Universal AI-powered automation for GitHub code review bots
Intelligent suggestion application and conflict resolution for CodeRabbit, GitHub Copilot, and custom review bots
- Problem Statement
- Quick Start
- Features
- Architecture
- Use Cases
- Environment Variables
- Documentation
- Contributing
- Project Status
- License
When multiple PR review comments suggest overlapping changes to the same file, traditional automation tools either:
- Skip all conflicting changes (losing valuable suggestions)
- Apply changes sequentially without conflict awareness (potentially breaking code)
- Require tedious manual resolution for every conflict
Review Bot Automator provides intelligent, semantic-aware conflict resolution that:
- β Understands code structure (JSON, YAML, TOML, Python, TypeScript)
- β Uses priority-based resolution (user selections, security fixes, syntax errors)
- β Supports semantic merging (combining non-conflicting changes automatically)
- β Learns from your decisions to improve over time
- β Provides detailed conflict analysis and actionable suggestions
pip install review-bot-automator# Set your GitHub token (required)
export GITHUB_PERSONAL_ACCESS_TOKEN="your_token_here"
# Analyze conflicts in a PR
pr-resolve analyze --owner VirtualAgentics --repo my-repo --pr 123
# Apply suggestions with conflict resolution
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123 --strategy priority
# Apply only conflicting changes
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123 --mode conflicts-only
# Simulate without applying changes (dry-run mode)
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123 --mode dry-run
# Use parallel processing for large PRs
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123 --parallel --max-workers 8
# Load configuration from file
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123 --config config.yamlEnable AI-powered features with your choice of LLM provider using zero-config presets:
# β¨ NEW: Zero-config presets for instant setup
# Option 1: Codex CLI (free with GitHub Copilot subscription)
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123 \
--llm-preset codex-cli-free
# Option 2: Local Ollama π (free, private) - REDUCES THIRD-PARTY LLM VENDOR EXPOSURE
./scripts/setup_ollama.sh # One-time install
./scripts/download_ollama_models.sh # Download model
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123 \
--llm-preset ollama-local
# π Reduces third-party LLM vendor exposure (OpenAI/Anthropic never see comments)
# β
Simpler compliance (one fewer data processor for GDPR, HIPAA, SOC2)
# β οΈ Note: GitHub/CodeRabbit still have access (required for PR workflow)
# See docs/ollama-setup.md for setup | docs/privacy-architecture.md for privacy details
# Option 3: Claude CLI (requires Claude subscription)
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123 \
--llm-preset claude-cli-sonnet
# Option 4: OpenAI API (pay-per-use, ~$0.01 per PR)
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123 \
--llm-preset openai-api-mini \
--llm-api-key sk-...
# Option 5: Anthropic API (balanced cost/performance)
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123 \
--llm-preset anthropic-api-balanced \
--llm-api-key sk-ant-...Available presets: codex-cli-free, ollama-local π, claude-cli-sonnet, openai-api-mini, anthropic-api-balanced
Privacy Note: Ollama (ollama-local) reduces third-party LLM vendor exposure by processing review comments locally. OpenAI/Anthropic never see your code, simplifying compliance. Note: GitHub and CodeRabbit still have access (required for PR workflow). See Privacy Architecture for details.
# Anthropic (recommended - 50-90% cost savings with caching)
export CR_LLM_ENABLED="true"
export CR_LLM_PROVIDER="anthropic"
export CR_LLM_API_KEY="sk-ant-..." # Get from https://console.anthropic.com/
# OpenAI
export CR_LLM_ENABLED="true"
export CR_LLM_PROVIDER="openai"
export CR_LLM_API_KEY="sk-..." # Get from https://platform.openai.com/api-keys
# Then use as normal
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123Documentation:
- LLM Configuration Guide - All provider options and setup
- Privacy Architecture - Privacy comparison and compliance
- Local LLM Operation Guide - Local LLM setup with Ollama
- Privacy FAQ - Common privacy questions
from review_bot_automator import ConflictResolver
from review_bot_automator.config import PresetConfig
resolver = ConflictResolver(config=PresetConfig.BALANCED)
results = resolver.resolve_pr_conflicts(
owner="VirtualAgentics",
repo="my-repo",
pr_number=123
)
print(f"Applied: {results.applied_count}")
print(f"Conflicts: {results.conflict_count}")
print(f"Success rate: {results.success_rate}%")- Semantic Understanding: Analyzes JSON, YAML, TOML structure, not just text
- Conflict Categorization: Exact, major, partial, minor, disjoint-keys, semantic-duplicate
- Impact Assessment: Evaluates scope, risk level, and criticality of changes
- Actionable Suggestions: Provides specific guidance for each conflict
- Priority-Based: User selections > Security fixes > Syntax errors > Regular suggestions
- Semantic Merging: Combines non-conflicting changes in structured files
- Sequential Application: Applies compatible changes in optimal order
- Defer to User: Escalates complex conflicts for manual review
- JSON: Duplicate key detection, key-level merging
- YAML: Comment preservation, structure-aware merging
- TOML: Section merging, format preservation
- Python/TypeScript: AST-aware analysis (planned)
