Universal AI-powered automation for GitHub code review bots
Intelligent suggestion application and conflict resolution for CodeRabbit, GitHub Copilot, and custom review bots
- Problem Statement
- Quick Start
- Features
- Architecture
- Use Cases
- Environment Variables
- Documentation
- Contributing
- Project Status
- License
When multiple PR review comments suggest overlapping changes to the same file, traditional automation tools either:
- Skip all conflicting changes (losing valuable suggestions)
- Apply changes sequentially without conflict awareness (potentially breaking code)
- Require tedious manual resolution for every conflict
Review Bot Automator provides intelligent, semantic-aware conflict resolution that:
- β Understands code structure (JSON, YAML, TOML, Python, TypeScript)
- β Uses priority-based resolution (user selections, security fixes, syntax errors)
- β Supports semantic merging (combining non-conflicting changes automatically)
- β Learns from your decisions to improve over time
- β Provides detailed conflict analysis and actionable suggestions
pip install pr-conflict-resolver# Set your GitHub token (required)
export GITHUB_PERSONAL_ACCESS_TOKEN="your_token_here"
# Analyze conflicts in a PR
pr-resolve analyze --owner VirtualAgentics --repo my-repo --pr 123
# Apply suggestions with conflict resolution
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123 --strategy priority
# Apply only conflicting changes
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123 --mode conflicts-only
# Simulate without applying changes (dry-run mode)
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123 --mode dry-run
# Use parallel processing for large PRs
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123 --parallel --max-workers 8
# Load configuration from file
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123 --config config.yamlEnable AI-powered features with your choice of LLM provider using zero-config presets:
# β¨ NEW: Zero-config presets for instant setup
# Option 1: Codex CLI (free with GitHub Copilot subscription)
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123 \
--llm-preset codex-cli-free
# Option 2: Local Ollama (free, private, offline) - EASIEST SETUP
./scripts/setup_ollama.sh # One-time install
./scripts/download_ollama_models.sh # Download model
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123 \
--llm-preset ollama-local
# See docs/ollama-setup.md for detailed guide
# Option 3: Claude CLI (requires Claude subscription)
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123 \
--llm-preset claude-cli-sonnet
# Option 4: OpenAI API (pay-per-use, ~$0.01 per PR)
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123 \
--llm-preset openai-api-mini \
--llm-api-key sk-...
# Option 5: Anthropic API (balanced cost/performance)
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123 \
--llm-preset anthropic-api-balanced \
--llm-api-key sk-ant-...Available presets: codex-cli-free, ollama-local, claude-cli-sonnet, openai-api-mini, anthropic-api-balanced
# Anthropic (recommended - 50-90% cost savings with caching)
export CR_LLM_ENABLED="true"
export CR_LLM_PROVIDER="anthropic"
export CR_LLM_API_KEY="sk-ant-..." # Get from https://console.anthropic.com/
# OpenAI
export CR_LLM_ENABLED="true"
export CR_LLM_PROVIDER="openai"
export CR_LLM_API_KEY="sk-..." # Get from https://platform.openai.com/api-keys
# Then use as normal
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123See LLM Configuration Guide for all provider options and detailed setup.
