Skip to main content
This agent provides codebase-aware reviews for your GitHub PRs and GitLab MRs. For each diff, the agent fetches relevant context from your indexed codebase and feeds it into a configured language model for a detailed review. The AI Code Review Agent is fair source and packaged in Sourcebot. To get started, deploy Sourcebot and follow the configuration instructions below. AI Code Review Agent Example

Language model

The review agent uses whichever language model you have configured in your config.json. All providers supported by Sourcebot (OpenAI, Anthropic, AWS Bedrock, Azure OpenAI, and others) work out of the box. If you have multiple models configured, set REVIEW_AGENT_MODEL to the displayName of the model you want the agent to use. If this variable is unset, the agent uses the first configured model.

GitHub

1

Register a GitHub app

Follow the official GitHub guide for registering a GitHub app.
  • GitHub App name: Any name you choose (e.g. Sourcebot Review Agent)
  • Homepage URL: Any URL you choose (e.g. https://www.sourcebot.dev/)
  • Webhook URL (required): Your Sourcebot deployment URL at /api/webhook (e.g. https://sourcebot.example.com/api/webhook). Your deployment must be reachable from GitHub. If you are running Sourcebot locally, use smee to forward webhooks to your local deployment.
  • Webhook Secret: Any string (e.g. generate one with python -c "import secrets; print(secrets.token_hex(10))")
  • Permissions
    • Pull requests: Read & Write
    • Issues: Read & Write
    • Contents: Read
  • Events
    • Pull request
    • Issue comment
2

Install the GitHub app in your organization

Navigate to your new GitHub app’s page and press Install.
3

Configure environment variables

Set the following environment variables in your Sourcebot deployment:
VariableDescription
GITHUB_REVIEW_AGENT_APP_IDThe client ID of your GitHub app, found in your app settings
GITHUB_REVIEW_AGENT_APP_WEBHOOK_SECRETThe webhook secret you set when registering the app
GITHUB_REVIEW_AGENT_APP_PRIVATE_KEY_PATHPath to your app’s private key file inside the container (e.g. /data/review-agent-key.pem). Copy the key file into the directory you mount to Sourcebot.
You can generate a private key in your app settings.
GitHub App Private Key
Example docker-compose.yml:
services:
    sourcebot:
        image: ghcr.io/sourcebot-dev/sourcebot:latest
        pull_policy: always
        container_name: sourcebot
        ports:
            - "3000:3000"
        volumes:
            - "/home/user/sourcebot_workspace:/data"
        environment:
            CONFIG_PATH: "/data/config.json"
            GITHUB_REVIEW_AGENT_APP_ID: "my-github-app-id"
            GITHUB_REVIEW_AGENT_APP_WEBHOOK_SECRET: "my-webhook-secret"
            GITHUB_REVIEW_AGENT_APP_PRIVATE_KEY_PATH: "/data/review-agent-key.pem"
4

Verify configuration

Navigate to Agents in the Sourcebot nav menu. If your environment variables are set correctly, the GitHub Review Agent card shows a confirmation that the agent is configured and accepting requests.
Review Agent Configured

GitLab

1

Create a GitLab access token

Create a personal access token or project access token with the following scope:
  • api
Keep a note of the token value — you will need it in the next step.
2

Configure a webhook in GitLab

In your GitLab project, go to Settings → Webhooks and add a new webhook:
  • URL: Your Sourcebot deployment URL at /api/webhook (e.g. https://sourcebot.example.com/api/webhook)
  • Secret token: Any string (e.g. generate one with python -c "import secrets; print(secrets.token_hex(10))")
  • Trigger events: Merge request events, Comments
Save the webhook.
3

Configure environment variables

Set the following environment variables in your Sourcebot deployment:
VariableDescription
GITLAB_REVIEW_AGENT_WEBHOOK_SECRETThe secret token you set on the GitLab webhook
GITLAB_REVIEW_AGENT_TOKENThe GitLab personal or project access token
GITLAB_REVIEW_AGENT_HOSTYour GitLab hostname. Defaults to gitlab.com. Set this for self-hosted GitLab instances (e.g. gitlab.example.com).
Example docker-compose.yml:
services:
    sourcebot:
        image: ghcr.io/sourcebot-dev/sourcebot:latest
        pull_policy: always
        container_name: sourcebot
        ports:
            - "3000:3000"
        volumes:
            - "/home/user/sourcebot_workspace:/data"
        environment:
            CONFIG_PATH: "/data/config.json"
            GITLAB_REVIEW_AGENT_WEBHOOK_SECRET: "my-webhook-secret"
            GITLAB_REVIEW_AGENT_TOKEN: "glpat-my-token"
            GITLAB_REVIEW_AGENT_HOST: "gitlab.example.com"
4

Verify configuration

Navigate to Agents in the Sourcebot nav menu. If your environment variables are set correctly, the GitLab Review Agent card shows a confirmation that the agent is configured and accepting requests.

Using the agent

By default, the agent does not review PRs and MRs automatically. To enable automatic reviews on every new or updated PR/MR, set REVIEW_AGENT_AUTO_REVIEW_ENABLED to true. You can also trigger a review manually by commenting /review on any PR or MR. To use a different command, set REVIEW_AGENT_REVIEW_COMMAND to your preferred value (without the leading slash).

Environment variable reference

VariableDefaultDescription
REVIEW_AGENT_AUTO_REVIEW_ENABLEDfalseAutomatically review new and updated PRs/MRs
REVIEW_AGENT_REVIEW_COMMANDreviewComment command that triggers a manual review (without the /)
REVIEW_AGENT_MODELfirst configured modeldisplayName of the language model to use for reviews
REVIEW_AGENT_LOGGING_ENABLEDunsetWrite prompt and response logs to disk for debugging