refactorlab / ai-code-reviewer
AI-powered code review tool for Laravel, integrated with GitHub and OpenAI.
Fund package maintenance!
refactorlab
refactorlab.dev/sponsor
Requires
- php: ^8.2
- guzzlehttp/guzzle: ^7.8
- illuminate/http: ^11.0
- illuminate/routing: ^11.0
- illuminate/support: ^11.0
- openai-php/client: ^0.8.0
Requires (Dev)
- orchestra/testbench: ^9.0
- phpunit/phpunit: ^10.0
This package is auto-updated.
Last update: 2025-06-06 20:50:25 UTC
README
Introduction
AI Code Reviewer is a powerful Laravel package that automatically analyzes GitHub pull requests using OpenAI's GPT-4. It helps improve code quality by identifying potential issues, bugs, and suggesting improvements - all without manual intervention.
The package listens for GitHub webhook events when pull requests are opened or updated, extracts the code changes, sends them to OpenAI for analysis, and then posts the AI-generated review comments directly back to the pull request on GitHub.
This intelligent code review assistant saves developer time, helps maintain coding standards, and can catch issues that might be missed during human review.
Features
- 🤖 Listens to GitHub pull request webhooks
- 🔍 Sends code diffs to OpenAI for analysis
- 💬 Posts AI-generated review comments back to the pull request
- ⚙️ Configurable file filters and settings
- 🔒 Secure webhook handling with signature verification
- 🔄 Batch processing for large pull requests
- 🧠 Customizable AI prompts and response handling
- 🛠️ Extensive configuration options
Installation
You can install the package via composer:
composer require refactorlab/ai-code-reviewer:^1.0
The package will automatically register its service provider with Laravel's auto-discovery.
Configuration
Publish the configuration file:
php artisan vendor:publish --tag=aicode-config
This will create a config/aicode.php
file where you can configure the package.
Required Environment Variables
Add the following to your .env
file:
OPENAI_API_KEY=your-openai-api-key
GITHUB_API_TOKEN=your-github-token-with-repo-access
GITHUB_WEBHOOK_SECRET=your-webhook-secret
OPENAI_API_KEY
: Your OpenAI API key (requires access to GPT-4)GITHUB_API_TOKEN
: A GitHub personal access token withrepo
scopeGITHUB_WEBHOOK_SECRET
: A secret string to verify webhook requests
Detailed Configuration
The config/aicode.php
file contains the following sections:
OpenAI Configuration
'openai' => [ 'api_key' => env('OPENAI_API_KEY'), 'model' => env('OPENAI_MODEL', 'gpt-4-turbo'), 'temperature' => env('OPENAI_TEMPERATURE', 0.1), 'max_tokens' => env('OPENAI_MAX_TOKENS', 4000), ],
model
: The OpenAI model to use (default: gpt-4-turbo)temperature
: Controls randomness (0-1, lower = more deterministic)max_tokens
: Maximum token limit for responses
GitHub Configuration
'github' => [ 'token' => env('GITHUB_API_TOKEN'), 'webhook_secret' => env('GITHUB_WEBHOOK_SECRET'), ],
File Filters
'file_filters' => [ 'include' => [ '*.php', '*.js', // etc. ], 'exclude' => [ 'vendor/*', 'node_modules/*', // etc. ], ],
Review Settings
'settings' => [ 'max_files_per_review' => env('MAX_FILES_PER_REVIEW', 10), 'max_diff_size' => env('MAX_DIFF_SIZE', 5000), 'comment_threshold' => env('COMMENT_THRESHOLD', 0.7), 'batch_processing' => env('BATCH_PROCESSING', true), ],
Usage
Setting up the GitHub Webhook
- Go to your GitHub repository's settings
- Click on "Webhooks" → "Add webhook"
- Set the Payload URL to:
https://your-app.com/github/webhook
- Select content type:
application/json
- Enter your webhook secret (same as
GITHUB_WEBHOOK_SECRET
) - Under "Which events would you like to trigger this webhook?", select "Pull requests"
- Ensure "Active" is checked and click "Add webhook"
Once set up, the AI Code Reviewer will automatically analyze new pull requests and post its review as comments.
Example GitHub PR Comments
When the AI Code Reviewer analyzes a pull request, it will post comments like these:
Example 1: Bug Detection
**High**: Potential null reference exception in UserController.php on line 42.
The `$user` variable might be null if the user is not found, but it's being accessed without a null check.
**Suggestion**: Add a null check before accessing properties:
```php
if ($user !== null) {
$user->update($request->validated());
}
#### Example 2: Code Improvement
Medium: Inefficient database query in ProductService.php on line 78.
The current implementation runs a separate query for each product, which could lead to N+1 query issues.
Suggestion: Use eager loading with the with()
method:
return Product::with('category', 'tags')->get();
#### Example 3: Security Issue
High: SQL Injection vulnerability in ReportController.php on line 126.
Raw user input is being directly used in a database query.
Suggestion: Use query bindings instead:
DB::select("SELECT * FROM reports WHERE status = ?", [$request->status]);
## Testing
```bash
composer test
Security
If you discover any security issues, please contact the author directly instead of using the issue tracker.
License
The MIT License (MIT). Please see License File for more information.
Changelog
Please see CHANGELOG for more information on what has changed recently.