AI Code Review Assistant

Level up your code quality with AI-powered reviews that catch bugs before they ship.

What You'll Build

An AI reviewer that:

• Analyzes every pull request for bugs and security issues
• Suggests style improvements and refactoring opportunities
• Recommends unit tests for new functions
• Posts comments directly on GitHub PRs

Requirements

• Plugins: Web Search (for GitHub API)
• Time: 20 minutes
• GitHub Webhook: To trigger reviews on PR open/update

Setup

1. Configure GitHub Webhook

Set up webhook: URL: https://[your-pinchkit-url]/webhook/github Events: pull_request (opened, synchronized) Secret: [generate secure token]

2. Define Review Criteria

For every PR, check: 1. Security: SQL injection, XSS, hardcoded secrets 2. Performance: N+1 queries, inefficient loops 3. Style: naming conventions, code duplication 4. Tests: coverage for new functions 5. Edge cases: null checks, error handling

3. Set Review Tone

Comment style: - Friendly and constructive - Explain WHY something is a problem - Suggest fixes with code examples - Flag critical issues with 🚨 - Praise good patterns with 🎉

4. Integration with CI/CD

After review: - Block merge if critical issues found - Request changes on GitHub - Auto-approve if all checks pass (optional)

Sample Review

PR: "Add user authentication endpoint"

Agent Comments:

📝 File: auth.ts, Line 42 🚨 Security Issue: Password stored in plain text Current code: ```typescript const user = { email, password };

Suggestion:

const hashedPassword = await bcrypt.hash(password, 10); const user = { email, password: hashedPassword };

Why: Storing plain text passwords is a critical security vulnerability. Use bcrypt or argon2 for hashing.

📝 File: auth.ts, Line 58

⚡ Performance: Unnecessary database query in loop

Consider moving the query outside the loop:

const users = await db.users.findMany(); for (const user of users) { ... }

📝 File: auth.ts

✅ Tests Missing

Recommended tests:

1. Should hash password before saving
2. Should reject weak passwords
3. Should handle duplicate email gracefully
4. Should return 401 for invalid credentials

📝 File: auth.ts, Line 12

🎉 Great pattern! Proper error handling with custom error class.

## Summary Report **Agent posts final comment:**

🤖 AI Code Review Summary

✅ Good:

• Proper TypeScript types
• Good error handling patterns
• Clean function structure

⚠️ Issues Found:

• 1 critical security issue (password hashing)
• 2 performance improvements
• 4 unit tests recommended

🚨 Action Required: Fix the password hashing before merging.

Overall: Changes requested — please address critical issues.

## Pro Tips 1. **Custom Rules:** Add project-specific linting rules 2. **Learn from Past:** Train on past PR feedback to match team style 3. **Skip Files:** Ignore auto-generated files (migrations, compiled code) 4. **Diff Analysis:** Only review changed lines, not entire files --- **Ship better code →** [Launch Claws](/get-started?plan=pro)