# OpenAI Code Review Integration ## Overview The `devbox review` command provides automated code review capabilities powered by OpenAI's GPT-4 model. This feature allows engineers to perform comprehensive code reviews locally before submitting pull requests, helping to catch issues early and improve code quality. ## Why OpenAI Code Review? ### Problem Statement - **Manual Review Bottleneck**: Human code reviews can be slow and inconsistent - **Missed Issues**: Important security, performance, and quality issues may be overlooked - **Inconsistent Standards**: Different reviewers may have different standards and focus areas - **Time Constraints**: Rushed reviews may miss critical problems - **Knowledge Gaps**: Reviewers may not be familiar with all best practices ### Solution Benefits - **Comprehensive Analysis**: AI reviews cover security, performance, code quality, and best practices - **Consistent Standards**: Same review criteria applied across all code changes - **24/7 Availability**: Reviews can be performed anytime, without waiting for human reviewers - **Educational**: Provides explanations and suggestions for improvements - **Local Privacy**: Reviews happen locally, keeping your code private ## Features ### 🔍 **Comprehensive Review Coverage** - **Security Analysis**: Identifies potential vulnerabilities, input validation issues, authentication problems - **Performance Optimization**: Detects inefficient algorithms, memory leaks, database query issues - **Code Quality**: Checks for code smells, maintainability issues, readability problems - **Best Practices**: Verifies adherence to language-specific best practices and design patterns - **Error Handling**: Assesses error handling, exception management, logging practices - **Testing**: Evaluates test coverage, test quality, and mocking practices - **Documentation**: Checks for proper documentation, comments, and API documentation ### 📊 **Beautiful HTML Reports** - **Interactive Interface**: Modern, responsive web interface for viewing reviews - **Severity Classification**: Issues categorized as Critical, Warning, Info, or Suggestion - **Code Snippets**: Relevant code sections highlighted with line numbers - **Actionable Suggestions**: Specific recommendations for improvements - **Export Options**: Print reports or export to different formats ### 🚀 **Local Web Server** - **Instant Access**: View reports immediately in your browser - **Report Management**: Browse and manage all review reports - **Real-time Updates**: Refresh to see new reports as they're generated - **No External Dependencies**: Everything runs locally on your machine ## Quick Start ### 1. Set Up OpenAI API Key You can provide your OpenAI API key in two ways: **Option A: Environment Variable (Recommended)** ```bash export OPENAI_API_KEY="your-openai-api-key-here" ``` **Option B: Command Line** ```bash devbox review --component=chat --api-key="your-openai-api-key-here" ``` ### 2. Perform Your First Review ```bash # Review the chat component devbox review --component=chat # Review with custom port devbox review --component=authentication --port=9090 # Review without starting the web server devbox review --component=content --start-server=false ``` ### 3. View Review Reports After running a review, open your browser and navigate to: ``` http://localhost:8080 ``` ## Usage Examples ### Basic Review ```bash # Review a specific component devbox review --component=chat ``` ### Advanced Review Options ```bash # Review with custom API key devbox review --component=authentication --api-key="sk-..." # Review on custom port devbox review --component=content --port=9090 # Review without web server devbox review --component=payment --start-server=false # Stop the review server devbox review --stop-server ``` ### Review Multiple Components ```bash # Review chat component devbox review --component=chat # Review authentication component devbox review --component=authentication # Review content component devbox review --component=content ``` ## Configuration ### Configuration File The code review feature creates a configuration file at `~/.devbox/.code-review/config.yaml`: ```yaml # OpenAI Code Review Configuration openai: api_key: "" # Set your OpenAI API key here or use environment variable model: "gpt-4" # Model to use for code review max_tokens: 4000 # Maximum tokens for review response temperature: 0.1 # Lower temperature for more focused reviews review: languages: - python - javascript - typescript - java - go - rust file_extensions: - .py - .js - .ts - .jsx - .tsx - .java - .go - .rs - .cpp - .c - .h - .hpp exclude_patterns: - "node_modules/" - "__pycache__/" - ".git/" - "*.min.js" - "*.min.css" - "dist/" - "build/" - "target/" - "vendor/" max_file_size: 100000 # Maximum file size in bytes to review max_files_per_review: 50 # Maximum number of files to review at once output: format: "html" # html, markdown, json include_suggestions: true include_severity: true include_line_numbers: true include_code_snippets: true ``` ### Customizing Review Settings You can modify the configuration file to: - Change the OpenAI model (e.g., gpt-3.5-turbo for faster, cheaper reviews) - Adjust the number of tokens used - Add or remove supported file types - Modify exclusion patterns - Change output format preferences ## Review Process ### 1. File Detection The system automatically detects changed files in your component: - Staged changes (`git diff --cached`) - Unstaged changes (`git diff`) - Filters by supported file extensions - Respects exclusion patterns ### 2. Content Preparation - Reads file contents - Prepares context for OpenAI - Limits file size and count for optimal performance ### 3. AI Review - Sends code to OpenAI GPT-4 - Uses specialized prompt for code review - Receives comprehensive analysis ### 4. Report Generation - Parses AI response - Generates structured review data - Creates beautiful HTML report - Starts local web server ### 5. Review Interface - Modern, responsive web interface - Severity-based issue categorization - Code snippets with line numbers - Actionable improvement suggestions ## Review Categories ### 🔴 Critical Issues - Security vulnerabilities - Potential crashes or data loss - Critical performance problems - Major architectural issues ### 🟡 Warnings - Code quality issues - Potential bugs - Performance concerns - Best practice violations ### 🔵 Info - Style and formatting issues - Documentation improvements - Minor optimizations - Educational notes ### 🟢 Suggestions - Enhancement opportunities - Alternative approaches - Future improvements - Learning opportunities ## Best Practices ### Before Submitting PRs 1. **Run Local Tests**: Ensure your code passes all tests 2. **Perform Code Review**: Use `devbox review` to get AI feedback 3. **Address Issues**: Fix critical and warning issues 4. **Review Suggestions**: Consider implementing improvement suggestions 5. **Submit PR**: Only after addressing important issues ### Optimizing Review Quality 1. **Keep Changes Focused**: Smaller, focused changes get better reviews 2. **Include Context**: Make sure related files are included 3. **Use Descriptive Commits**: Clear commit messages help with context 4. **Review Regularly**: Don't wait until the end to review ### Cost Management 1. **Monitor Usage**: Keep track of API token usage 2. **Use Appropriate Models**: Consider gpt-3.5-turbo for routine reviews 3. **Limit File Count**: Focus on the most important files 4. **Batch Reviews**: Review multiple related changes together ## Troubleshooting ### Common Issues **API Key Not Found** ```bash Error: OpenAI API key not found ``` **Solution**: Set the `OPENAI_API_KEY` environment variable or use `--api-key` parameter **API Connectivity Issues** ```bash Error: OpenAI API connectivity test failed ``` **Solution**: Check your internet connection and API key validity **No Changed Files** ```bash Warning: No changed files found for review ``` **Solution**: Make sure you have staged or unstaged changes in your component **Server Port Already in Use** ```bash Error: Port 8080 is already in use ``` **Solution**: Use a different port with `--port` parameter ### Performance Tips 1. **Limit File Size**: Large files take longer to review and cost more 2. **Use Appropriate Model**: gpt-3.5-turbo is faster and cheaper than gpt-4 3. **Review Incrementally**: Review changes as you make them, not all at once 4. **Exclude Generated Files**: Add generated files to exclusion patterns ## Integration with Workflow ### Pre-PR Checklist ```bash # 1. Run tests devbox package --component=chat --test-mode=test # 2. Perform code review devbox review --component=chat # 3. Address review issues # (Fix code based on review feedback) # 4. Re-review if needed devbox review --component=chat # 5. Submit PR git push origin feature/chat-improvements ``` ### CI/CD Integration The code review feature can be integrated into your CI/CD pipeline: - Run reviews automatically on pull requests - Block merges if critical issues are found - Generate review reports for team review - Track review metrics over time ## Security and Privacy ### Local Processing - All code review processing happens locally - No code is stored on external servers - API calls only send code content to OpenAI - Review reports are stored locally ### API Key Security - Store API keys in environment variables - Never commit API keys to version control - Use different API keys for different environments - Monitor API usage for unusual activity ## Future Enhancements ### Planned Features - **Custom Review Templates**: Define project-specific review criteria - **Team Review Integration**: Share reviews with team members - **Historical Tracking**: Track review metrics over time - **Automated Fixes**: Suggest and apply automatic fixes - **Multi-language Support**: Enhanced support for more programming languages - **IDE Integration**: Direct integration with popular IDEs ### Advanced Capabilities - **Context-Aware Reviews**: Consider project history and architecture - **Performance Profiling**: Automated performance analysis - **Security Scanning**: Integration with security scanning tools - **Compliance Checking**: Verify compliance with coding standards ## Support ### Getting Help - Check the troubleshooting section above - Review the configuration options - Ensure your OpenAI API key is valid and has sufficient credits - Verify your component directory structure ### Contributing The code review feature is designed to be extensible. You can: - Customize review prompts for your specific needs - Add support for additional file types - Enhance the HTML report templates - Integrate with additional tools and services --- **Note**: The OpenAI code review feature requires an active OpenAI API key and internet connectivity. API usage is subject to OpenAI's pricing and rate limits.