from pr_conflict_resolver import ConflictResolver
from pr_conflict_resolver.config import PresetConfig
resolver = ConflictResolver(config=PresetConfig.BALANCED)
results = resolver.resolve_pr_conflicts(
owner="VirtualAgentics",
repo="my-repo",
pr_number=123
)
print(f"Applied: {results.applied_count}")
print(f"Conflicts: {results.conflict_count}")
print(f"Success rate: {results.success_rate}%")- Semantic Understanding: Analyzes JSON, YAML, TOML structure, not just text
- Conflict Categorization: Exact, major, partial, minor, disjoint-keys, semantic-duplicate
- Impact Assessment: Evaluates scope, risk level, and criticality of changes
- Actionable Suggestions: Provides specific guidance for each conflict
- Priority-Based: User selections > Security fixes > Syntax errors > Regular suggestions
- Semantic Merging: Combines non-conflicting changes in structured files
- Sequential Application: Applies compatible changes in optimal order
- Defer to User: Escalates complex conflicts for manual review
- JSON: Duplicate key detection, key-level merging
- YAML: Comment preservation, structure-aware merging
- TOML: Section merging, format preservation
- Python/TypeScript: AST-aware analysis (planned)
- 5 Provider Types: OpenAI, Anthropic, Claude CLI, Codex CLI, Ollama
- Cost Optimization: Prompt caching reduces Anthropic costs by 50-90%
- Flexible Deployment: API-based, CLI-based, or local inference
- Provider Selection: Choose based on cost, privacy, or performance needs
- Health Checks: Automatic provider validation before use
- ML-Assisted Priority: Learns from your resolution decisions
- Metrics Tracking: Monitors success rates, resolution times, strategy effectiveness
- Conflict Caching: Reuses analysis for similar conflicts
- Performance: Parallel processing for large PRs
- Conservative: Skip all conflicts, manual review required
- Balanced: Priority system + semantic merging (default)
- Aggressive: Maximize automation, user selections always win
- Semantic: Focus on structure-aware merging for config files
- all: Apply both conflicting and non-conflicting changes (default)
- conflicts-only: Apply only changes that have conflicts
- non-conflicts-only: Apply only changes without conflicts
- dry-run: Analyze and report without applying any changes
- Automatic Rollback: Git-based checkpointing with automatic rollback on failure
- Pre-Application Validation: Validates changes before applying (optional)
- File Integrity Checks: Verifies file safety and containment
- Detailed Logging: Comprehensive logging for debugging and audit trails
Configure via multiple sources with precedence chain: CLI flags > Environment variables > Config file > Defaults
- Configuration Files: Load settings from YAML or TOML files
- Environment Variables: Set options using
CR_*prefix variables - CLI Overrides: Override any setting via command-line flags
See .env.example for available environment variables.
- Getting Started Guide - Installation, setup, and first steps
- Configuration Reference - Complete configuration options
- LLM Configuration Guide - LLM providers, presets, and advanced configuration
- Ollama Setup Guide - Comprehensive Ollama installation and setup
- Rollback System - Automatic rollback and recovery
- Parallel Processing - Performance tuning guide
- Migration Guide - Upgrading from earlier versions
- Troubleshooting - Common issues and solutions
- API Reference - Python API documentation
- Conflict Types Explained - Understanding conflict categories
- Resolution Strategies - Strategy selection guide
- Architecture Overview - System design and components
- Contributing Guide - How to contribute
- Security Policy - Vulnerability reporting, security features
- Security Architecture - Design principles, threat model
- Threat Model - STRIDE analysis, risk assessment
- Incident Response - Security incident procedures
- Compliance - GDPR, OWASP, SOC2, OpenSSF
- Security Testing - Testing guide, fuzzing, SAST
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β GitHub PR Comments β
β (CodeRabbit, Review Bot) β
ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Comment Parser & Extractor β
β (Suggestions, Diffs, Codemods, Multi-Options) β
ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Conflict Detection Engine β
β β’ Fingerprinting β’ Overlap Analysis β’ Semantic Check β
ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ
β
βββββββββββββ΄βββββββββββ
βΌ βΌ
ββββββββββββββββββββ ββββββββββββββββββββ
β File Handlers β β Priority System β
β β’ JSON β β β’ User Selected β
β β’ YAML β β β’ Security Fix β
β β’ TOML β β β’ Syntax Error β
β β’ Python β β β’ Regular β
βββββββββββ¬βββββββββ ββββββββββ¬ββββββββββ
β β
ββββββββββββ¬βββββββββββ
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Resolution Strategy Selector β
β β’ Skip β’ Override β’ Merge β’ Sequential β’ Defer β
ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Application Engine β
β β’ Backup β’ Apply β’ Validate β’ Rollback β
ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Reporting & Metrics β
β β’ Conflict Summary β’ Visual Diff β’ Success Rate β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Problem: User selects "Option 2" but it conflicts with another suggestion Solution: Priority system ensures user selections override lower-priority changes
Problem: Two suggestions modify different keys in package.json
Solution: Semantic merging combines both changes automatically
Problem: Security fix conflicts with formatting suggestion Solution: Priority system applies security fix, skips formatting
Problem: Manual conflict resolution is time-consuming Solution: Parallel processing + caching resolves conflicts in seconds
Configure the tool using environment variables (see .env.example for all options):
| Variable | Description | Default |
|---|---|---|
GITHUB_PERSONAL_ACCESS_TOKEN |
GitHub API token (required) | None |
CR_MODE |
Application mode (all, conflicts-only, non-conflicts-only, dry-run) |
all |
CR_ENABLE_ROLLBACK |
Enable automatic rollback on failure | true |
CR_VALIDATE |
Enable pre-application validation | true |
CR_PARALLEL |
Enable parallel processing | false |
CR_MAX_WORKERS |
Number of parallel workers | 4 |
CR_LOG_LEVEL |
Logging level (DEBUG, INFO, WARNING, ERROR) |
INFO |
CR_LOG_FILE |
Log file path (optional) | None |
We welcome contributions! See CONTRIBUTING.md for guidelines.
