Intelligent code review automation for GitLab using Dify AI with RAG support for frontend best practices.
- Features
- Architecture
- Prerequisites
- Quick Start
- Installation
- Configuration
- Knowledge Base Setup
- Usage
- Project Structure
- Development
- Deployment
- Testing
- Quick Start Guide - Get started in 5 minutes
- Cost Analysis - Detailed pricing breakdown ($0.003-0.04/file)
- Knowledge Base Guide - RAG setup and maintenance
- CLI Documentation - Command-line interface reference
- FAQ - Frequently asked questions
- 🤖 AI-Powered Reviews: Leverages Dify API for intelligent code analysis
- 📚 RAG Integration: Context-aware reviews using best practices knowledge base
- React, Vue, Angular best practices
- Accessibility guidelines (WCAG)
- Performance optimization patterns
- Security best practices
- 🎯 Repository Context: Custom context files for project-specific guidelines
- Monorepo/polyrepo structure awareness
- Project-specific code style and standards
- Custom skip patterns and focus areas
- Technology stack considerations
- 🔄 GitLab Webhook: Automatic MR review triggers
- 🌐 Multi-Language: Supports 15+ programming languages
- 🔒 Security Analysis: Detects vulnerabilities and security issues
- 📊 Detailed Reports: Comprehensive review with actionable insights
- ⚡ Performance: Async processing with rate limiting
- 🔌 Local Fallback: Works even when Dify RAG is unavailable
- 🧪 Test Coverage: Built-in testing suite
┌─────────────────────────────────────────────────────────────┐ │ GitLab MR │ │ (Merge Request) │ └────────────────────┬────────────────────────────────────────┘ │ Webhook Event ▼ ┌─────────────────────────────────────────────────────────────┐ │ Webhook Handler │ │ (Validates & Dispatches) │ └────────────────────┬────────────────────────────────────────┘ │ ▼ ┌─────────────────────────────────────────────────────────────┐ │ Review Service │ │ (Orchestrates Review Flow) │ └──────┬──────────────────────┬───────────────────────────────┘ │ │ ▼ ▼ ┌──────────────┐ ┌──────────────────┐ │ GitLab │ │ RAG Service │ │ Service │ │ (Best Practices)│ └──────┬───────┘ └────────┬─────────┘ │ │ │ Get Diffs │ Query Knowledge ▼ ▼ ┌──────────────┐ ┌─────────────────┐ ┌──────────────┐ │ MR Changes │ │ Dify RAG API │ │ knowledge- │ │ (Diffs) │ │ (Primary) │ │ base/ │ └──────┬───────┘ └────────┬────────┘ │ (Fallback) │ │ │ └──────┬───────┘ │ │ If unavailable │ │ └───────────────────────┘ │ │ └────────────────┬───────────────┘ ▼ ┌───────────────┐ │ Dify Service │ │ (AI Review) │ └───────┬───────┘ │ ▼ ┌───────────────┐ │ Review Result │ └───────┬───────┘ │ ▼ ┌───────────────────┐ │ GitLab Comment │ │ (Posted to MR) │ └───────────────────┘ knowledge-base/ ├── frontend/ │ ├── react-best-practices.md ──┐ │ ├── angular-best-practices.md ─┤ │ ├── accessibility.md ──────────┼─→ Upload Script │ ├── performance.md ────────────┤ (npm run setup:knowledge-base) │ └── security.md ───────────────┘ │ ▼ ┌──────────────┐ │ Dify RAG │ │ Dataset │ └──────┬───────┘ │ ┌──────────────────────────┼────────────────────────┐ │ During Review │ │ ▼ ▼ ▼ ┌──────────┐ ┌─────────────┐ ┌──────────────┐ │ Analyze │ Query │ Retrieve │ Use │ Enhanced │ │ File │────────────│ Relevant │─────────│ AI Review │ │ Type │ │ Context │ │ with Best │ └──────────┘ └─────────────┘ │ Practices │ └──────────────┘ │ │ If Dify unavailable ▼ ┌──────────────┐ │ Local RAG │ │ Fallback │ │ (Read .md) │ └──────────────┘ - Node.js >= 22.x
- GitLab account with API access
- Dify account with API key
- Docker (optional, for containerized deployment)
# Clone repository git clone https://github.com/your-org/gitlab-ai-review.git cd gitlab-ai-review # Run automated setup npm run setupThe setup script will:
- ✅ Install dependencies
