Install/run via webhooks service

The webhooks service is best suited for continuous, automated reviews.

Prerequisites

Minimum System Requirements

A machine with the following minimum specifications is recommended for Docker image deployment and for obtaining optimal performance of the AI Code Review Agent.

Requirement

Minimum Specification

CPU Cores

RAM

8 GB

Hard Disk Drive

80 GB

Supported Operating Systems

Windows
Linux
macOS

OS Prerequisites

Operating System

Installation Steps

Linux

You will need:

Bash (minimum version 4.x)
- For Debian and Ubuntu systems
  sudo apt-get install bash
- For CentOS and other RPM-based systems
  sudo yum install bash

Docker (minimum version 20.x)

macOS

You will need:

Bash (minimum version 4.x)
brew install bash

Docker (minimum version 20.x)

Windows

You will need:

PowerShell (minimum version 5.x)
- Note: In PowerShell version 7.x, run Set-ExecutionPolicy Unrestricted command. It allows the execution of scripts without any constraints, which is essential for running scripts that are otherwise blocked by default security settings.

Docker (minimum version 20.x)

Required Access Tokens

Installation and Configuration Steps

Server Requirement: Ensure you have a server with a domain name or IP address.
Start Docker: Initialize Docker on your server.
- git clone https://github.com/gitbito/CodeReviewAgent.git
Open the repository folder:
- Navigate to the repository folder and then to the “cra-scripts” subfolder.

Note the full path to the “cra-scripts” folder for later use.

Open Command Line:
- Use Bash for Linux and macOS.
- Use PowerShell for Windows.
Set Directory:
- Change the current directory in Bash/PowerShell to the “cra-scripts” folder.
- Example command: cd [Path to cra-scripts folder]
- Note: Adjust the path based on where you cloned the repository on your system.

Configure Properties:
- Set mandatory properties:
  - mode = server
  - bito_cli.bito.access_key
  - git.access_token
- Optional properties (can be skipped or set as needed):
  - git.provider
  - git.domain
  - code_feedback
  - static_analysis
  - dependency_check
  - dependency_check.snyk_auth_token
  - server_port
  - review_scope
  - exclude_branches
  - exclude_files
  - exclude_draft_pr

Note: Valid values for git.provider are GITHUB or GITLAB.

Run the Agent:
- On Linux/macOS in Bash:
  - Run ./bito-cra.sh service start bito-cra.properties
  - Note: It will provide the Git Webhook secret in encrypted format.
- On Windows in PowerShell:
  - Install OpenSSL
  - Run ./bito-cra.ps1 service start bito-cra.properties
  - Note: It will provide the Git Webhook secret in encrypted format.

This step might take time initially as it pulls the Docker image and performs the code review.

Provide Missing Property Values: The script may prompt for values of mandatory/optional properties if they are not preconfigured.
Copy Webhook Secret: During the script execution, a webhook secret is generated and displayed in the shell. Copy the secret displayed under "Use below as Gitlab and Github Webhook secret:" for use in GitHub or GitLab when setting up the webhook.

Webhook Setup Guide

Navigate to the main page of the repository. Under your repository name, click Settings.
In the left sidebar, click Webhooks.
Click Add webhook.
Under Payload URL, enter the URL of the webhook endpoint. This is the server's URL to receive webhook payloads.
- Note: The GitHub Payload URL should follow this format: https://<domain name/ip-address>/api/v1/github_webhooks, where https://<domain name/ip-address> should be mapped to Bito's AI Code Review Agent container, which runs as a service on a configured TCP port such as 10051. Essentially, you need to append the string "/api/v1/github_webhooks" (without quotes) to the URL where the AI Code Review Agent is running.
- For example, a typical webhook URL would be https://cra.example.com/api/v1/github_webhooks
Select the Content type “application/json” for JSON payloads.
In Secret token, enter the webhook secret token that you copied above. It is used to validate payloads.
Click on Let me select individual events to select the events that you want to trigger the webhook. For code review select these:
- Issue comments - To enable Code Review on-demand by issuing a command in the PR comment.
- Pull requests - To auto-trigger Code Review when a pull request is created.
- Pull request review comments - So, you can share feedback on the review quality by answering the feedback question in the code review comment.
To make the webhook active immediately after adding the configuration, select Active.
Click Add webhook.