git clone https://github.com/VirtualAgentics/review-bot-automator.git
cd review-bot-automator
python -m venv .venv
source .venv/bin/activate
pip install -e ".[dev]"
pre-commit installThis project uses pytest 9.0 with native subtests support for comprehensive testing. We maintain >80% test coverage with 1318+ tests including unit, integration, security, and property-based fuzzing tests.
# Run standard tests with coverage
pytest tests/ --cov=src --cov-report=html
# Run property-based fuzzing tests
make test-fuzz # Dev profile: 50 examples
make test-fuzz-ci # CI profile: 100 examples
make test-fuzz-extended # Extended: 1000 examples
# Run all tests (standard + fuzzing)
make test-allFor more details, see:
- Testing Guide - Comprehensive testing documentation
- Subtests Guide - Writing tests with subtests
- CONTRIBUTING.md - Contribution guidelines including testing practices
MIT License - see LICENSE for details.
- Inspired by the sophisticated code review capabilities of CodeRabbit AI
- Built with experience from ContextForge Memory project
- Community feedback and contributions
Current Version: 0.1.0 (Alpha)
Roadmap:
- β
Phase 0: Security Foundation (COMPLETE)
- β 0.1: Security Architecture Design
- β 0.2: Input Validation & Sanitization
- β 0.3: Secure File Handling
- β 0.4: Secret Detection (14+ patterns)
- β 0.5: Security Testing Suite (95%+ coverage)
- β 0.6: Security Configuration
- β 0.7: CI/CD Security Scanning (7+ tools)
- β 0.8: Security Documentation
- β
Phase 1: Core Features (COMPLETE)
- β Core conflict detection and analysis
- β File handlers (JSON, YAML, TOML)
- β Priority system
- β Rollback system with git-based checkpointing
- β
Phase 2: CLI & Configuration (COMPLETE)
- β CLI with comprehensive options
- β Runtime configuration system
- β Application modes (all, conflicts-only, non-conflicts-only, dry-run)
- β Parallel processing support
- β Multiple configuration sources (file, env, CLI)
- π Phase 3: Documentation & Examples (IN PROGRESS)
- π Comprehensive documentation updates
- π Example configurations and use cases
- β
V2.0 Phase 0: LLM Foundation (COMPLETE) - PR #121
- β Core LLM data models and infrastructure
- β Universal comment parser with LLM + regex fallback
- β LLM provider protocol for polymorphic support
- β Structured prompt engineering system
- β Confidence threshold filtering
- β
V2.0 Phase 1: LLM-Powered Parsing (COMPLETE) - PR #122
- β OpenAI API provider implementation
- β Automatic retry logic with exponential backoff
- β Token counting and cost tracking
- β Comprehensive error handling
- β Integration with ConflictResolver
- π V2.0 Phase 2-6 (IN PROGRESS) - 29% complete
- π Multi-provider support (Anthropic, Claude CLI, Codex, Ollama)
- π CLI integration polish and preset system
- π Production hardening (retry logic, cost controls)
- π Comprehensive documentation and migration guides
- ClusterFuzzLite: Continuous fuzzing (3 fuzz targets, ASan + UBSan)
- Test Coverage: 82.35% overall, 95%+ for security modules
- Security Scanning: CodeQL, Trivy, TruffleHog, Bandit, pip-audit, OpenSSF Scorecard
- Secret Detection: 14+ pattern types (GitHub tokens, AWS keys, API keys, etc.)
