An enterprise-grade, asynchronous AI-powered Code Review system. This project merges a beautiful terminal UI with a high-performance distributed backend (FastAPI, Redis, PostgreSQL, Celery, and LangGraph) to analyze Git diffs for security vulnerabilities, architectural flaws, and performance bottlenecks, offering immediate automated codebase patches.
The system is rigorously isolated into a lightweight edge client and a heavy, containerized backend processing matrix.
- API Entrypoint: A FastAPI server mapping REST endpoints (
/reviews). - Asynchronous Message Queue:
Redisacts as a highly-available message broker. - Background Workers: Python
Celeryprocesses dequeue reviews, drastically freeing up the REST API. - Database:
PostgreSQLstores historical code-reviews, issue aggregation results, and metric telemetry.
- Parallel Sub-Agents: When a diff is chunked into syntax trees, the workflow executes Security, Quality, and Performance agents in strictly isolated, simultaneous parallel streams to drastically reduce LLM I/O wait times.
- Fix Generation: The aggregated output is fed into a synthesizer which produces actual, drop-in Python/JS syntax patches.
- Smart Context: Automatically parses piped inputs, GitHub PR endpoints, or extracts native local
git diffs. - Live Streaming: Polls the backend Redis worker queue every
500msfor dynamic live-text string updates to mimic smooth, continuous terminal feedback ("Claude Code UX"). - Rich Terminal UI: Renders the aggregated vulnerability strings into responsive Markdown tables.
- Docker & Docker Compose
- Windows Subsystem for Linux (WSL2), or native Linux/macOS
- PowerShell 7.0+ (Optional, highly recommended)
Create a .env file in the repository root and configure the crucial tokens:
# AI Networking
NEBIUS_API_KEY=your_openai_or_nebius_api_key_here
NEBIUS_MODEL=meta-llama/Meta-Llama-3.1-70B-Instruct-fast
# Security Contexts
JWT_SECRET=super_secret_string_do_not_share
# Networking (Default docker IPs)
DATABASE_URL=postgresql+asyncpg://postgres:postgres@postgres:5432/codereview
REDIS_URL=redis://redis:6379/1If on Windows, simply run the automated installation script. It will boot the Docker infrastructure, compile the binaries, verify health checks, auto-generate a secure authentication JWT, and configure your terminal globals.
.\cr-setup.ps1If developing on Linux/macOS:
docker compose up -d
python cli/cr.py token --raw # Copy this manually into your bashrc
export CR_API_TOKEN=<output>The CLI wrapper seamlessly maps commands into the containerized Python environment.
# Review uncommitted changes or your very last commit (most common)
.\cr.bat review
# Review all local changes explicitly diverging from the `main` branch
.\cr.bat review --branch main
# Intercept and fail a CI/CD pipeline if any HIGH vulnerabilities exist
.\cr.bat review --branch main --fail-on high
# Manually check the final status and issue table for a disconnected background review
.\cr.bat status <review_id>While the core functionality and structural boundaries are fully resolved, several extensions are pending implementation:
- LangGraph Status Wiring: While the Redis event tunnel (
set_progress/get_progress) is established, the internal Pythongraph.pymust actually emit strings tracking individual chunk cycles (e.g., "Evaluating abstract syntax trees 3/5..."). - Multi-Repo Auto Support: Add automatic diff traversal and GitHub API endpoints for BitBucket and GitLab integrations.
- LLM Protocol Upgrade: Transition from simple Server-Sent progress polling (
500ms) into true unified WebSockets for actual token-by-token character streaming inside the terminal. - Intelligent AST Chunking: Improve the Python Abstract Syntax tree algorithm to handle incredibly vast, monolithic PRs without exhausting maximum token context limits.