- ✅ Create
.envfrom template - ✅ Validate Node.js version
- ✅ Create logs directory
- ✅ Optionally upload knowledge base to Dify
# Install dependencies npm install # Copy environment template cp .env.example .env # Edit configuration nano .envCreate .env file:
# Server Configuration NODE_ENV=production PORT=3000 LOG_LEVEL=info # GitLab Configuration GITLAB_TOKEN=glpat-your_token_here GITLAB_URL=https://gitlab.com GITLAB_WEBHOOK_SECRET=your_webhook_secret # Dify Configuration DIFY_API_KEY=app-your_dify_key DIFY_API_URL=https://api.dify.ai/v1 DIFY_USER=gitlab-bot # Review Configuration MAX_FILES_PER_REVIEW=20 MAX_DIFF_SIZE=5000 ENABLE_INLINE_COMMENTS=false SKIP_PATTERNS=node_modules,dist,build,*.lock # Rate Limiting RATE_LIMIT_WINDOW_MS=900000 RATE_LIMIT_MAX_REQUESTS=100 # RAG Configuration RAG_KNOWLEDGE_BASE=frontend-best-practices RAG_ENABLED=true- Navigate to:
Settings → Webhooks - Add webhook URL:
https://your-domain.com/webhook/gitlab - Secret Token: Use value from
GITLAB_WEBHOOK_SECRET - Trigger events:
- ✅ Merge request events
- ✅ Comments
- Enable SSL verification
- Create a new Dify application
- Upload frontend best practices knowledge base:
- React/Vue/Angular guidelines
- Accessibility standards (WCAG)
- Performance optimization patterns
- Security best practices
- CSS/HTML conventions
- Enable RAG retrieval mode
- Copy API key to
.env
Automated Setup:
# Upload knowledge base to Dify automatically npm run setup:knowledge-baseThis script will:
- Read all markdown files from
knowledge-base/directory - Create a dataset in Dify
- Upload and index all documents
- Configure retrieval settings
Manual Setup:
Alternatively, you can manually upload files from knowledge-base/ to Dify:
- Go to Dify Console → Datasets
- Create new dataset: "frontend-best-practices"
- Upload markdown files from
knowledge-base/frontend/ - Wait for indexing to complete
- Link dataset to your Dify app
Local Fallback:
The application includes a local RAG fallback that reads knowledge base files directly from the filesystem when Dify is unavailable. This ensures the bot continues working even without external RAG service.
# Development npm run dev # Production npm start # With PM2 npm run start:pm2Enhance code review quality by providing repository-specific context. Create a .aicodereview file with information about your codebase:
# Copy example template cp examples/.aicodereview.example .aicodereview # Edit with your repository details nano .aicodereviewThe context file can include:
- Repository Type: monorepo, polyrepo, or library
- Project Structure: Description of directories and their purposes
- Code Style Guidelines: Project-specific coding standards
- Review Focus Areas: What to prioritize (performance, security, accessibility)
- Skip Patterns: Additional files/folders to exclude from review
- Custom Instructions: Special requirements for your team
Using context in manual reviews:
# Trigger review with repository context gitlab-ai-review review -p 12345 -m 42 --context ./.aicodereview # Short form gitlab-ai-review review -p 12345 -m 42 -c ./.aicodereviewThe AI will use this context to provide more relevant, project-specific feedback.
Upload best practices to Dify RAG:
npm run setup:knowledge-baseThis uploads all files from knowledge-base/ directory to Dify, enabling context-aware code reviews with:
- ✅ React best practices
- ✅ Vue.js patterns
- ✅ Angular 18+ guidelines
- ✅ Accessibility (WCAG)
- ✅ Performance optimization
- ✅ Security best practices
Note: The bot works even without Dify RAG - it falls back to reading local files from knowledge-base/ directory.