- Documentation: Comprehensive security documentation (threat model, incident response, compliance)
Coming Soon: Major architecture upgrade to parse 95%+ of CodeRabbit comments (up from 20%)
Current system only parses ```suggestion blocks, missing:
- β Diff blocks (```diff) - 60% of CodeRabbit comments
- β Natural language suggestions - 20% of comments
- β Multi-option suggestions
- β Multiple diff blocks per comment
Result: Only 1 out of 5 CodeRabbit comments are currently parsed.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β LLM Parser (Primary - All Formats) β
β β’ Diff blocks β’ Suggestion blocks β
β β’ Natural language β’ Multi-options β
β β’ 95%+ coverage β’ Intelligent understanding β
ββββββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββ
β
ββββββββββ΄βββββββββ
β Fallback if β
β LLM fails β
ββββββββββ¬βββββββββ
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Regex Parser (Fallback - Suggestion Blocks) β
β β’ 100% reliable β’ Zero cost β
β β’ Legacy support β’ Always available β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Choose your preferred LLM provider:
| Provider | Cost Model | Best For | Est. Cost (1000 comments) |
|---|---|---|---|
| Claude CLI | Subscription ($20/mo) | Best quality + zero marginal cost | $0 (covered) |
| Codex CLI | Subscription ($20/mo) | Cost-effective, OpenAI quality | $0 (covered) |
| Ollama | Free (local) | Privacy, offline, no API costs | $0 |
| OpenAI API | Pay-per-token | Pay-as-you-go, low volume | $0.07 (with caching) |
| Anthropic API | Pay-per-token | Best quality, willing to pay | $0.22 (with caching) |
# Current (v1.x) - regex-only
pr-resolve apply --owner VirtualAgentics --repo my-repo --pr 123
# Parses: 1/5 comments (20%)
# v2.0 - LLM-powered (opt-in)
pr-resolve apply --llm --llm-provider claude-cli --owner VirtualAgentics --repo my-repo --pr 123
# Parses: 5/5 comments (100%)
# Use presets for quick config
pr-resolve apply --llm-preset claude-cli-sonnet --owner VirtualAgentics --repo my-repo --pr 123
pr-resolve apply --llm-preset ollama-local --owner VirtualAgentics --repo my-repo --pr 123 # Privacy-firstβ Zero Breaking Changes - All v1.x code works unchanged in v2.0
- LLM parsing disabled by default (opt-in via
--llmflag) - Automatic fallback to regex if LLM fails
- v1.x CLI commands work identically
- v1.x Python API unchanged
# v2.0: Changes include AI-powered insights
change = Change(
path="src/module.py",
start_line=10,
end_line=12,
content="new code",
# NEW in v2.0 (optional fields)
llm_confidence=0.95, # How confident the LLM is
llm_provider="claude-cli", # Which provider parsed it
parsing_method="llm", # "llm" or "regex"
change_rationale="Improves error handling", # Why change was suggested
risk_level="low" # "low", "medium", "high"
)Comprehensive planning documentation available:
- LLM Refactor Roadmap (15K words) - Full implementation plan
- LLM Architecture (8K words) - Technical specification
- Migration Guide (3K words) - v1.x β v2.0 upgrade path
- Phase 0-6: 10-12 weeks implementation
- Estimated Release: Q2 2025
- GitHub Milestone: v2.0 - LLM-First Architecture
- GitHub Issues: #114-#120 (Phases 0-6)
- ContextForge Memory - Original implementation
- CodeRabbit AI - AI-powered code review
Made with β€οΈ by VirtualAgentics