AI-powered code review CLI with multiple providers (Gemini, Claude, OpenAI). Features 95%+ token reduction via semantic chunking, 7 review types (security/performance/evaluation), multi-language support, interactive fixes, and developer skill assessment.
git clone https://github.com/bobmatnyc/ai-code-review.gitAI Code Review is a TypeScript-based command-line tool that automates code reviews using Google Gemini, Anthropic Claude, OpenAI, or OpenRouter APIs integrated with LangChain. The tool analyzes code across 15+ review types including security, performance, architectural assessment, and developer experience evaluation. It reduces API token consumption by approximately 45% through optimized prompts updated to 2026 standards, covering current security threats, frameworks, and language versions. The CLI supports Flutter, Dart, Python, JavaScript, Java, Rust, and other languages with automatic framework detection. Features include interactive API key validation on startup, project-level configuration storage, and standardized output formats with severity scoring and confidence metrics.
[{"step":"Install the CLI tool","action":"Run `pip install ai-code-review` and authenticate with your preferred provider (e.g., `ai-code-review auth openai --api-key YOUR_KEY`).","tip":"Use `ai-code-review providers` to list supported providers and their token limits."},{"step":"Select review type and language","action":"Specify the review type (e.g., `security`, `performance`) and language (e.g., `python`, `javascript`) in the prompt. Example: `ai-code-review review --type security --language python --code \"[CODE]\"`.","tip":"For multi-file projects, use `ai-code-review review --path ./src` to scan entire directories."},{"step":"Run the review","action":"Execute the command and review the output. Prioritize critical issues (e.g., SQL injection) before performance suggestions.","tip":"Use `--output json` to get machine-readable results for integration with CI/CD pipelines."},{"step":"Apply fixes interactively","action":"Use `ai-code-review fix --issue-id 123` to generate and apply automated fixes for specific issues. Review changes before committing.","tip":"For complex fixes, use `--dry-run` to preview changes without applying them."},{"step":"Assess developer skills","action":"Run `ai-code-review assess --path ./src` to generate a skill report for your team. Use this for performance reviews or training plans.","tip":"Combine with `--format markdown` to generate reports for team meetings."}]
Automated security and performance analysis for pull requests
Framework-specific code quality assessment (React, Django, Rails, etc.)
Developer skill evaluation and architectural review
Multi-language codebase analysis with provider flexibility
No install command available. Check the GitHub repository for manual installation instructions.
git clone https://github.com/bobmatnyc/ai-code-reviewCopy the install command above and run it in your terminal.
Launch Claude Code, Cursor, or your preferred AI coding agent.
Use the prompt template or examples below to test the skill.
Adapt the skill to your specific use case and workflow.
Perform a [REVIEW_TYPE] code review on the following [LANGUAGE] code snippet using the [PROVIDER] provider. Focus on [SPECIFIC_AREA] (e.g., memory leaks, SQL injection risks). Provide actionable feedback with line numbers and code snippets. Include a complexity score (1-10) and suggest optimizations. Code: ```[CODE]```
### Code Review Report: Security Audit
**Provider:** OpenAI (GPT-4)
**Language:** Python
**Review Type:** Security
**Target Area:** SQL Injection Vulnerabilities
**Complexity Score:** 7/10
**Files Reviewed:** `user_auth.py` (Lines 42-89)
---
#### Critical Issues Found
1. **SQL Injection Risk (Line 57-61)**
```python
query = f"SELECT * FROM users WHERE username = '{username}' AND password = '{password}'"
```
**Risk:** High. User input is directly interpolated into SQL. Attackers can bypass authentication with `' OR '1'='1`.
**Fix:** Use parameterized queries:
```python
query = "SELECT * FROM users WHERE username = %s AND password = %s"
cursor.execute(query, (username, password))
```
2. **Hardcoded Secret (Line 78)**
```python
API_KEY = "sk-1234567890abcdef"
```
**Risk:** High. Secrets in code violate OWASP guidelines.
**Fix:** Use environment variables:
```python
import os
API_KEY = os.getenv("STRIPE_API_KEY")
```
---
#### Performance Optimizations
- **Line 45:** The `get_user_by_id()` function uses a linear search. Replace with a dictionary lookup (O(1) vs O(n)):
```python
user_cache = {}
def get_user_by_id(user_id):
return user_cache.get(user_id)
```
---
#### Developer Skill Assessment
- **Security Awareness:** 6/10 (missed critical SQLi and hardcoded secrets)
- **Performance:** 7/10 (could optimize data structures)
- **Recommendation:** Complete the [OWASP Top 10](https://owasp.org/www-project-top-ten/) training module.
**Next Steps:**
1. Apply the SQL injection fix immediately.
2. Rotate the hardcoded API key.
3. Schedule a team workshop on secure coding practices.Take a free 3-minute scan and get personalized AI skill recommendations.
Take free scan