Select the repository where the webhook needs to be configured.
On the left sidebar, select Settings > Webhooks.
Select Add new webhook.
In URL, enter the URL of the webhook endpoint. This is the server's URL to receive webhook payloads.
- Note: The GitLab webhook URL should follow this format: https://<domain name/ip-address>/api/v1/gitlab_webhooks, where https://<domain name/ip-address> should be mapped to Bito's AI Code Review Agent container, which runs as a service on a configured TCP port such as 10051. Essentially, you need to append the string "/api/v1/gitlab_webhooks" (without quotes) to the URL where the AI Code Review Agent is running.
- For example, a typical webhook URL would be https://cra.example.com/api/v1/gitlab_webhooks
In Secret token, enter the webhook secret token that you copied above. It is used to validate payloads.
In the Trigger section, select the events to trigger the webhook. For code review select these:
- Comments - for on-demand code review.
- Merge request events - for automatic code review when a merge request is created.
- Emoji events - So, you can share feedback on the review quality using emoji reactions.
Select Add webhook.

Navigate to the main page of the repository. Under your repository name, click Repository Settings.
In the left sidebar, click Webhooks.
Click Add webhook.
Under URL, enter the URL of the webhook endpoint. This is the server's URL to receive webhook payloads.
- Note: The BitBucket Payload URL should follow this format: https://<domain name/ip-address>/api/v1/bitbucket_webhooks, where https://<domain name/ip-address> should be mapped to Bito's AI Code Review Agent container, which runs as a service on a configured TCP port such as 10051. Essentially, you need to append the string "/api/v1/bitbucket_webhooks" (without quotes) to the URL where the AI Code Review Agent is running.
- For example, a typical webhook URL would be https://cra.example.com/api/v1/bitbucket_webhooks
In Secret token, enter the webhook secret token that you copied above. It is used to validate payloads.
In the Triggers section, select the events to trigger the webhook. For code review select these:
- Pull Request > Comment created - for on-demand code review.
- Pull Request > Created - for automatic code review when a merge request is created.
Select Save.

Using the AI Code Review Agent

After configuring the webhook, you can invoke the AI Code Review Agent in the following ways:

Automated Code Review: If the webhook is configured to be triggered on the Pull requests event (for GitHub) or Merge request event (for GitLab), the agent will automatically review new pull requests as soon as they are created and post the review feedback as a comment within your PR.
Manually Trigger Code Review: To start the process, simply type /review in the comment box on the pull request and submit it. If the webhook is configured to be triggered on the Issue comments event (for GitHub) or Comments event (for GitLab), this action will initiate the code review process. The /review command prompts the agent to review the pull request and post its feedback directly in the PR as a comment.
Bito also offers specialized commands that are designed to provide detailed insights into specific areas of your source code, including security, performance, scalability, code structure, and optimization.
- /review security: Analyzes code to identify security vulnerabilities and ensure secure coding practices.
- /review performance: Evaluates code for performance issues, identifying slow or resource-heavy areas.
- /review scalability: Assesses the code's ability to handle increased usage and scale effectively.
- /review codeorg: Scans for readability and maintainability, promoting clear and efficient code organization.
- /review codeoptimize: Identifies optimization opportunities to enhance code efficiency and reduce resource usage.
By default, the /review command generates inline comments, meaning that code suggestions are inserted directly beneath the code diffs in each file. This approach provides a clearer view of the exact lines requiring improvement. However, if you prefer a code review in a single post rather than separate inline comments under the diffs, you can include the optional parameter: /review #inline_comment=False

It may take a few minutes to get the code review posted as a comment, depending on the size of the pull request.

Screenshots

Screenshot # 1

AI-generated pull request (PR) summary

Screenshot # 2

Changelist showing key changes and impacted files in a pull request.

Screenshot # 3

AI code review feedback posted as comments on the pull request.

How to update the self-hosted AI Code Review Agent

Please follow these steps:

Update the Agent's repository:
- git pull origin main
Restart the Docker container:
- To restart the Docker container running as a service, use the below command.
- On Linux/macOS in Bash: Run ./bito-cra.sh service restart bito-cra.properties
- On Windows in PowerShell: Run ./bito-cra.ps1 service restart bito-cra.properties

Stop Docker Container

To stop the Docker container running as a service, use the below command.

On Linux/macOS in Bash: Run ./bito-cra.sh service stop
On Windows in PowerShell: Run ./bito-cra.ps1 service stop

Check Status

To check the status of Docker container running as a service, use the below command.

On Linux/macOS in Bash: Run ./bito-cra.sh service status
On Windows in PowerShell: Run ./bito-cra.ps1 service status

PreviousInstall/run via CLI NextInstall/run via GitHub Actions

Last updated 5 months ago

Was this helpful?

Install/run via webhooks service

The webhooks service is best suited for continuous, automated reviews.

Prerequisites

Minimum System Requirements

A machine with the following minimum specifications is recommended for Docker image deployment and for obtaining optimal performance of the AI Code Review Agent.

