Install/run via webhooks service

The webhooks service is best suited for continuous, automated reviews.

Installation and Configuration Steps

Prerequisites: Before proceeding, ensure you've completed all necessary prerequisites for self-hosted AI Code Review Agent.
Server Requirement: Ensure you have a server with a domain name or IP address.
Start Docker: Initialize Docker on your server.
Clone the repository: Clone the AI Code Review Agent GitHub repository to your server using the following command:
- git clone https://github.com/gitbito/CodeReviewAgent.git
- Note: It is recommended to clone the repository instead of downloading the .zip file. This approach allows you to easily update the Agent later using the git pull command.
Open the repository folder:
- Navigate to the repository folder and then to the “cra-scripts” subfolder.

Note the full path to the “cra-scripts” folder for later use.

Open Command Line:
- Use Bash for Linux and macOS.
- Use PowerShell for Windows.
Set Directory:
- Change the current directory in Bash/PowerShell to the “cra-scripts” folder.
- Example command: cd [Path to cra-scripts folder]
- Note: Adjust the path based on where you cloned the repository on your system.

Configure Properties:
- Open the bito-cra.properties file in a text editor from the “cra-scripts” folder. Detailed information for each property is provided on Agent Configuration: bito-cra.properties File page.
- Set mandatory properties:
  - mode = server
  - bito_cli.bito.access_key
  - git.access_token
- Optional properties (can be skipped or set as needed):
  - git.provider
  - git.domain
  - code_feedback
  - static_analysis
  - dependency_check
  - dependency_check.snyk_auth_token
  - server_port
  - review_scope
  - exclude_branches
  - exclude_files
  - exclude_draft_pr

Note: Detailed information for each property is provided on Agent Configuration: bito-cra.properties File page.

Check the Required Access Tokens guide to learn more about creating the access tokens needed to configure the Agent.

Run the Agent:
- On Linux/macOS in Bash:
  - Run ./bito-cra.sh service start bito-cra.properties
  - Note: It will provide the Git Webhook secret in encrypted format.
- On Windows in PowerShell:
  - Install OpenSSL
    Reference-1: https://wiki.openssl.org/index.php/Binaries
    Reference-2: https://slproweb.com/products/Win32OpenSSL.html
  - Run ./bito-cra.ps1 service start bito-cra.properties
  - Note: It will provide the Git Webhook secret in encrypted format.

This step might take time initially as it pulls the Docker image and performs the code review.

Provide Missing Property Values: The script may prompt for values of mandatory/optional properties if they are not preconfigured.
Copy Webhook Secret: During the script execution, a webhook secret is generated and displayed in the shell. Copy the secret displayed under "Use below as Gitlab and Github Webhook secret:" for use in GitHub or GitLab when setting up the webhook.

Webhook Setup Guide

GitHub Webhook Setup Guide:

Login to your GitHub account.
Navigate to the main page of the repository. Under your repository name, click Settings.
In the left sidebar, click Webhooks.
Click Add webhook.
Under Payload URL, enter the URL of the webhook endpoint. This is the server's URL to receive webhook payloads.
- Note: The GitHub Payload URL should follow this format: https://<domain name/ip-address>/api/v1/github_webhhooks, where https://<domain name/ip-address> should be mapped to Bito's AI Code Review Agent container, which runs as a service on a configured TCP port such as 10051. Essentially, you need to append the string "/api/v1/github_webhooks" (without quotes) to the URL where the AI Code Review Agent is running.
- For example, a typical webhook URL would be https://cra.example.com/api/v1/github_webhooks
Select the Content type “application/json” for JSON payloads.
In Secret token, enter the webhook secret token that you copied above. It is used to validate payloads.
Click on Let me select individual events to select the events that you want to trigger the webhook. For code review select these:
- Issue comments - To enable Code Review on-demand by issuing a command in the PR comment.
- Pull requests - To auto-trigger Code Review when a pull request is created.
- Pull request review comments - So, you can share feedback on the review quality by answering the feedback question in the code review comment.
To make the webhook active immediately after adding the configuration, select Active.
Click Add webhook.

GitLab Webhook Setup Guide:

Login to your GitLab account.
Select the repository where the webhook needs to be configured.
On the left sidebar, select Settings > Webhooks.
Select Add new webhook.
In URL, enter the URL of the webhook endpoint. This is the server's URL to receive webhook payloads.
- Note: The GitLab webhook URL should follow this format: https://<domain name/ip-address>/api/v1/gitlab_webhhooks, where https://<domain name/ip-address> should be mapped to Bito's AI Code Review Agent container, which runs as a service on a configured TCP port such as 10051. Essentially, you need to append the string "/api/v1/gitlab_webhooks" (without quotes) to the URL where the AI Code Review Agent is running.
- For example, a typical webhook URL would be https://cra.example.com/api/v1/gitlab_webhooks
In Secret token, enter the webhook secret token that you copied above. It is used to validate payloads.
In the Trigger section, select the events to trigger the webhook. For code review select these:
- Comments - for on-demand code review.
- Merge request events - for automatic code review when a merge request is created.
- Emoji events - So, you can share feedback on the review quality using emoji reactions.
Select Add webhook.

Using the AI Code Review Agent

After configuring the webhook, you can invoke the AI Code Review Agent in the following ways:

Note: To improve efficiency, the AI Code Review Agent is disabled by default for pull requests involving the "main" branch. This prevents unnecessary processing and token usage, as changes to the "main" branch are typically already reviewed in release or feature branches. To change this default behavior and include the "main" branch, please contact support.

Automated Code Review: If the webhook is configured to be triggered on the Pull requests event (for GitHub) or Merge request event (for GitLab), the agent will automatically review new pull requests as soon as they are created and post the review feedback as a comment within your PR.
Manually Trigger Code Review: To start the process, simply type /review in the comment box on the pull request and submit it. If the webhook is configured to be triggered on the Issue comments event (for GitHub) or Comments event (for GitLab), this action will initiate the code review process. The /review command prompts the agent to review the pull request and post its feedback directly in the PR as a comment.
Bito also offers specialized commands that are designed to provide detailed insights into specific areas of your source code, including security, performance, scalability, code structure, and optimization.
- /review security: Analyzes code to identify security vulnerabilities and ensure secure coding practices.
- /review performance: Evaluates code for performance issues, identifying slow or resource-heavy areas.
- /review scalability: Assesses the code's ability to handle increased usage and scale effectively.
- /review codeorg: Scans for readability and maintainability, promoting clear and efficient code organization.
- /review codeoptimize: Identifies optimization opportunities to enhance code efficiency and reduce resource usage.
By default, the /review command generates inline comments, meaning that code suggestions are inserted directly beneath the code diffs in each file. This approach provides a clearer view of the exact lines requiring improvement. However, if you prefer a code review in a single post rather than separate inline comments under the diffs, you can include the optional parameter: /review #inline_comment=False
For more details, refer to Available Commands.

It may take a few minutes to get the code review posted as a comment, depending on the size of the pull request.

How to update the self-hosted AI Code Review Agent

Please follow these steps:

Update the Agent's repository:
- Pull the latest changes from the https://github.com/gitbito/CodeReviewAgent repository by running the following command in your terminal, ensuring you are inside the repository folder:
- git pull origin main
Restart the Docker container:
- To restart the Docker container running as a service, use the below command.
- On Linux/macOS in Bash: Run ./bito-cra.sh service restart bito-cra.properties
- On Windows in PowerShell: Run ./bito-cra.ps1 service restart bito-cra.properties