PULL_REQUEST AI Code Review

A Pull Request code review tool based on CodeBuddy CLI that automatically performs AI-powered code reviews on PR changes and posts comments.

Note: Only supports the following pipeline events:

• pull_request
• pull_request.update
• pull_request.approved
• pull_request.changes_requested
• pull_request.comment
• pull_request.comment@npc

• Automatically fetches PR code changes (diff)
• Uses CodeBuddy CLI for code review
• Supports multiple programming languages
• Automatically filters non-code files (lock files, images, build artifacts, etc.)
• Supports posting review results as PR comments
• Outputs structured JSON format review results

• output: Output file path for review results. When specified, results are saved as a JSON file; otherwise, they are printed to the terminal.
• context: Number of context lines to include when generating diff, i.e., how many lines to show before and after the changed code. Higher values provide more context for AI, resulting in more accurate reviews, but also increase token consumption. Default: 5
• verbose: Whether to show detailed logs. When enabled, outputs more debugging information including Git command execution and file filtering details. Default: false
• comment: Whether to post review results as PR comments. When enabled, adds a review summary comment and specific line-level issue comments to the PR page. Default: true
• max_comments: Maximum number of comments when posting to PR. To avoid excessive comments affecting readability, comments are sorted by issue severity and truncated. Default: 10
• max_diff_size: Maximum allowed diff size (in characters). Diffs exceeding this size will be truncated, and some files may not be reviewed. Default: 100000 (approximately 100K characters)
• max_files: Maximum number of files to review. When exceeded, only the first N files are reviewed to prevent review timeout or excessive token consumption. Default: 30
• fail_on_critical: Whether to return a non-zero exit code when critical issues are found. When enabled, can be used as a pipeline gate to block merging code with critical issues. Default: false
• prompt_output: Output the complete prompt sent to AI to the specified file path. Used for debugging and viewing the actual review content, including system prompts and code diff. Not output if not specified.

Configure in .cnb.yml:

main:
  pull_request:
    - stages:
        - name: code-review
          image: cnbcool/code-review:latest
          settings:
            # Output file path
            output: ./code_review.json
            context: 10
            comment: true
            max_comments: 10
            max_diff_size: 100000
            # Whether to return non-zero exit code when critical issues are found (pipeline will fail)
            fail_on_critical: false
            # Output prompt to file (for debugging)
            # prompt_output: ./prompt.txt

The code_review.json review results are in JSON format:

{
  "status": "passed | needs_modification | critical",
  "issues": [
    {
      "severity": "critical | warning | info",
      "file": "file path",
      "start_line": 42,
      "end_line": 45,
      "problem": "Problem description",
      "suggestion": "Fix suggestion"
    }
  ]
}

1. Status Description

• passed: Code quality is good, can be merged
• needs_modification: There are issues that need to be fixed
• critical: There are critical issues that must be fixed

1. Issue Severity Levels

• critical: Critical issues (security vulnerabilities, severe bugs), must be fixed
• warning: Medium issues (potential risks, code quality), recommended to fix
• info: Minor issues/suggestions (code style, best practices), optional to fix

• 0: Review completed, no critical issues
• 1: Review failed or runtime error
• 2: Critical issues found (requires fail_on_critical to be enabled)