Update review-agent docs

Gavin Williams · Gavin Williams · commit 6c006a08b23f · 2026-04-14T10:06:17.000+01:00
diff --git a/docs/docs/features/agents/review-agent.mdx b/docs/docs/features/agents/review-agent.mdx
@@ -3,64 +3,55 @@ title: AI Code Review Agent
 sidebarTitle: AI code review agent
 ---
 
-<Note>
-This agent sends data to OpenAI (through an API key you supply) to perform code reviews. This data includes code from the PR being reviewed, as well as additional relevant context from your
-codebase that the agent may fetch to perform the review.
-</Note>
+This agent provides codebase-aware reviews for your GitHub PRs and GitLab MRs. For each diff, the agent fetches relevant context from your indexed codebase and feeds it into a configured language model for a detailed review.
 
-This agent provides codebase-aware reviews for your PRs. For each diff, this agent fetches relevant context from Sourcebot and feeds it into an LLM for a detailed review of your changes.
-
-The AI Code Review Agent is [fair source](https://github.com/sourcebot-dev/sourcebot/tree/main/packages/web/src/features/agents/review-agent) and packaged in [Sourcebot](https://github.com/sourcebot-dev/sourcebot). To get started using this agent, [deploy Sourcebot](/docs/deployment/docker-compose)
-and then follow the configuration instructions below.
+The AI Code Review Agent is [fair source](https://github.com/sourcebot-dev/sourcebot/tree/main/packages/web/src/features/agents/review-agent) and packaged in [Sourcebot](https://github.com/sourcebot-dev/sourcebot). To get started, [deploy Sourcebot](/docs/deployment/docker-compose) and follow the configuration instructions below.
 
 ![AI Code Review Agent Example](/images/review_agent_example.png)
 
-# Configure
+# Language model
+
+The review agent uses whichever language model you have configured in your `config.json`. All providers supported by Sourcebot (OpenAI, Anthropic, AWS Bedrock, Azure OpenAI, and others) work out of the box.
 
-This agent currently only supports reviewing GitHub PRs. You configure the agent by creating a GitHub app, installing it into your GitHub organization, and then giving your app info to Sourcebot.
+If you have multiple models configured, set `REVIEW_AGENT_MODEL` to the `displayName` of the model you want the agent to use. If this variable is unset, the agent uses the first configured model.
 
-Before you get started, make sure you have an OpenAPI account that you can create an OpenAPI key with.
+# GitHub
 
