AI Code Review
Automated, intelligent code review for every PR
AI-Powered Analysis
QODRYX reviews your code like a senior developer β finding bugs, suggesting improvements, and ensuring quality.
Overview
QODRYX's AI Code Review automatically analyzes every pull request, providing instant feedback on:
- Code quality and maintainability
- Security vulnerabilities and risks
- Performance optimizations
- Best practices and coding standards
- Potential bugs and edge cases
Key Features
AI-Powered Analysis
Advanced LLMs understand context and provide meaningful suggestions
Security Focus
Identifies vulnerabilities, secrets, and security anti-patterns
Instant Feedback
Reviews complete in seconds, not hours
Inline Comments
Suggestions appear directly on the relevant code lines
Fix Suggestions
Get actual code fixes, not just problem descriptions
Learning System
Improves based on your team's patterns and preferences
How It Works
PR Created
Developer opens a pull request on GitHub/GitLab
Analysis Triggered
QODRYX automatically starts analyzing the changes
AI Review
AI examines code quality, security, and best practices
Comments Posted
Suggestions appear as inline PR comments
Developer Addresses
Developer reviews and applies suggested fixes
Setup
GitHub Integration
Enable AI code review for your GitHub repositories:
- Go to Settings β Integrations in your QODRYX dashboard
- Click Connect GitHub and authorize the app
- Select the repositories you want to enable
- Configure review settings (see below)
GitLab Integration
Enable AI code review for your GitLab repositories:
- Go to Settings β Integrations in your QODRYX dashboard
- Click Connect GitLab and provide your access token
- Select the projects you want to enable
- Configure review settings
Configuration
Customize code review behavior with a qodryx.yml file in your repository:
# qodryx.yml
code_review:
enabled: true
# What to analyze
checks:
security: true
performance: true
best_practices: true
bugs: true
style: true
# Severity threshold for blocking PRs
block_on: critical # critical, high, medium, low, or none
# Files to ignore
ignore:
- "*.generated.ts"
- "vendor/**"
- "*.min.js"
# Custom rules
rules:
- name: "no-console-log"
pattern: "console.log"
message: "Remove console.log before merging"
severity: warning
- name: "require-error-handling"
pattern: "await.*fetch"
require: "try.*catch|.catch"
message: "API calls should have error handling"
severity: high
# Style guide reference
style_guide: "./docs/STYLE_GUIDE.md"
# Auto-approve low-risk changes
auto_approve:
enabled: true
conditions:
- files_changed < 5
- no_critical_issues
- only_docs_or_testsReview Categories
π Security
- SQL injection vulnerabilities
- Cross-site scripting (XSS)
- Hardcoded secrets and credentials
- Insecure dependencies
- Authentication/authorization issues
β‘ Performance
- N+1 query detection
- Memory leaks
- Inefficient algorithms
- Missing indexes
- Unnecessary re-renders (React)
π Bug Detection
- Null pointer exceptions
- Off-by-one errors
- Race conditions
- Unhandled edge cases
- Type mismatches
π Code Quality
- Code duplication
- Complex functions needing refactoring
- Missing documentation
- Inconsistent naming
- Dead code
Example Review
Here's what an AI code review looks like in practice:
Line 45: User input is directly concatenated into SQL query
// Suggested fix:
const result = await db.query(
'SELECT * FROM users WHERE id = $1',
[userId] // Use parameterized query
);Line 78: Query on 'email' column without index. Consider adding an index for better performance.
Line 92: Async function lacks try-catch. Consider adding error handling.
PR Status Checks
QODRYX can block or warn on PRs based on review findings:
| Status | Condition | Action |
|---|---|---|
| Passed | No blocking issues | PR can be merged |
| Warning | Non-critical issues found | Merge allowed with caution |
| Failed | Critical/high severity issues | PR blocked until fixed |