- 5 Provider Types: OpenAI API, Anthropic API, Claude CLI, Codex CLI, Ollama (all production-ready)
- GPU Acceleration: Ollama supports NVIDIA CUDA, AMD ROCm, Apple Metal with automatic detection
- HTTP Connection Pooling: Optimized for concurrent requests (10 connections per provider)
- Auto-Download: Ollama can automatically download models when not available
- Cost Optimization: Prompt caching reduces Anthropic costs by 50-90%
- Retry Logic: Exponential backoff for transient failures (all providers)
- Flexible Deployment: API-based, CLI-based, or local inference
- Provider Selection: Choose based on cost, privacy, or performance needs
- Health Checks: Automatic provider validation before use
- ML-Assisted Priority: Learns from your resolution decisions
- Metrics Tracking: Monitors success rates, resolution times, strategy effectiveness
- Conflict Caching: Reuses analysis for similar conflicts
- Performance: Parallel processing for large PRs
- Conservative: Skip all conflicts, manual review required
- Balanced: Priority system + semantic merging (default)
- Aggressive: Maximize automation, user selections always win
- Semantic: Focus on structure-aware merging for config files
- all: Apply both conflicting and non-conflicting changes (default)
- conflicts-only: Apply only changes that have conflicts
- non-conflicts-only: Apply only changes without conflicts
- dry-run: Analyze and report without applying any changes
- Automatic Rollback: Git-based checkpointing with automatic rollback on failure
- Pre-Application Validation: Validates changes before applying (optional)
- File Integrity Checks: Verifies file safety and containment
- Detailed Logging: Comprehensive logging for debugging and audit trails
Configure via multiple sources with precedence chain: CLI flags > Environment variables > Config file > Defaults
- Configuration Files: Load settings from YAML or TOML files
- Environment Variables: Set options using
CR_*prefix variables - CLI Overrides: Override any setting via command-line flags
See .env.example for available environment variables.
- Getting Started Guide - Installation, setup, and first steps
- Configuration Reference - Complete configuration options
- LLM Configuration Guide - LLM providers, presets, and advanced configuration
- Ollama Setup Guide - Comprehensive Ollama installation and setup
- Rollback System - Automatic rollback and recovery
- Parallel Processing - Performance tuning guide
- Migration Guide - Upgrading from earlier versions
- Troubleshooting - Common issues and solutions
- API Reference - Python API documentation
- Conflict Types Explained - Understanding conflict categories
- Resolution Strategies - Strategy selection guide
- Performance Benchmarks - LLM provider performance comparison
- Architecture Overview - System design and components
- Contributing Guide - How to contribute
- Security Policy - Vulnerability reporting, security features
- Security Architecture - Design principles, threat model
- Threat Model - STRIDE analysis, risk assessment
- Incident Response - Security incident procedures
- Compliance - GDPR, OWASP, SOC2, OpenSSF
- Security Testing - Testing guide, fuzzing, SAST
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β GitHub PR Comments β
β (CodeRabbit, Review Bot) β
ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Comment Parser & Extractor β
β (Suggestions, Diffs, Codemods, Multi-Options) β
ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Conflict Detection Engine β
β β’ Fingerprinting β’ Overlap Analysis β’ Semantic Check β
ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ
β
βββββββββββββ΄βββββββββββ
βΌ βΌ
ββββββββββββββββββββ ββββββββββββββββββββ
β File Handlers β β Priority System β
β β’ JSON β β β’ User Selected β
β β’ YAML β β β’ Security Fix β
β β’ TOML β β β’ Syntax Error β
β β’ Python β β β’ Regular β
βββββββββββ¬βββββββββ ββββββββββ¬ββββββββββ
β β
ββββββββββββ¬βββββββββββ
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Resolution Strategy Selector β
β β’ Skip β’ Override β’ Merge β’ Sequential β’ Defer β
ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Application Engine β
β β’ Backup β’ Apply β’ Validate β’ Rollback β
ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Reporting & Metrics β
β β’ Conflict Summary β’ Visual Diff β’ Success Rate β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Problem: User selects "Option 2" but it conflicts with another suggestion Solution: Priority system ensures user selections override lower-priority changes
Problem: Two suggestions modify different keys in package.json
Solution: Semantic merging combines both changes automatically
Problem: Security fix conflicts with formatting suggestion Solution: Priority system applies security fix, skips formatting
Problem: Manual conflict resolution is time-consuming Solution: Parallel processing + caching resolves conflicts in seconds
Configure the tool using environment variables (see .env.example for all options):
| Variable | Description | Default |
|---|---|---|
GITHUB_PERSONAL_ACCESS_TOKEN |
GitHub API token (required) | None |
CR_MODE |
Application mode (all, conflicts-only, non-conflicts-only, dry-run) |
all |
CR_ENABLE_ROLLBACK |
Enable automatic rollback on failure | true |
CR_VALIDATE |
Enable pre-application validation | true |
CR_PARALLEL |
Enable parallel processing | false |
CR_MAX_WORKERS |
Number of parallel workers | 4 |
CR_LOG_LEVEL |
Logging level (DEBUG, INFO, WARNING, ERROR) |
INFO |
CR_LOG_FILE |
Log file path (optional) | None |
We welcome contributions! See CONTRIBUTING.md for guidelines.
