CODEREV — Code Review Intelligence

Total Agents

6

3 extraction · 3 decision

Tests Passing

12 / 12

100% pass rate

PRs Analyzed

14

Last 7 days

Security Flags

3

Across all PRs

Agent Confidence Scores

PRAnalyzer

—

CommentExtractor

—

ActionExtractor

—

TaskPrioritizer

—

OwnerAssigner

—

EscalationDecider

—

Recent PR Reviews

PR	Title	Flags	Status
#847	Auth middleware refactor	SECURITY	Changes Requested
#843	Add rate limiting to API	Clean	Approved
#839	Database migration v3	BREAKING	In Review
#835	Fix CSS layout issues	STYLE	Merged

Review Action Items

PR	Comment	Type	Reviewer	Status
#847	Validate JWT secret rotation in middleware	SECURITY	@security-team	Must Fix
#847	Add rate limiting to public endpoints	SECURITY	@alice	Pending
#839	Add migration rollback script	BREAKING	@bob	In Progress
#843	Consider using sliding window algorithm	SUGGESTION	@charlie	Resolved

🔍 What is CODEREV?

CODEREV (Code Review Intelligence) is a multi-agent system that analyzes pull requests and code review discussions. It automatically identifies security vulnerabilities, detects breaking changes, parses reviewer feedback, prioritizes code review actions, and escalates critical security issues — making code reviews faster, safer, and more consistent.

⚡ How It Works

Paste a PR diff or review comments. CODEREV processes it through 6 specialized agents:

Step 1 — Extraction

📄 PRAnalyzer

Analyzes the PR diff to understand code changes — identifies modified files, functions, APIs, dependencies, and classifies the type of change (feature, fix, refactor).

Step 2 — Extraction

💬 CommentExtractor

Extracts and categorizes reviewer comments — security concerns, style suggestions, bug reports, and architectural feedback from code review threads.

Step 3 — Extraction

✅ ActionExtractor

Identifies specific actions needed — security fixes, test additions, documentation updates, breaking change migrations, and required approvals.

Step 4 — Decision

📈 TaskPrioritizer

Prioritizes review findings — security vulnerabilities and breaking changes get Critical, while style and documentation items get Low priority.

Step 5 — Decision

👤 OwnerAssigner

Assigns review actions to the right person — PR author for fixes, security team for vulnerability review, tech lead for architecture sign-off.

Step 6 — Decision

🚨 EscalationDecider

Blocks merge for critical security issues, escalates breaking API changes to architecture review, and flags PRs that bypass required review patterns.

🎬 Live Agent Pipeline Demo

Watch how CODEREV analyzes a pull request through all 6 agents in real-time

PR #247: Add user authentication middleware
Modified: auth/jwt.py +42 -3 middleware/auth.py +85 -0
Diff: + SECRET_KEY = "hardcoded_jwt_secret_2024"
Review: "This exposes the JWT secret in source code. Use env vars instead." — @security-bot

📄

Step 1

PRAnalyzer

Idle

2 files · Auth module · +127 lines

💬

Step 2

CommentExtractor

Idle

1 security concern · hardcoded secret

✅

Step 3

ActionExtractor

Idle

2 actions: env vars, rotate secret

📈

Step 4

TaskPrioritizer

Idle

P0: Secret exposure · Critical

👤

Step 5

OwnerAssigner

Idle

Author → Fix · SecTeam → Audit

🚨

Step 6

EscalationDecider

Idle

🚫 Merge blocked → Security review

✅ Pipeline Complete — 6 agents processed in 3.6s

1

Vulnerabilities

2

Actions

2

Assigned

🚫

Merge Blocked

🎯 Real-World Use Cases

Security Vulnerability Flagging

Automatically detect SQL injection, XSS, hardcoded secrets, JWT misconfigurations, and insecure deserialization in PR diffs before merge.

Breaking Change Detection

Identify API signature changes, database schema modifications, and dependency upgrades that could break downstream consumers.

