Play 24
AI Code Review
Medium✅ Ready
Automated PR review with CodeQL, OWASP scanning, and inline suggestions.
Automated code review pipeline that runs on every PR. CodeQL scans for security vulnerabilities, OWASP rules check for common web app flaws, architecture validation ensures patterns are followed, and GPT-4o generates improvement suggestions as inline PR comments. Uses the builder/reviewer/tuner agent triad — builder writes code, reviewer audits it, tuner optimizes config. GitHub Actions integration runs on every push.
Architecture Pattern
CI/CD code review: CodeQL + OWASP + AI suggestions, inline PR comments
Azure Services
Azure OpenAI (gpt-4o)GitHub ActionsCodeQLAzure DevOps
DevKit (.github Agentic OS)
- agent.md — root orchestrator with builder→reviewer→tuner handoffs
- 3 agents — Code Review Builder (gpt-4o), Reviewer (gpt-4o-mini), Tuner (gpt-4o-mini)
- 3 skills — deploy (103 lines), evaluate (105 lines), tune (101 lines)
- 4 prompts — /deploy, /test, /review, /evaluate with agent routing
- .vscode/mcp.json — FrootAI MCP with GitHub PAT + OpenAI inputs + envFile
TuneKit (AI Config)
- config/openai.json — temp=0.1, structured JSON output
- config/review.json — severity thresholds, OWASP rules, style checks
- config/guardrails.json — content safety, PII detection
- .github/workflows — PR review pipeline, auto-comment
Tuning Parameters
Severity thresholds (critical/high/medium/low)Review depth (quick/standard/deep)OWASP rule selectionStyle check rulesAuto-fix confidence threshold
Estimated Cost
Dev/Test
$50–100/mo
Production
$500–2K/mo