mdβ always appended to all agents
Example common.md:
# Team Guidelines
- This is an e-commerce platform
- All APIs follow REST conventions
- Error codes use ERR_ prefix
- Korean comments are acceptableBelow is an example of the review comment posted on your PR:
| π PR Summary: Added user authentication with JWT tokens and rate limiting | ||||
| β APPROVED (3.2 / 4.0 weighted votes) | ||||
| Agent | Vote | Weight | Issues | Score |
|---|---|---|---|---|
| π Security | β approve | Γ1.5 | None | 1.5 |
| β‘ Performance | Γ1.2 | 1 warning | 0.6 | |
| π§Ή Quality | β approve | Γ1.0 | 1 info | 1.0 |
| π¨ UX | β reject | Γ0.5 | 1 critical | 0.0 |
ββββββββββββββββββββ 80% approval score | ||||
π Action Items
- Refactor nested loop in
src/utils.ts:15(β‘ Performance)
flowchart TB
A[PR Diff] --> B[Round 1: Parallel Review]
subgraph B[Round 1: Parallel Review]
B1[π Security]
B2[β‘ Performance]
B3[π§Ή Quality]
B4[π¨ UX]
end
B --> C[Auto Vote]
C --> D[Round 2: Cross-Review]
D --> E[Weighted Vote Counting]
E --> F[PR Comment + Inline Comments + Label]
pnpm install # Install dependencies
pnpm dev # Watch mode
pnpm typecheck # Type check
pnpm build # Build with nccsimple-review-bot/
βββ action.yml # GitHub Action definition
βββ src/
β βββ index.ts # Main entry point
β βββ agents/ # 4 review agents + BaseAgent
β βββ providers/ # LLM providers (OpenAI / Claude / Gemini)
β β βββ tiered-model.ts # Auto model selection by diff size
β βββ review/ # Voting + debate + summary
β βββ github/ # GitHub API (comments, inline reviews, labels)
β βββ utils/ # Config, guidelines, errors, retry, logger
βββ dist/ # Bundled output
MIT