Install/run via webhooks service
The webhooks service is best suited for continuous, automated reviews.
Prerequisites
Minimum System Requirements
A machine with the following minimum specifications is recommended for Docker image deployment and for obtaining optimal performance of the AI Code Review Agent.
CPU Cores
4
RAM
8 GB
Hard Disk Drive
80 GB
Supported Operating Systems
Windows
Linux
macOS
OS Prerequisites
Linux
You will need:
Bash (minimum version 4.x)
For Debian and Ubuntu systems
sudo apt-get install bash
For CentOS and other RPM-based systems
sudo yum install bash
Docker (minimum version 20.x)
macOS
Windows
You will need:
PowerShell (minimum version 5.x)
Note: In PowerShell version 7.x, run
Set-ExecutionPolicy Unrestricted
command. It allows the execution of scripts without any constraints, which is essential for running scripts that are otherwise blocked by default security settings.
Docker (minimum version 20.x)
Required Access Tokens
Bito Access Key: Obtain your Bito Access Key. View Guide
GitHub Personal Access Token (Classic): For GitHub PR code reviews, ensure you have a CLASSIC personal access token with repo access. We do not support fine-grained tokens currently. View Guide
GitLab Personal Access Token: For GitLab PR code reviews, a token with API access is required. View Guide
Snyk API Token (Auth Token): For Snyk vulnerability reports, obtain a Snyk API Token. View Guide
Installation and Configuration Steps
Prerequisites: Before proceeding, ensure you've completed all necessary prerequisites for self-hosted AI Code Review Agent.
Server Requirement: Ensure you have a server with a domain name or IP address.
Start Docker: Initialize Docker on your server.
Clone the repository: Clone the AI Code Review Agent GitHub repository to your server using the following command:
git clone https://github.com/gitbito/CodeReviewAgent.git
Note: It is recommended to clone the repository instead of downloading the .zip file. This approach allows you to easily update the Agent later using the
git pull
command.
Open the repository folder:
Navigate to the repository folder and then to the “cra-scripts” subfolder.
Note the full path to the “cra-scripts” folder for later use.
Open Command Line:
Use Bash for Linux and macOS.
Use PowerShell for Windows.
Set Directory:
Change the current directory in Bash/PowerShell to the “cra-scripts” folder.
Example command:
cd [Path to cra-scripts folder]
Note: Adjust the path based on where you cloned the repository on your system.
Configure Properties:
Open the bito-cra.properties file in a text editor from the “cra-scripts” folder. Detailed information for each property is provided on Agent Configuration: bito-cra.properties File page.
Set mandatory properties:
mode = server
bito_cli.bito.access_key
git.access_token
Optional properties (can be skipped or set as needed):
git.provider
git.domain
code_feedback
static_analysis
dependency_check
dependency_check.snyk_auth_token
server_port
review_scope
exclude_branches
exclude_files
exclude_draft_pr
Note: Valid values for git.provider are GITHUB or GITLAB.
Note: Detailed information for each property is provided on Agent Configuration: bito-cra.properties File page.
Check the Required Access Tokens guide to learn more about creating the access tokens needed to configure the Agent.
Run the Agent:
On Linux/macOS in Bash:
Run
./bito-cra.sh service start bito-cra.properties
Note: It will provide the Git Webhook secret in encrypted format.
On Windows in PowerShell:
Install OpenSSL
Reference-1: https://wiki.openssl.org/index.php/Binaries
Reference-2: https://slproweb.com/products/Win32OpenSSL.html
Run
./bito-cra.ps1 service start bito-cra.properties
Note: It will provide the Git Webhook secret in encrypted format.
This step might take time initially as it pulls the Docker image and performs the code review.
Provide Missing Property Values: The script may prompt for values of mandatory/optional properties if they are not preconfigured.
Copy Webhook Secret: During the script execution, a webhook secret is generated and displayed in the shell. Copy the secret displayed under "Use below as Gitlab and Github Webhook secret:" for use in GitHub or GitLab when setting up the webhook.
Webhook Setup Guide
Login to your GitHub account.
Navigate to the main page of the repository. Under your repository name, click Settings.
In the left sidebar, click Webhooks.
Click Add webhook.
Under Payload URL, enter the URL of the webhook endpoint. This is the server's URL to receive webhook payloads.
Note: The GitHub Payload URL should follow this format:
https://<domain name/ip-address>/api/v1/github_webhooks
, wherehttps://<domain name/ip-address>
should be mapped to Bito's AI Code Review Agent container, which runs as a service on a configured TCP port such as 10051. Essentially, you need to append the string "/api/v1/github_webhooks" (without quotes) to the URL where the AI Code Review Agent is running.For example, a typical webhook URL would be
https://cra.example.com/api/v1/github_webhooks
Select the Content type “application/json” for JSON payloads.
In Secret token, enter the webhook secret token that you copied above. It is used to validate payloads.
Click on Let me select individual events to select the events that you want to trigger the webhook. For code review select these:
Issue comments - To enable Code Review on-demand by issuing a command in the PR comment.
Pull requests - To auto-trigger Code Review when a pull request is created.
Pull request review comments - So, you can share feedback on the review quality by answering the feedback question in the code review comment.