 <Steps>
     <Step title="Register a GitHub app">
-        Follow the official GitHub guide for [registering a GitHub app](https://docs.github.com/en/apps/creating-github-apps/registering-a-github-app/registering-a-github-app)
-
-        - GitHub App name: You can make this whatever you want (ex. Sourcebot Review Agent)
-        - Homepage URL: You can make this whatever you want (ex. https://www.sourcebot.dev/)
-        - Webhook URL (**IMPORTANT**): You must set this to point to your Sourcebot deployment at /api/webhook (ex. https://sourcebot.aperture.com/api/webhook). Your Sourcebot deployment must be able to accept requests from GitHub
-        (either github.com or your self-hosted enterprise server) for this to work. If you're running Sourcebot locally, you can [use smee](https://docs.github.com/en/apps/creating-github-apps/writing-code-for-a-github-app/quickstart#step-2-get-a-webhook-proxy-url) to [forward webhooks](https://docs.github.com/en/apps/creating-github-apps/writing-code-for-a-github-app/quickstart#step-6-start-your-server) to your local deployment.
-        - Webook Secret: This can be any string (ex. generate a random string `python -c "import secrets; print(secrets.token_hex(10))"`). You'll provide this to Sourcebot to be able to read webhook events from your app.
-        - Permissions
+        Follow the official GitHub guide for [registering a GitHub app](https://docs.github.com/en/apps/creating-github-apps/registering-a-github-app/registering-a-github-app).
+
+        - **GitHub App name**: Any name you choose (e.g. Sourcebot Review Agent)
+        - **Homepage URL**: Any URL you choose (e.g. `https://www.sourcebot.dev/`)
+        - **Webhook URL** (required): Your Sourcebot deployment URL at `/api/webhook` (e.g. `https://sourcebot.example.com/api/webhook`). Your deployment must be reachable from GitHub. If you are running Sourcebot locally, use [smee](https://docs.github.com/en/apps/creating-github-apps/writing-code-for-a-github-app/quickstart#step-2-get-a-webhook-proxy-url) to [forward webhooks](https://docs.github.com/en/apps/creating-github-apps/writing-code-for-a-github-app/quickstart#step-6-start-your-server) to your local deployment.
+        - **Webhook Secret**: Any string (e.g. generate one with `python -c "import secrets; print(secrets.token_hex(10))"`)
+        - **Permissions**
             - Pull requests: Read & Write
             - Issues: Read & Write
             - Contents: Read
-        - Events:
+        - **Events**
             - Pull request
             - Issue comment
     </Step>
     <Step title="Install the GitHub app in your organization">
-        Navigate to your new [GitHub app's page](https://docs.github.com/en/apps/creating-github-apps/writing-code-for-a-github-app/quickstart#navigate-to-your-app-settings) and press `Install`
+        Navigate to your new [GitHub app's page](https://docs.github.com/en/apps/creating-github-apps/writing-code-for-a-github-app/quickstart#navigate-to-your-app-settings) and press **Install**.
     </Step>
-    <Step title="Configure the environment variables in Sourcebot">
-        Sourcebot requires the following environment variables to begin reviewing PRs through your new GitHub app:
-
-        - `GITHUB_REVIEW_AGENT_APP_ID`: The client ID of your GitHub app. Can be found in your [app settings](https://docs.github.com/en/apps/creating-github-apps/writing-code-for-a-github-app/quickstart#navigate-to-your-app-settings)
-        - `GITHUB_REVIEW_AGENT_APP_WEBHOOK_SECRET`: The webhook secret you defined in your GitHub app. Can be found in your [app settings](https://docs.github.com/en/apps/creating-github-apps/writing-code-for-a-github-app/quickstart#navigate-to-your-app-settings)
-        - `GITHUB_REVIEW_AGENT_APP_PRIVATE_KEY_PATH`: The path to your app's private key. If you're running Sourcebot from a container, this is the path to this file from within your container
-        (ex `/data/review-agent-key.pem`). You must copy the private key file into the directory you mount to Sourcebot (similar to the config file). 
-        
-        You can generate a private key file for your app in the [app settings](https://docs.github.com/en/apps/creating-github-apps/writing-code-for-a-github-app/quickstart#navigate-to-your-app-settings). You must copy this private key file into the
-        directory that you mount to Sourcebot
-        ![GitHub App Private Key](/images/github_app_private_key.png)
-        - `OPENAI_API_KEY`: Your OpenAI API key
-        - `REVIEW_AGENT_API_KEY`: The Sourcebot API key that the review agent uses to hit the Sourcebot API to fetch code context
-        - `REVIEW_AGENT_AUTO_REVIEW_ENABLED` (default: `false`): If enabled, the review agent will automatically review any new or updated PR. If disabled, you must invoke it using the command defined by `REVIEW_AGENT_REVIEW_COMMAND`
-        - `REVIEW_AGENT_REVIEW_COMMAND` (default: `review`): The command that invokes the review agent (ex. `/review`) when a user comments on the PR. Don't include the slash character in this value.
-
-        You can find an example docker compose file below. 
-        - This docker compose file is placed in `~/sourcebot_review_agent_workspace`, and I'm mounting that directory to Sourcebot
-        - The config and the app private key files are placed in this directory
-        - The paths to these files are given to Sourcebot relative to `/data` since that's the directory in Sourcebot that I'm mounting to
+    <Step title="Configure environment variables">
+        Set the following environment variables in your Sourcebot deployment:
+
+        | Variable | Description |
+        |---|---|
+        | `GITHUB_REVIEW_AGENT_APP_ID` | The client ID of your GitHub app, found in your [app settings](https://docs.github.com/en/apps/creating-github-apps/writing-code-for-a-github-app/quickstart#navigate-to-your-app-settings) |
+        | `GITHUB_REVIEW_AGENT_APP_WEBHOOK_SECRET` | The webhook secret you set when registering the app |
+        | `GITHUB_REVIEW_AGENT_APP_PRIVATE_KEY_PATH` | Path to your app's private key file inside the container (e.g. `/data/review-agent-key.pem`). Copy the key file into the directory you mount to Sourcebot. |
+
+        You can generate a private key in your [app settings](https://docs.github.com/en/apps/creating-github-apps/writing-code-for-a-github-app/quickstart#navigate-to-your-app-settings).
+
+        <Frame>
+          <img src="/images/github_app_private_key.png" alt="GitHub App Private Key" />
+        </Frame>
+
+        Example `docker-compose.yml`:
 
