A production-grade GitHub Action that integrates an AI agent to perform automated, pre-human code reviews on Pull Requests. The system analyzes code diffs using a configured LLM to catch bugs, security issues, and style violations before they block deployment pipelines.
The core of the system is a Node.js-based GitHub Action. It uses the @actions/github toolkit to interact with the GitHub API, fetching the PR diff, posting comments, and setting status checks. The action is packaged as a Docker container for consistent execution across GitHub's runner environments.
Context management was a critical design challenge. A simple diff is insufficient for high-quality review. The system constructs a prompt that includes: the repository's primary language and framework, a condensed version of the team's style guide, a list of critical file paths (e.g., src/auth/, lib/database/), and a summary of recent changes to related modules to provide temporal context.
We implemented a multi-stage review process. First, a lightweight linter (like ESLint or RuboCop) runs for trivial style fixes. The AI agent then analyzes the diff, focusing on semantic understanding. Its output is parsed into a structured JSON format before being formatted into GitHub comment markdown, with clear severity labels and code block suggestions.
To manage cost and latency, we implemented diff chunking for large PRs. Diffs exceeding a token threshold are split into logical chunks (by file) and reviewed separately, with a final summary comment aggregating findings. We also added caching for identical diffs across synchronize events.
The system is configured via a .github/ai-reviewer.yml file in the repository. Teams can define custom rules, adjust risk thresholds for auto-approval, specify which branches or paths to ignore, and choose the LLM provider (OpenAI, Anthropic, or a local model via proxy). This makes the agent adaptable across different projects within the organization.
Integration with existing CI/CD was seamless. The action adds a required status check to the PR. A 'pass' from the AI reviewer (meaning no high-severity issues or only auto-approved changes) becomes a gate for merging, fitting directly into the team's existing deployment pipeline.

Loading comments...