Works with every language & platform
EVERYTHING YOUR CODE NEEDS
AI doesn't just skim your PR. It reads every line, understands the context, and tells you exactly what will break.
LINE-BY-LINE REVIEW
Every changed line analyzed for bugs, security flaws, and code smells. Not a vague summary — precise, actionable feedback on exact lines.
PR CONVERSATIONS
Chat directly in your PR. Ask for test plans, refactoring suggestions, or explanations. It understands the full diff context.
PR SUMMARY & RELEASE NOTES
Auto-generated summary of changes, impact analysis, and draft release notes. Reviewers get context in seconds, not minutes.
INCREMENTAL REVIEWS
Reviews each commit, not the whole PR. Tracks changes between pushes so you only see new feedback. Saves cost, reduces noise.
FULLY CUSTOMIZABLE
Configure review rules, coding guidelines, and prompts via YAML. Focus on what matters to your team — security, performance, style, or all.
OPEN SOURCE, SELF-HOSTED
Your code never leaves your infrastructure. Run it on your own servers with your own API keys. Full transparency, zero vendor lock-in.
THREE STEPS. THAT'S IT.
No signup. No dashboard. No SaaS middleman. Just a GitHub Action that works.
INSTALL THE GITHUB ACTION
Add a single YAML file to your repo. Configure your API keys. That's it — no signup, no dashboard, no SaaS middleman.
- uses: codelux-ai/reviewer@latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}OPEN A PULL REQUEST
Push code as usual. The reviewer activates automatically on every PR and review comment. No manual triggers needed.
on:
pull_request:
pull_request_review_comment:
types: [created]GET INTELLIGENT REVIEWS
AI posts a summary, walks through changes, and leaves line-by-line comments. Critical issues glow brighter. Reply to discuss.
# AI Reviewer found 2 issues:
# 🔴 Critical: Race condition in session.ts:15
# 🟡 Suggestion: Missing error handling in session.ts:29
#
# Reply to discuss any finding.CODE REVIEW IS BROKEN
The process most teams rely on is slow, error-prone, and burning out your best engineers.
Developers context-switch, lose flow state, and ship significantly slower.
Manual reviews consistently miss edge cases, race conditions, and security flaws.
Senior engineers spend 30%+ of their time reviewing other people's code.
SEE IT IN ACTION
Real code. Real review. Severity-based feedback on exact lines — no hedging, no vague suggestions.
This PR adds session token validation with expiry checks. 2 issues found —1 critical (race condition), 1 suggestion (error handling).
async function validateSession(token: string) { const session = await db.sessions.findOne({ token }); if (!session) return null; Race condition: another request could invalidate this session between findOne() and the expiry check below. Use findOneAndUpdate with atomic operations.
const isExpired = session.expiresAt < Date.now(); if (isExpired) { await db.sessions.deleteOne({ token }); return null; } return session.userId;} export async function refreshToken(userId: string) { const newToken = crypto.randomUUID(); await db.sessions.updateOne( { userId }, { token: newToken, expiresAt: Date.now() + TTL } );Consider wrapping in try/catch — if updateOne fails, the user gets silently logged out with no error feedback.
return newToken;}↑ REAL EXAMPLE FROM A PRODUCTION CODEBASE
VIEW ON GITHUBLOVED BY DEVELOPERS
“This tool catches race conditions and edge cases that even senior engineers miss. The severity glow makes it obvious what to fix first.”
“We replaced two paid review tools with this. Self-hosted, zero data leakage, and our security team finally stopped complaining.”
“Set up in our CI in under a minute. First PR review blew my mind — it found a SQL injection we'd been shipping for months.”
“The incremental review feature is a game-changer. No more reviewing 500-line diffs — it tracks what changed between pushes.”
“Finally, an AI reviewer that understands our codebase conventions. It even learned our naming patterns after a few PRs.”
“Open source and self-hosted means we passed SOC 2 audit with zero concerns about code leaving our infrastructure.”
“We replaced two paid review tools with this. Self-hosted, zero data leakage, and our security team finally stopped complaining.”
“Set up in our CI in under a minute. First PR review blew my mind — it found a SQL injection we'd been shipping for months.”
“The incremental review feature is a game-changer. No more reviewing 500-line diffs — it tracks what changed between pushes.”
“Finally, an AI reviewer that understands our codebase conventions. It even learned our naming patterns after a few PRs.”
“Open source and self-hosted means we passed SOC 2 audit with zero concerns about code leaving our infrastructure.”
BUILT DIFFERENT. BUILT OPEN.
| Feature | CODELUXOpen Source | CodeRabbit | Qodo | Sourcery |
|---|---|---|---|---|
| Open source (MIT) | ✗ | ✗ | ✗ | |
| Self-hosted / on-prem | Enterprise | Enterprise | ✗ | |
| Line-by-line reviews | ✓ | ✓ | ✓ | |
| PR summaries | ✓ | ✓ | ✓ | |
| Interactive chat in PR | ✓ | Partial | ✗ | |
| Custom review rules | Partial | Partial | Partial | |
| Zero data retention | ✗ | ✗ | ✗ | |
| Free for all repos | ✗ | ✗ | Partial | |
| Bring your own LLM | ✗ | ✗ | ✗ | |
| GitHub + GitLab + Bitbucket | ✓ | Partial | Partial |
YOUR CODE STAYS YOURS
MIT-licensed. Every line of code is public, auditable, and forkable. No telemetry, no data collection, no "trust us" security pages.
Self-host on your infrastructure. Use your own API keys. Your code never touches a server you don't control.
AGENT-REVIEW
Star on GitHub. Contribute. Make code review better for everyone.
VIEW ON GITHUB★4COMMON QUESTIONS
Yes, 100% free and open source under the MIT license. You use your own API keys (OpenAI, etc.) — we don't charge anything. No usage limits, no premium tier.
Currently OpenAI (GPT-4, GPT-4o). Support for Anthropic Claude, Google Gemini, and local models via Ollama is on the roadmap.
No. The reviewer runs entirely within your GitHub Actions workflow. Your code is processed in-memory during the review and never stored anywhere.
Fully open source and self-hosted. Your code never leaves your infrastructure. No SaaS middleman, no vendor lock-in. You own everything.
Under 30 seconds. Add a single YAML workflow file to your repo, set your API keys as GitHub secrets, and you're done.
Yes. Configure review rules, severity thresholds, ignored paths, and custom prompts via a YAML configuration file in your repo.
ONE FILE.
EVERY PR REVIEWED.
Drop a single YAML into your repo. Your next pull request gets line-by-line AI review, severity tagging, and a generated summary — automatically.
| 1 | name: CodeLux Review |
| 2 | |
| 3 | on: |
| 4 | pull_request: |
| 5 | pull_request_review_comment: |
| 6 | types: [created] |
| 7 | |
| 8 | jobs: |
| 9 | review: |
| 10 | runs-on: ubuntu-latest |
| 11 | steps: |
| 12 | - uses: codelux-ai/reviewer@latest |
| 13 | env: |
| 14 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 15 | OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} |
LATEST UPDATES
INTERACTIVE PR CONVERSATIONS
Reply to AI comments directly in your PR. Ask for explanations, test plans, or alternative implementations.
INCREMENTAL REVIEW ENGINE
Now tracks changes between pushes, reviewing only new code. 60% fewer API calls, zero duplicate feedback.