         ```yaml
         services:
@@ -71,26 +62,86 @@ Before you get started, make sure you have an OpenAPI account that you can creat
                 ports:
                     - "3000:3000"
                 volumes:
-                    - "/Users/michael/sourcebot_review_agent_workspace:/data"
+                    - "/home/user/sourcebot_workspace:/data"
                 environment:
                     CONFIG_PATH: "/data/config.json"
                     GITHUB_REVIEW_AGENT_APP_ID: "my-github-app-id"
-                    GITHUB_REVIEW_AGENT_APP_WEBHOOK_SECRET: "my-github-app-webhook-secret"
+                    GITHUB_REVIEW_AGENT_APP_WEBHOOK_SECRET: "my-webhook-secret"
                     GITHUB_REVIEW_AGENT_APP_PRIVATE_KEY_PATH: "/data/review-agent-key.pem"
-                    REVIEW_AGENT_API_KEY: "sourcebot-my-key"
-                    OPENAI_API_KEY: "sk-proj-my-open-api-key"
         ```
     </Step>
     <Step title="Verify configuration">
-        Navigate to the agents page by pressing `Agents` in the Sourcebot nav menu. If you've configured your environment variables correctly you'll see the following:
+        Navigate to **Agents** in the Sourcebot nav menu. If your environment variables are set correctly, the GitHub Review Agent card shows a confirmation that the agent is configured and accepting requests.
 
-        ![Review Agent Configured](/images/review_agent_configured.png)
+        <Frame>
+          <img src="/images/review_agent_configured.png" alt="Review Agent Configured" />
+        </Frame>
+    </Step>
+</Steps>
+
+# GitLab
+
+<Steps>
+    <Step title="Create a GitLab access token">
+        Create a [personal access token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html) or [project access token](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html) with the following scope:
+
+        - `api`
+
+        Keep a note of the token value — you will need it in the next step.
+    </Step>
+    <Step title="Configure a webhook in GitLab">
+        In your GitLab project, go to **Settings → Webhooks** and add a new webhook:
+
+        - **URL**: Your Sourcebot deployment URL at `/api/webhook` (e.g. `https://sourcebot.example.com/api/webhook`)
+        - **Secret token**: Any string (e.g. generate one with `python -c "import secrets; print(secrets.token_hex(10))"`)
+        - **Trigger events**: Merge request events, Comments
+
+        Save the webhook.
+    </Step>
+    <Step title="Configure environment variables">
+        Set the following environment variables in your Sourcebot deployment:
+
+        | Variable | Description |
+        |---|---|
+        | `GITLAB_REVIEW_AGENT_WEBHOOK_SECRET` | The secret token you set on the GitLab webhook |
+        | `GITLAB_REVIEW_AGENT_TOKEN` | The GitLab personal or project access token |
+        | `GITLAB_REVIEW_AGENT_HOST` | Your GitLab hostname. Defaults to `gitlab.com`. Set this for self-hosted GitLab instances (e.g. `gitlab.example.com`). |
+
+        Example `docker-compose.yml`:
+
+        ```yaml
+        services:
+            sourcebot:
+                image: ghcr.io/sourcebot-dev/sourcebot:latest
+                pull_policy: always
+                container_name: sourcebot
+                ports:
+                    - "3000:3000"
+                volumes:
+                    - "/home/user/sourcebot_workspace:/data"
+                environment:
+                    CONFIG_PATH: "/data/config.json"
+                    GITLAB_REVIEW_AGENT_WEBHOOK_SECRET: "my-webhook-secret"
+                    GITLAB_REVIEW_AGENT_TOKEN: "glpat-my-token"
+                    GITLAB_REVIEW_AGENT_HOST: "gitlab.example.com"
+        ```
+    </Step>
+    <Step title="Verify configuration">
+        Navigate to **Agents** in the Sourcebot nav menu. If your environment variables are set correctly, the GitLab Review Agent card shows a confirmation that the agent is configured and accepting requests.
     </Step>
 </Steps>
 
 # Using the agent
 
-The review agent will not automatically review your PRs by default. To enable this feature, set the `REVIEW_AGENT_AUTO_REVIEW_ENABLED` environment variable to true.
+By default, the agent does not review PRs and MRs automatically. To enable automatic reviews on every new or updated PR/MR, set `REVIEW_AGENT_AUTO_REVIEW_ENABLED` to `true`.
+
+You can also trigger a review manually by commenting `/review` on any PR or MR. To use a different command, set `REVIEW_AGENT_REVIEW_COMMAND` to your preferred value (without the leading slash).
+
+# Environment variable reference
 
-You can invoke the review agent manually by commenting `/review` on the PR you'd like it to review. You can configure the command that triggers the agent by changing
-the `REVIEW_AGENT_REVIEW_COMMAND` environment variable. 
+| Variable | Default | Description |
+|---|---|---|
+| `REVIEW_AGENT_AUTO_REVIEW_ENABLED` | `false` | Automatically review new and updated PRs/MRs |
+| `REVIEW_AGENT_REVIEW_COMMAND` | `review` | Comment command that triggers a manual review (without the `/`) |
+| `REVIEW_AGENT_MODEL` | first configured model | `displayName` of the language model to use for reviews |
+| `REVIEW_AGENT_LOGGING_ENABLED` | unset | Write prompt and response logs to disk for debugging |