curl -X POST https://your-domain.com/api/review \ -H "Content-Type: application/json" \ -H "Authorization: Bearer YOUR_API_KEY" \ -d '{ "projectId": "12345", "mrIid": 42 }'curl https://your-domain.com/healthgitlab-ai-review/ ├── src/ │ ├── config/ │ │ ├── index.js # Configuration loader │ │ └── constants.js # Application constants │ ├── services/ │ │ ├── gitlab.service.js # GitLab API client │ │ ├── dify.service.js # Dify API client │ │ ├── review.service.js # Review orchestration │ │ └── rag.service.js # RAG knowledge base │ ├── middleware/ │ │ ├── auth.middleware.js # Authentication │ │ ├── validation.middleware.js # Request validation │ │ ├── rateLimit.middleware.js # Rate limiting │ │ └── error.middleware.js # Error handling │ ├── controllers/ │ │ ├── webhook.controller.js # Webhook handler │ │ └── review.controller.js # Manual review │ ├── utils/ │ │ ├── logger.js # Winston logger │ │ ├── errors.js # Custom errors │ │ ├── helpers.js # Helper functions │ │ └── prompt-loader.js # Prompt template loader │ ├── routes/ │ │ ├── index.js # API routes │ │ └── webhook.routes.js # Webhook routes │ └── app.js # Express app ├── tests/ │ ├── setup.js # Test configuration │ ├── unit/ │ │ ├── services/ │ │ └── utils/ │ ├── integration/ │ │ └── review.test.js │ └── fixtures/ ├── docs/ │ ├── CLI.md # CLI documentation │ ├── COST_ANALYSIS.md # Cost analysis │ └── FAQ.md # Frequently asked questions ├── scripts/ │ ├── setup.sh # Setup script │ └── deploy.sh # Deployment script ├── knowledge-base/ # Knowledge base & prompts │ ├── prompts/ # AI prompt templates │ │ ├── actionable-review.md # Default review prompt │ │ ├── critical-only-review.md # Critical issues only │ │ └── detailed-review.md # Comprehensive review │ ├── frontend/ # Frontend best practices (RAG) │ │ ├── react-best-practices.md │ │ ├── vue-best-practices.md │ │ ├── accessibility.md │ │ ├── performance.md │ │ └── security.md │ ├── backend/ # Backend best practices (RAG) │ │ ├── api-design.md │ │ └── security.md │ └── README.md # Knowledge base documentation ├── logs/ # Application logs (gitignored) ├── .github/ │ └── workflows/ │ ├── ci.yml # CI pipeline │ └── deploy.yml # Deployment pipeline ├── .husky/ # Git hooks │ └── pre-commit ├── Dockerfile ├── docker-compose.yml ├── ecosystem.config.js # PM2 configuration ├── .env.example ├── .eslintrc.js ├── .prettierrc ├── .gitignore ├── .dockerignore ├── jest.config.js ├── package.json ├── examples/ │ ├── .aicodereview.example # Full context template │ └── .aicodereview.minimal # Minimal context template └── README.md The .aicodereview file (optional, placed in project root) provides project-specific information to the AI:
# Repository Context ## Repository Type: monorepo ## Project Structure - apps/api - NestJS BFF - apps/ui - React UI client ## Code Style Guidelines - Airbnb style guide - Strict TypeScript mode ## Review Focus Areas - Performance critical for UI - Security critical for API ## Skip Patterns - apps/ui-e2e/\*\* (E2E tests)Use with CLI:
gitlab-ai-review review -p <project> -m <mr> --context ./.aicodereview# Linting npm run lint npm run lint:fix # Formatting npm run format # Type checking npm run typecheck# Run all tests npm test # Watch mode npm run test:watch # Coverage npm run test:coverage # E2E tests npm run test:e2e# Debug mode npm run debug # VS Code launch configuration provided# Build image docker build -t gitlab-ai-review:latest . # Run container docker run -d \ --name gitlab-review-bot \ -p 3000:3000 \ --env-file .env \ gitlab-ai-review:latestdocker-compose up -dpm2 start ecosystem.config.js pm2 save pm2 startupDeploy using Docker to various cloud platforms:
- AWS ECS/Fargate: Use docker image with ECS task definition
- Google Cloud Run: Deploy from container registry
- Azure Container Instances: Use
az container create - Kubernetes: Apply deployment manifests with docker image
# Unit tests npm run test:unit # Integration tests npm run test:integration # Load testing npm run test:loadThe application exposes metrics at /metrics:
- Request duration
- Review success/failure rate
- Dify API latency
- Memory usage
- Active connections
Recommended monitoring stack:
- Prometheus for metrics
- Grafana for visualization
- Sentry for error tracking
- API key authentication
- Webhook signature verification
- Rate limiting
- Input validation
- Dependency scanning (Snyk/Dependabot)
- OWASP security headers
MIT License - see LICENSE
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch
- Make your changes with tests
- Submit a pull request
- 📧 Email: support@yourcompany.com
- 💬 Slack: #gitlab-ai-review
- 🐛 Issues: GitHub Issues
- Dify AI team for the excellent RAG platform
- GitLab community for API documentation
- OpenAI for GPT models
- All contributors and early adopters
See CHANGELOG.md for version history and updates.
- Dify - LLM app development platform
- GitLab - DevOps platform
- Review Bot - GitLab's official bot
Made with ❤️ for better code reviews