To make the webhook active immediately after adding the configuration, select Active.
Click Add webhook.
Login to your GitLab account.
Select the repository where the webhook needs to be configured.
On the left sidebar, select Settings > Webhooks.
Select Add new webhook.
In URL, enter the URL of the webhook endpoint. This is the server's URL to receive webhook payloads.
Note: The GitLab webhook URL should follow this format:
https://<domain name/ip-address>/api/v1/gitlab_webhooks
, wherehttps://<domain name/ip-address>
should be mapped to Bito's AI Code Review Agent container, which runs as a service on a configured TCP port such as 10051. Essentially, you need to append the string "/api/v1/gitlab_webhooks" (without quotes) to the URL where the AI Code Review Agent is running.For example, a typical webhook URL would be
https://cra.example.com/api/v1/gitlab_webhooks
In Secret token, enter the webhook secret token that you copied above. It is used to validate payloads.
In the Trigger section, select the events to trigger the webhook. For code review select these:
Comments - for on-demand code review.
Merge request events - for automatic code review when a merge request is created.
Emoji events - So, you can share feedback on the review quality using emoji reactions.
Select Add webhook.
BitBucket Webhook Setup Guide:
Login to your BitBucket account.
Navigate to the main page of the repository. Under your repository name, click Repository Settings.
In the left sidebar, click Webhooks.
Click Add webhook.
Under URL, enter the URL of the webhook endpoint. This is the server's URL to receive webhook payloads.
Note: The BitBucket Payload URL should follow this format:
https://<domain name/ip-address>/api/v1/bitbucket_webhooks
, wherehttps://<domain name/ip-address>
should be mapped to Bito's AI Code Review Agent container, which runs as a service on a configured TCP port such as 10051. Essentially, you need to append the string "/api/v1/bitbucket_webhooks" (without quotes) to the URL where the AI Code Review Agent is running.For example, a typical webhook URL would be
https://cra.example.com/api/v1/bitbucket_webhooks
In Secret token, enter the webhook secret token that you copied above. It is used to validate payloads.
In the Triggers section, select the events to trigger the webhook. For code review select these:
Pull Request > Comment created - for on-demand code review.
Pull Request > Created - for automatic code review when a merge request is created.
Select Save.
Using the AI Code Review Agent
After configuring the webhook, you can invoke the AI Code Review Agent in the following ways:
Note: To improve efficiency, the AI Code Review Agent is disabled by default for pull requests involving the "main" branch. This prevents unnecessary processing and token usage, as changes to the "main" branch are typically already reviewed in release or feature branches. To change this default behavior and include the "main" branch, please contact support.
Automated Code Review: If the webhook is configured to be triggered on the Pull requests event (for GitHub) or Merge request event (for GitLab), the agent will automatically review new pull requests as soon as they are created and post the review feedback as a comment within your PR.
Manually Trigger Code Review: To start the process, simply type
/review
in the comment box on the pull request and submit it. If the webhook is configured to be triggered on the Issue comments event (for GitHub) or Comments event (for GitLab), this action will initiate the code review process. The/review
command prompts the agent to review the pull request and post its feedback directly in the PR as a comment.Bito also offers specialized commands that are designed to provide detailed insights into specific areas of your source code, including security, performance, scalability, code structure, and optimization.
/review security
: Analyzes code to identify security vulnerabilities and ensure secure coding practices./review performance
: Evaluates code for performance issues, identifying slow or resource-heavy areas./review scalability
: Assesses the code's ability to handle increased usage and scale effectively./review codeorg
: Scans for readability and maintainability, promoting clear and efficient code organization./review codeoptimize
: Identifies optimization opportunities to enhance code efficiency and reduce resource usage.
By default, the
/review
command generates inline comments, meaning that code suggestions are inserted directly beneath the code diffs in each file. This approach provides a clearer view of the exact lines requiring improvement. However, if you prefer a code review in a single post rather than separate inline comments under the diffs, you can include the optional parameter:/review #inline_comment=False
For more details, refer to Available Commands.
It may take a few minutes to get the code review posted as a comment, depending on the size of the pull request.
Screenshots
Screenshot # 1
AI-generated pull request (PR) summary
Screenshot # 2
Changelist showing key changes and impacted files in a pull request.
Screenshot # 3
AI code review feedback posted as comments on the pull request.
How to update the self-hosted AI Code Review Agent
Please follow these steps:
Update the Agent's repository:
Pull the latest changes from the https://github.com/gitbito/CodeReviewAgent repository by running the following command in your terminal, ensuring you are inside the repository folder:
git pull origin main
Restart the Docker container:
To restart the Docker container running as a service, use the below command.
On Linux/macOS in Bash: Run
./bito-cra.sh service restart bito-cra.properties
On Windows in PowerShell: Run
./bito-cra.ps1 service restart bito-cra.properties
Stop Docker Container
To stop the Docker container running as a service, use the below command.
On Linux/macOS in Bash: Run
./bito-cra.sh service stop
On Windows in PowerShell: Run
./bito-cra.ps1 service stop
Check Status
To check the status of Docker container running as a service, use the below command.
On Linux/macOS in Bash: Run
./bito-cra.sh service status
On Windows in PowerShell: Run
./bito-cra.ps1 service status
Last updated