Requirement

Minimum Specification

CPU Cores

RAM

8 GB

Hard Disk Drive

80 GB

Supported Operating Systems

Windows
Linux
macOS

OS Prerequisites

Operating System

Installation Steps

Linux

You will need:

Bash (minimum version 4.x)
- For Debian and Ubuntu systems
  sudo apt-get install bash
- For CentOS and other RPM-based systems
  sudo yum install bash

Docker (minimum version 20.x)

macOS

You will need:

Bash (minimum version 4.x)
brew install bash

Docker (minimum version 20.x)

Windows

You will need:

PowerShell (minimum version 5.x)
- Note: In PowerShell version 7.x, run Set-ExecutionPolicy Unrestricted command. It allows the execution of scripts without any constraints, which is essential for running scripts that are otherwise blocked by default security settings.

Docker (minimum version 20.x)

Required Access Tokens

Bito Access Key: Obtain your Bito Access Key.
GitHub Personal Access Token (Classic): For GitHub PR code reviews, ensure you have a CLASSIC personal access token with repo access. We do not support fine-grained tokens currently.

GitLab Personal Access Token: For GitLab PR code reviews, a token with API access is required.

Snyk API Token (Auth Token): For Snyk vulnerability reports, obtain a Snyk API Token.

Installation and Configuration Steps

Prerequisites: Before proceeding, ensure you've completed all necessary AI Code Review Agent.
Server Requirement: Ensure you have a server with a domain name or IP address.
Start Docker: Initialize Docker on your server.
Clone the repository: GitHub repository to your server using the following command:
- git clone https://github.com/gitbito/CodeReviewAgent.git
- Note: It is recommended to clone the repository instead of downloading the .zip file. This approach allows you to easily later using the git pull command.
Open the repository folder:
- Navigate to the repository folder and then to the “cra-scripts” subfolder.

Note the full path to the “cra-scripts” folder for later use.

Open Command Line:
- Use Bash for Linux and macOS.
- Use PowerShell for Windows.
Set Directory:
- Change the current directory in Bash/PowerShell to the “cra-scripts” folder.
- Example command: cd [Path to cra-scripts folder]
- Note: Adjust the path based on where you cloned the repository on your system.

Configure Properties:
- Open the bito-cra.properties file in a text editor from the “cra-scripts” folder. Detailed information for each property is provided on page.
- Set mandatory properties:
  - mode = server
  - bito_cli.bito.access_key
  - git.access_token
- Optional properties (can be skipped or set as needed):
  - git.provider
  - git.domain
  - code_feedback
  - static_analysis
  - dependency_check
  - dependency_check.snyk_auth_token
  - server_port
  - review_scope
  - exclude_branches
  - exclude_files
  - exclude_draft_pr

Note: Valid values for git.provider are GITHUB or GITLAB.

Note: Detailed information for each property is provided on page.

Check the guide to learn more about creating the access tokens needed to configure the Agent.

Run the Agent:
- On Linux/macOS in Bash:
  - Run ./bito-cra.sh service start bito-cra.properties
  - Note: It will provide the Git Webhook secret in encrypted format.
- On Windows in PowerShell:
  - Install OpenSSL
    Reference-1:
    Reference-2:
  - Run ./bito-cra.ps1 service start bito-cra.properties
  - Note: It will provide the Git Webhook secret in encrypted format.

This step might take time initially as it pulls the Docker image and performs the code review.

Provide Missing Property Values: The script may prompt for values of mandatory/optional properties if they are not preconfigured.
Copy Webhook Secret: During the script execution, a webhook secret is generated and displayed in the shell. Copy the secret displayed under "Use below as Gitlab and Github Webhook secret:" for use in GitHub or GitLab when setting up the webhook.

Webhook Setup Guide

Login to your account.
Navigate to the main page of the repository. Under your repository name, click Settings.
In the left sidebar, click Webhooks.
Click Add webhook.
Under Payload URL, enter the URL of the webhook endpoint. This is the server's URL to receive webhook payloads.
- Note: The GitHub Payload URL should follow this format: https://<domain name/ip-address>/api/v1/github_webhooks, where https://<domain name/ip-address> should be mapped to Bito's AI Code Review Agent container, which runs as a service on a configured TCP port such as 10051. Essentially, you need to append the string "/api/v1/github_webhooks" (without quotes) to the URL where the AI Code Review Agent is running.
- For example, a typical webhook URL would be https://cra.example.com/api/v1/github_webhooks
Select the Content type “application/json” for JSON payloads.
In Secret token, enter the webhook secret token that you copied above. It is used to validate payloads.
Click on Let me select individual events to select the events that you want to trigger the webhook. For code review select these:
- Issue comments - To enable Code Review on-demand by issuing a command in the PR comment.
- Pull requests - To auto-trigger Code Review when a pull request is created.
- Pull request review comments - So, you can share feedback on the review quality by answering the feedback question in the code review comment.
To make the webhook active immediately after adding the configuration, select Active.
Click Add webhook.