Review Workload Balancing

Route PRs to the right reviewers based on code ownership, expertise areas, and current review load — preventing reviewer burnout.

Engineering Quality Metrics

Track code review trends — security finding rates, review turnaround times, comment resolution rates, and code quality patterns across teams.

🏗 Architecture

🔄

Orchestration Engine

Coordinates all 6 agents sequentially, analyzing PR changes from parsing through security escalation.

🛡

Circuit Breaker Recovery

Per-agent fault isolation ensures comment parsing failures don't block security analysis or merge decisions.

📋

Full Audit Trail

Every security finding, priority decision, and escalation is logged — essential for security compliance audits.

🔍 Submit PR / Code for Review LIVE AGENTS

📄

Drag & drop a PR file or diff, or click to browse

.txt .md .diff .patch supported

PR Number Repository

Live Agent Results

Extracted Action Items

Action	Type	Assignee

— or analyze a sample PR —

📄

PR
Analyzer

Extraction

Idle

›

💬

Comment
Extractor

Extraction

Idle

›

⚡

Action
Extractor

Extraction

Idle

›

📈

Task
Prioritizer

Decision

Idle

›

👤

Owner
Assigner

Decision

Idle

›

🚨

Escalation
Decider

Decision

Idle

Analysis Log

Submit a PR to begin analysis…

Action Items

—

Security Flags

—

Analysis Time

—

Total Tests

12

Passed

12

Failed

0

Duration

1.87s

Agent Tests

TestPRAnalyzer

test_pr_analysis0.21sPASS

test_empty_pr0.06sPASS

TestCommentExtractor

test_comment_extraction0.17sPASS

TestActionExtractor

test_action_items0.14sPASS

TestTaskPrioritizer

test_prioritization0.10sPASS

TestOwnerAssigner

test_assignment0.13sPASS

Infrastructure Tests

TestRecoveryStrategies

test_retry_strategy0.04sPASS

test_recovery_manager0.06sPASS

TestCircuitBreaker

test_circuit_closed0.03sPASS

test_circuit_opens0.04sPASS

TestAuditLogger

test_log_event0.07sPASS

test_audit_export0.09sPASS

Total Events

28

PRs Reviewed

14

Avg Confidence

83%

Security Flags

3

Review Audit Timeline

10:45:12 · pr

PR #847 Analysis Started

Auth middleware refactor · acme/backend-api

10:45:13 · agent

PRAnalyzer → 4 files changed, +287/-143

Security-sensitive: auth/middleware.ts, auth/session.ts

10:45:14 · security

Security Flag: JWT secret rotation vulnerability

Old secrets not invalidated during rotation window

10:45:15 · review

3 review comments extracted

2 security concerns, 1 style suggestion

10:45:16 · decision

Escalated to @security-team

Auth changes require security team sign-off

10:45:17 · workflow

Analysis Complete — Changes Requested

2 must-fix items, 1 suggestion

Security Analysis

🔒 Security Findings in PR #847

• JWT Secret Rotation: Old secrets remain valid during rotation window — allows token replay attacks
• Session Fixation: Session ID not regenerated after auth level change
• Missing Rate Limit: Public /auth/refresh endpoint lacks rate limiting

🛠 Breaking Changes Detected

• Middleware signature changed — all downstream consumers must update
• Session cookie format changed — requires migration script
• Deprecated endpoints removed — ensure client SDK updated

✅ Recommended Actions

• Add secret rotation grace period with overlap validation
• Regenerate session ID on privilege escalation
• Add rate limiting before merge
• Request security team review sign-off

Circuit Breakers

6

All closed

Recoveries

1

Retry Rate

100%

Uptime

99.9%

Circuit Breaker Status

PRAnalyzer

CLOSED

0 failures

CommentExtractor

CLOSED

0 failures

ActionExtractor

CLOSED

0 failures

TaskPrioritizer

CLOSED

0 failures

OwnerAssigner

CLOSED

0 failures

EscalationDecider

CLOSED

0 failures