Code Review Automation¶

Automate PR reviews with AI-powered security and quality checks.

Time: 5 minutes

What You'll Learn¶

Setting up automated PR reviews
Understanding review output
Handling review feedback
Configuring review rules

Step 1: Review a PR¶

Run the review command with a PR number:

/novaai review PR #123 for security issues

Or use the dedicated command:

/fix-pr 123

Step 2: Understand the Output¶

Nova AI produces a structured review:

🔍 Code Review for PR #123

## Security
✅ No SQL injection vulnerabilities
✅ No XSS vulnerabilities
⚠️  Potential command injection in utils.py:45

## Correctness
✅ Logic appears correct
⚠️  Missing null check in handler.py:23

## Maintainability
✅ Code is well-structured
💡 Consider extracting duplicate logic in auth.py

## Test Coverage
❌ No tests for new endpoint
   Suggestion: Add tests for /api/users route

## Summary
2 issues to fix, 1 suggestion

Step 3: Auto-Fix Issues¶

Nova AI can automatically fix issues:

Found 2 issues. Fix automatically? [Y/n]

Press Enter to apply fixes:

⏳ Fixing command injection in utils.py...
✅ Added input sanitization

⏳ Adding null check to handler.py...
✅ Added guard clause

⏳ Generating tests for /api/users...
✅ Created tests/test_users.py

Ready to push fixes? [Y/n]

Step 4: Push and Update PR¶

After fixes are applied:

git diff --stat

src/utils.py          | 5 +++--
src/handler.py        | 3 +++
tests/test_users.py   | 28 ++++++++++++++++++++++++++++
3 files changed, 34 insertions(+), 2 deletions(-)

Push to update the PR:

git push

Review Categories¶

Security Checks¶

Check	Description
SQL Injection	Parameterized queries required
XSS	Output encoding required
Command Injection	Input sanitization required
Path Traversal	Path validation required
Auth Bypass	Authorization checks required

Correctness Checks¶

Check	Description
Null Safety	Null checks for nullable values
Edge Cases	Boundary condition handling
Error Handling	Proper exception handling
Type Safety	Type consistency

Maintainability Checks¶

Check	Description
DRY	No duplicate code
Complexity	Cyclomatic complexity limits
Naming	Clear, descriptive names
Documentation	Docstrings for public APIs

Configuration¶

Customize review behavior in .claude/agents/code-reviewer.md:

---
name: code-reviewer
model: claude-opus-4-5-20251101
---

## Review Focus

Prioritize in this order:
1. Security vulnerabilities
2. Logic errors
3. Test coverage
4. Performance issues
5. Style suggestions

## Skip

- Whitespace issues (handled by linter)
- Import order (handled by linter)

GitHub Integration¶

Enable automatic PR reviews:

Add workflow to .github/workflows/nova-review.yml:

name: Nova AI Review
on:
  pull_request:
    types: [opened, synchronize]

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Nova AI Review
        run: |
          python scripts/nova_headless.py \
            "review PR #${{ github.event.number }}" \
            --output-format json > review.json

Comment triggers for manual review:

@nova-ai review this PR
@nova-ai check for security issues

What's Next?¶

Parallel Execution

Speed up with concurrent agents

Parallel Tutorial
CI/CD Integration

Automate in your pipeline

CI/CD Tutorial