Login to your account.
Select the repository where the webhook needs to be configured.
On the left sidebar, select Settings > Webhooks.
Select Add new webhook.
In URL, enter the URL of the webhook endpoint. This is the server's URL to receive webhook payloads.
- Note: The GitLab webhook URL should follow this format: https://<domain name/ip-address>/api/v1/gitlab_webhooks, where https://<domain name/ip-address> should be mapped to Bito's AI Code Review Agent container, which runs as a service on a configured TCP port such as 10051. Essentially, you need to append the string "/api/v1/gitlab_webhooks" (without quotes) to the URL where the AI Code Review Agent is running.
- For example, a typical webhook URL would be https://cra.example.com/api/v1/gitlab_webhooks
In Secret token, enter the webhook secret token that you copied above. It is used to validate payloads.
In the Trigger section, select the events to trigger the webhook. For code review select these:
- Comments - for on-demand code review.
- Merge request events - for automatic code review when a merge request is created.
- Emoji events - So, you can share feedback on the review quality using emoji reactions.
Select Add webhook.

Login to your account.
Navigate to the main page of the repository. Under your repository name, click Repository Settings.
In the left sidebar, click Webhooks.
Click Add webhook.
Under URL, enter the URL of the webhook endpoint. This is the server's URL to receive webhook payloads.
- Note: The BitBucket Payload URL should follow this format: https://<domain name/ip-address>/api/v1/bitbucket_webhooks, where https://<domain name/ip-address> should be mapped to Bito's AI Code Review Agent container, which runs as a service on a configured TCP port such as 10051. Essentially, you need to append the string "/api/v1/bitbucket_webhooks" (without quotes) to the URL where the AI Code Review Agent is running.
- For example, a typical webhook URL would be https://cra.example.com/api/v1/bitbucket_webhooks
In Secret token, enter the webhook secret token that you copied above. It is used to validate payloads.
In the Triggers section, select the events to trigger the webhook. For code review select these:
- Pull Request > Comment created - for on-demand code review.
- Pull Request > Created - for automatic code review when a merge request is created.
Select Save.

Using the AI Code Review Agent

After configuring the webhook, you can invoke the AI Code Review Agent in the following ways:

Note: To improve efficiency, the AI Code Review Agent is disabled by default for pull requests involving the "main" branch. This prevents unnecessary processing and token usage, as changes to the "main" branch are typically already reviewed in release or feature branches. To change this default behavior and include the "main" branch, please .

Automated Code Review: If the webhook is configured to be triggered on the Pull requests event (for GitHub) or Merge request event (for GitLab), the agent will automatically review new pull requests as soon as they are created and post the review feedback as a comment within your PR.
Manually Trigger Code Review: To start the process, simply type /review in the comment box on the pull request and submit it. If the webhook is configured to be triggered on the Issue comments event (for GitHub) or Comments event (for GitLab), this action will initiate the code review process. The /review command prompts the agent to review the pull request and post its feedback directly in the PR as a comment.
Bito also offers specialized commands that are designed to provide detailed insights into specific areas of your source code, including security, performance, scalability, code structure, and optimization.
- /review security: Analyzes code to identify security vulnerabilities and ensure secure coding practices.
- /review performance: Evaluates code for performance issues, identifying slow or resource-heavy areas.
- /review scalability: Assesses the code's ability to handle increased usage and scale effectively.
- /review codeorg: Scans for readability and maintainability, promoting clear and efficient code organization.
- /review codeoptimize: Identifies optimization opportunities to enhance code efficiency and reduce resource usage.
By default, the /review command generates inline comments, meaning that code suggestions are inserted directly beneath the code diffs in each file. This approach provides a clearer view of the exact lines requiring improvement. However, if you prefer a code review in a single post rather than separate inline comments under the diffs, you can include the optional parameter: /review #inline_comment=False
For more details, refer to .

It may take a few minutes to get the code review posted as a comment, depending on the size of the pull request.

Screenshots

Screenshot # 1

AI-generated pull request (PR) summary

Screenshot # 2

Changelist showing key changes and impacted files in a pull request.

Screenshot # 3

AI code review feedback posted as comments on the pull request.

How to update the self-hosted AI Code Review Agent

Please follow these steps:

Update the Agent's repository:
- Pull the latest changes from the repository by running the following command in your terminal, ensuring you are inside the repository folder:
- git pull origin main
Restart the Docker container:
- To restart the Docker container running as a service, use the below command.
- On Linux/macOS in Bash: Run ./bito-cra.sh service restart bito-cra.properties
- On Windows in PowerShell: Run ./bito-cra.ps1 service restart bito-cra.properties