review-pilot is a comprehensive AI-powered GitHub Action that surpasses GitHub Copilot's review capabilities. Using advanced chain-of-thought reasoning, it systematically analyzes pull requests across security, performance, maintainability, and correctness dimensions like a battle-tested principal engineer.
Why review-pilot beats GitHub Copilot?
- Can Actually Approve PRs: Unlike Copilot, review-pilot can approve clean code for merge
- Systematic Analysis: Uses 5-step chain-of-thought reasoning for comprehensive coverage
- Multi-dimensional Review: Security, performance, correctness, maintainability, and best practices
- Self-consistency Checks: Built-in verification to prevent incorrect feedback
- Production-focused: Issues that actually matter, not just style preferences
- Advanced Prompting: Leverages cutting-edge LLM reasoning techniques
Powered by Google's Gemini 2.5 Flash with 80% more comprehensive analysis than standard tools, review-pilot combines the wisdom of a principal engineer with systematic AI reasoning.
Add review-pilot to your GitHub workflow:
# .github/workflows/review.yml
name: AI Code Review
on:
pull_request:
types: [opened, synchronize]
jobs:
review:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- name: Review Pull Request
uses: Programmer-RD-AI/review-pilot@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
apiKey: ${{ secrets.GEMINI_API_KEY }}
level: 'MID'- Go to Google AI Studio
- Create a new API key
- Add it to your repository secrets as
GEMINI_API_KEY
- name: Review Pull Request
uses: Programmer-RD-AI/review-pilot@v1
with:
token: ${{ secrets.GITHUB_TOKEN }} # Required: GitHub token
apiKey: ${{ secrets.GEMINI_API_KEY }} # Required: Gemini API key
model: 'gemini-2.5-flash-lite' # Optional: AI model
level: 'MID' # Optional: Review strictness
maxChanges: '1000' # Optional: Max changes per file
customInstructionUri: './review-guide.txt' # Optional: Custom instructions- LOW: Critical-only mode (production failures, security breaches, data corruption)
- MID: Balanced quality mode (critical issues + significant correctness/maintainability problems)
- HIGH: Comprehensive mode (security, performance, maintainability, correctness, best practices) - Recommended
Provide domain-specific context to improve reviews:
# review-guide.txt
This is a fintech application handling payment processing.
Security is paramount - flag any potential data leaks.
Performance matters - we handle 10k+ transactions per minute.
Database queries must be optimized for PostgreSQL 14.review-pilot provides surgical, insightful feedback:
💬 **Review Summary**
Solid payment processing changes, but found a critical race condition in transaction handling.
🔴 **Critical Issue - Transaction Handler**
```typescript
// src/payment/processor.ts:45
This shared transaction counter isn't thread-safe. Under concurrent load,
you'll get race conditions and lost updates. Two requests could read the
same value and both increment from there, leading to duplicate transaction IDs.
Consider using atomic operations or database-generated IDs instead.
🟡 Performance Concern - Database Query
// src/user/service.ts:23
This query in the loop is going to murder your database performance.
You're doing one query per user instead of batching them. With 10k users,
that's 10k queries instead of 1.5-Step Chain-of-Thought Analysis:
- File Structure Analysis: Maps changes across files and identifies programming contexts
- Security & Vulnerability Scan: Systematic check for auth bypasses, injection, secrets, crypto issues
- Correctness & Logic Analysis: Logic errors, null pointers, resource leaks, exception handling
- Performance & Efficiency Review: Algorithmic complexity, database optimization, memory efficiency
- Maintainability & Best Practices: Code quality, patterns, documentation, consistency
Advanced Capabilities:
- Self-Consistency Verification: Multi-path reasoning with accuracy validation
- Contextual Understanding: Full file context for understanding, patch-only analysis for comments
- Approval Authority: Can approve clean PRs for merge (unlike GitHub Copilot)
- Systematic Reasoning: No speculation - only issues definitively identified through structured analysis
review-pilot combines comprehensive coverage with surgical precision, catching issues that matter while avoiding noise.
- GitHub Actions: Repository with Actions enabled
- Gemini API Key: Free tier available with generous limits
- Node.js: v20+ (handled automatically in Actions)
review-pilot provides deep analysis for:
- JavaScript/TypeScript: React patterns, async/await, memory leaks
- Python: Context managers, GIL issues, type safety
- Java: Concurrency, collections, performance
- Go: Goroutines, channels, interface satisfaction
- And more: Adapts to any language in your codebase
Contributions are welcome! This project follows the "make it better" philosophy.
Please see our CONTRIBUTING.md for details on how to contribute.
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.
- Commercial use, modification, distribution, and private use
- Patent grant from contributors
- No warranty or liability
This project is governed by our CODE_OF_CONDUCT.md. By participating, you agree to uphold professional standards and treat all contributors with respect.
Built with battle-tested engineering wisdom. Deploy with confidence.