Automated Code Review Platform — Detect security vulnerabilities, bugs, and code quality issues using AI before they reach production.
Live Demo · API Docs · Report Bug
CodeSense AI is an intelligent code analysis tool that integrates directly into your development workflow. It provides automated code reviews through multiple interfaces:
- GitHub Integration — Automatically reviews every Pull Request
- REST API — Integrate into CI/CD pipelines
- Command Line — Review code locally before committing
- Web Interface — Quick analysis through browser
| Problem | Solution |
|---|---|
| Manual code reviews are slow | Instant AI-powered analysis |
| Security issues slip through | Automated vulnerability detection |
| Inconsistent review quality | Standardized analysis across all code |
| Delayed feedback loops | Real-time PR comments |
┌─────────────────────────────────────────────────────────────┐
│ CodeSense AI │
├─────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────┐ ┌──────────────┐ ┌─────────────┐ │
│ │ GitHub │────>│ │────>│ Groq AI │ │
│ │ Webhook │ │ FastAPI │ │ (Llama 3) │ │
│ └─────────┘ │ Backend │ └─────────────┘ │
│ │ │ │ │
│ ┌─────────┐ │ │ v │
│ │ CLI │────>│ │ ┌─────────────┐ │
│ └─────────┘ │ │ │ Review │ │
│ │ │<────│ Results │ │
│ ┌─────────┐ │ │ └─────────────┘ │
│ │ API │────>│ │ │
│ └─────────┘ └──────────────┘ │
│ │
└─────────────────────────────────────────────────────────────┘
- SQL Injection detection
- Cross-Site Scripting (XSS) vulnerabilities
- Hardcoded secrets and credentials
- Command injection risks
- Authentication weaknesses
- Division by zero
- Null pointer dereferences
- Race conditions
- Logic errors
- Type mismatches
- Best practice violations
- Code smell detection
- Performance anti-patterns
- Documentation gaps
- Python 3.10+
- Groq API key (Get free key)
git clone https://github.com/amrgaberM/codesense-ai.git
cd codesense-ai
python -m venv venv
source venv/bin/activate # Linux/Mac
venv\Scripts\activate # Windows
pip install -e .
cp .env.example .env
# Add your GROQ_API_KEY to .env# Review a file
codesense review app.py
# Security-focused review
codesense review src/ --type security
# Quick check
codesense check "def divide(a,b): return a/b" -l python# Start server
uvicorn codesense.api.app:app --reload
# Send review request
curl -X POST http://localhost:8000/api/review \
-H "Content-Type: application/json" \
-d '{"code": "eval(user_input)", "language": "python"}'from codesense import CodeAnalyzer
analyzer = CodeAnalyzer()
result = analyzer.review_code(
code="password = 'admin123'",
language="python"
)
for issue in result.issues:
print(f"[{issue.severity}] {issue.title}")
print(f" Fix: {issue.suggestion}")CodeSense AI automatically reviews Pull Requests when configured as a webhook.
- Developer opens a Pull Request
- GitHub sends webhook to CodeSense API
- CodeSense analyzes the changed files
- Bot posts review comment on the PR
- Deploy API to Railway/Render
- Add webhook in repository settings:
- URL:
https://your-api.up.railway.app/webhook/github - Events: Pull requests
- URL:
- Add
GITHUB_TOKENandGROQ_API_KEYto environment
## CodeSense AI Review
Issues Found:
1. [CRITICAL] SQL Injection Vulnerability
Line 23: User input directly concatenated into query
Fix: Use parameterized queries
2. [HIGH] Hardcoded Credentials
Line 45: Password stored in plain text
Fix: Use environment variables or secrets manager
3. [MEDIUM] Missing Input Validation
Line 12: No validation on user input
Fix: Add type checking and sanitization
codesense-ai/
├── src/codesense/
│ ├── api/ # FastAPI REST endpoints
│ ├── cli/ # Command line interface
│ ├── core/ # Analysis engine
│ ├── github/ # Webhook handlers
│ ├── llm/ # AI integration
│ └── models/ # Data structures
├── streamlit_app.py # Web demo
├── requirements.txt
└── pyproject.toml
# Install Railway CLI
npm install -g @railway/cli
# Deploy
railway login
railway init
railway up| Variable | Description |
|---|---|
GROQ_API_KEY |
Groq API key for AI analysis |
GITHUB_TOKEN |
GitHub token for PR comments |
GITHUB_WEBHOOK_SECRET |
Webhook signature verification |
| Language | Extensions |
|---|---|
| Python | .py |
| JavaScript | .js, .jsx |
| TypeScript | .ts, .tsx |
| Java | .java |
| Go | .go |
| Rust | .rs |
| C/C++ | .c, .cpp, .h |
- Backend: Python, FastAPI
- AI: Groq (Llama 3.3 70B)
- Frontend: Streamlit
- Deployment: Railway
- CI/CD: GitHub Webhooks
- CLI tool
- REST API
- GitHub PR integration
- Web demo (Streamlit)
- VS Code extension
- GitLab integration
- Custom rule configuration
MIT License - see LICENSE for details.
Amr Hassan — AI Engineer
Built for developers who ship quality code.