Rodin
69e0a459c3
CI / test (pull_request) Successful in 14s
CI / review (gpt-4.1, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 23s
CI / review (gpt-5, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 58s
CI / review (gpt-5, security, SECURITY_REVIEW.md, SONNET_REVIEW_TOKEN) (pull_request) Successful in 1m35s
Sentinel-based cleanup: - Reviews embed <!-- review-bot:NAME --> in body (hidden HTML comment) - Cleanup matches by sentinel, not token identity - Each reviewer-name is a logical identity (sonnet, gpt, security) - Same token can run multiple review types without conflict - No extra API scopes needed System prompt file (--system-prompt-file / SYSTEM_PROMPT_FILE): - Loads a local file with additional review instructions - Appended to system base as "Additional Review Instructions" - Enables specialized reviews (security, performance, etc.) - Partially addresses #5 Security review: - SECURITY_REVIEW.md prompt focused on vulnerabilities - 3rd CI matrix entry using same token, different prompt - Focus: injection, auth, secrets, input validation, crypto, races CI changes: - REVIEWER_NAME passed from matrix.name - SYSTEM_PROMPT_FILE passed from matrix (empty for standard reviews) - 3 reviewers: sonnet (general), gpt (general), security (focused)
review-bot
Automated code review bot for Gitea. Fetches a pull request diff, sends it to an LLM for analysis, and posts a structured review back to the PR.
Features
- Fetches PR metadata, diff, and CI status from Gitea API
- Sends context-rich prompts to any OpenAI-compatible LLM
- Parses structured JSON review responses
- Posts formatted reviews (APPROVE / REQUEST_CHANGES) back to Gitea
- Supports custom coding conventions via repo files
- Zero external dependencies — Go stdlib only
Usage
review-bot \
--gitea-url https://gitea.example.com \
--repo owner/name \
--pr 42 \
--reviewer-token "$GITEA_TOKEN" \
--llm-base-url https://api.openai.com/v1 \
--llm-api-key "$OPENAI_API_KEY" \
--llm-model gpt-4 \
--reviewer-name "Sonnet" \
--conventions-file CONVENTIONS.md \
--dry-run
Environment Variables
All flags can be set via environment variables:
| Flag | Env Var | Required | Description |
|---|---|---|---|
--gitea-url |
GITEA_URL |
Yes | Gitea instance base URL |
--repo |
GITEA_REPO |
Yes | Repository in owner/name format |
--pr |
PR_NUMBER |
Yes | Pull request number |
--reviewer-token |
REVIEWER_TOKEN |
Yes | Gitea API token for posting reviews |
--llm-base-url |
LLM_BASE_URL |
Yes | OpenAI-compatible API base URL |
--llm-api-key |
LLM_API_KEY |
Yes | LLM API key |
--llm-model |
LLM_MODEL |
Yes | Model identifier |
--reviewer-name |
REVIEWER_NAME |
No | Display name in review footer |
--conventions-file |
CONVENTIONS_FILE |
No | Path to conventions file in repo |
--dry-run |
— | No | Print review to stdout instead of posting |
Adding to a Gitea Repository
-
Build the binary or use the CI workflow approach (build in CI).
-
Add secrets to your Gitea repo (Settings → Actions → Secrets):
SONNET_REVIEW_TOKEN— Gitea token for the Sonnet reviewer accountGPT_REVIEW_TOKEN— Gitea token for the GPT reviewer accountLLM_BASE_URL— Your LLM API endpointLLM_API_KEY— Your LLM API key
-
Copy
.gitea/workflows/ci.ymlto your repo (or adapt it). -
On every PR, the bot will:
- Run tests and vet
- Build review-bot
- Post reviews from each configured LLM reviewer
Development
# Run tests
go test ./...
# Run vet
go vet ./...
# Build
go build -o review-bot ./cmd/review-bot
# Integration tests (requires env vars)
go test -tags=integration ./...
Architecture
cmd/review-bot/ CLI entrypoint
gitea/ Gitea API client
llm/ OpenAI-compatible LLM client
review/ Prompt building, response parsing, formatting
License
MIT