git clone https://github.com/VirtualAgentics/review-bot-automator.git
cd review-bot-automator
python -m venv .venv
source .venv/bin/activate
pip install -e ".[dev]"
pre-commit installThis project uses pytest 9.0 with native subtests support for comprehensive testing. We maintain >80% test coverage with 1,445 tests including unit, integration, security, and property-based fuzzing tests.
# Run standard tests with coverage
pytest tests/ --cov=src --cov-report=html
# Run property-based fuzzing tests
make test-fuzz # Dev profile: 50 examples
make test-fuzz-ci # CI profile: 100 examples
make test-fuzz-extended # Extended: 1000 examples
# Run all tests (standard + fuzzing)
make test-allFor more details, see:
- Testing Guide - Comprehensive testing documentation
- Subtests Guide - Writing tests with subtests
- CONTRIBUTING.md - Contribution guidelines including testing practices
MIT License - see LICENSE for details.
- Inspired by the sophisticated code review capabilities of CodeRabbit AI
- Built with experience from ContextForge Memory project
- Community feedback and contributions
Current Version: 2.0.0
Roadmap:
- β
Phase 0: Security Foundation (COMPLETE)
- β 0.1: Security Architecture Design
- β 0.2: Input Validation & Sanitization
- β 0.3: Secure File Handling
- β 0.4: Secret Detection (17 patterns)
- β 0.5: Security Testing Suite (95%+ coverage)
- β 0.6: Security Configuration
- β 0.7: CI/CD Security Scanning (7+ tools)
- β 0.8: Security Documentation
- β
Phase 1: Core Features (COMPLETE)
- β Core conflict detection and analysis
- β File handlers (JSON, YAML, TOML)
- β Priority system
- β Rollback system with git-based checkpointing
- β
Phase 2: CLI & Configuration (COMPLETE)
- β CLI with comprehensive options
- β Runtime configuration system
- β Application modes (all, conflicts-only, non-conflicts-only, dry-run)
- β Parallel processing support
- β Multiple configuration sources (file, env, CLI)
- π Phase 3: Documentation & Examples (IN PROGRESS)
- π Comprehensive documentation updates
- π Example configurations and use cases
- β
V2.0 Phase 0: LLM Foundation (COMPLETE) - PR #121
- β Core LLM data models and infrastructure
- β Universal comment parser with LLM + regex fallback
- β LLM provider protocol for polymorphic support
- β Structured prompt engineering system
- β Confidence threshold filtering
- β
V2.0 Phase 1: LLM-Powered Parsing (COMPLETE) - PR #122
- β OpenAI API provider implementation
- β Automatic retry logic with exponential backoff
- β Token counting and cost tracking
- β Comprehensive error handling
- β Integration with ConflictResolver
- β
V2.0 Phase 2: Multi-Provider Support (COMPLETE) - Closed Nov 9, 2025
- β All 5 LLM providers implemented: OpenAI API, Anthropic API, Claude CLI, Codex CLI, Ollama
- β Provider factory pattern with automatic selection
- β HTTP connection pooling and retry logic
- β Provider health checks and validation
- β Cost tracking across all API-based providers
- β
V2.0 Phase 3: CLI Integration Polish (COMPLETE) - Closed Nov 11, 2025
- β Zero-config presets for instant LLM setup (5 presets available)
- β Configuration precedence chain: CLI > Environment > File > Defaults
- β Enhanced error messages with actionable resolution steps
- β Support for YAML/TOML configuration files
- β Security: API keys must use ${VAR} syntax in config files
- β
V2.0 Phase 4: Local Model Support (COMPLETE) - Closed Nov 2025
- β Ollama provider with GPU acceleration (NVIDIA, AMD ROCm, Apple Metal)
- β Automatic GPU detection and hardware info display
- β HTTP connection pooling for concurrent requests
- β Model auto-download feature
- β Performance benchmarking (local vs API models) - Issue #170
- β Privacy documentation (local LLM operation guide) - Issue #171
- β Integration tests with privacy verification - Issue #172
- β
V2.0 Phase 5: Optimization & Production Readiness (COMPLETE) - PR #250 (Nov 26, 2025)
- Rate limit retry with exponential backoff
- Cache warming for cold start optimization
- Fallback rate tracking, confidence threshold CLI option
- fsync for atomic write durability
- π V2.0 Phase 6: Documentation & Migration (IN PROGRESS) - ~90% complete
V2.0 Milestone Progress: ~95% complete (Phases 0-5 complete, Phase 6 finalizing)
- ClusterFuzzLite: Continuous fuzzing (3 fuzz targets, ASan + UBSan)
- Test Coverage: 82.35% overall, 95%+ for security modules
- Security Scanning: CodeQL, Trivy, TruffleHog, Bandit, pip-audit, OpenSSF Scorecard
- Secret Detection: 17 pattern types (GitHub tokens, AWS keys, API keys, etc.)
- Documentation: Comprehensive security documentation (threat model, incident response, compliance)
β Core v2.0 LLM features are production-ready! Phases 0-4 complete (~71% of v2.0 milestone). All 5 LLM providers fully functional. See Roadmap for current status.
Vision: Major architecture upgrade to parse 95%+ of CodeRabbit comments (up from 20%)
Current system only parses ```suggestion blocks, missing:
- β Diff blocks (```diff) - 60% of CodeRabbit comments
- β Natural language suggestions - 20% of comments
- β Multi-option suggestions
- β Multiple diff blocks per comment
Result: Only 1 out of 5 CodeRabbit comments are currently parsed.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β LLM Parser (Primary - All Formats) β
β β’ Diff blocks β’ Suggestion blocks β
β β’ Natural language β’ Multi-options β
β β’ 95%+ coverage β’ Intelligent understanding β
ββββββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββ
β
ββββββββββ΄βββββββββ
β Fallback if β
β LLM fails β
ββββββββββ¬βββββββββ
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Regex Parser (Fallback - Suggestion Blocks) β
β β’ 100% reliable β’ Zero cost β
β β’ Legacy support β’ Always available β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Choose your preferred LLM provider:
| Provider | Cost Model | Best For | Est. Cost (1000 comments) |
|---|---|---|---|
| Claude CLI | Subscription ($20/mo) | Best quality + zero marginal cost | $0 (covered) |
| Codex CLI | Subscription ($20/mo) | Cost-effective, OpenAI quality | $0 (covered) |
| Ollama | Free (local) | Privacy, offline, no API costs | $0 |
| OpenAI API | Pay-per-token | Pay-as-you-go, low volume | $0.07 (with caching) |
| Anthropic API | Pay-per-token | Best quality, willing to pay | $0.22 (with caching) |
# Current (v1.x) - regex-only
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123
# Parses: 1/5 comments (20%)
# v2.0 - LLM-powered (opt-in)
pr-resolve apply --llm --llm-provider claude-cli --owner VirtualAgentics --repo my-repo --pr 123
# Parses: 5/5 comments (100%)
# Use presets for quick config
pr-resolve apply --llm-preset claude-cli-sonnet --owner VirtualAgentics --repo my-repo --pr 123
pr-resolve apply --llm-preset ollama-local --owner VirtualAgentics --repo my-repo --pr 123 # Privacy-firstβ Runtime Behavior Preserved - v2.0 maintains full compatibility for CLI and API usage
- LLM parsing disabled by default (opt-in via
--llmflag) - Automatic fallback to regex if LLM fails
- v1.x CLI commands work identically
- v1.x Python API behavior unchanged
pr-conflict-resolver to review-bot-automator. Update your imports and dependencies:
- Import:
from review_bot_automator import ...(waspr_conflict_resolver) - Dependency:
review-bot-automatorin requirements.txt (waspr-conflict-resolver)
See Migration Guide for details.
# v2.0: Changes include AI-powered insights
change = Change(
path="src/module.py",
start_line=10,
end_line=12,
content="new code",
# NEW in v2.0 (optional fields)
llm_confidence=0.95, # How confident the LLM is
llm_provider="claude-cli", # Which provider parsed it
parsing_method="llm", # "llm" or "regex"
change_rationale="Improves error handling", # Why change was suggested
risk_level="low" # "low", "medium", "high"
)Comprehensive planning documentation available:
- LLM Refactor Roadmap (15K words) - Full implementation plan
- LLM Architecture (8K words) - Technical specification
- Migration Guide (3K words) - v1.x β v2.0 upgrade path
- Phase 0-6: 10-12 weeks implementation
- Estimated Release: Q2 2025
- GitHub Milestone: v2.0 - LLM-First Architecture
- GitHub Issues: #114-#120 (Phases 0-6)
- ContextForge Memory - Original implementation
- CodeRabbit AI - AI-powered code review
Made with β€οΈ by VirtualAgentics