|
1 | | -# Codra |
2 | | - |
3 | | -<picture> |
4 | | - <source media="(prefers-color-scheme: dark)" srcset="./public/assets/codra-gh-banner-dark.svg"> |
5 | | - <source media="(prefers-color-scheme: light)" srcset="./public/assets/codra-gh-banner-light.svg"> |
6 | | - <img alt="Codra banner" src="./public/assets/codra-gh-banner-light.svg"> |
7 | | -</picture> |
8 | | - |
9 | | -Open source PR review infrastructure for Cloudflare Workers. |
10 | | - |
11 | | -Codra listens to GitHub pull request events, runs AI-powered review jobs, posts inline findings back to the PR, and gives you a dashboard to inspect jobs, repos, models, and review history. |
12 | | - |
13 | | -[](https://deploy.workers.cloudflare.com/?url=https://github.com/devarshishimpi/codra) |
14 | | - |
15 | | -## What Codra Does |
16 | | - |
17 | | -- Reviews pull requests automatically on `opened`, `synchronize`, `ready_for_review`, and `reopened` |
18 | | -- Supports mention-triggered reviews |
19 | | -- Posts inline PR comments and updates GitHub check runs |
20 | | -- Queues review jobs through Cloudflare Queues so webhook intake stays fast |
21 | | -- Stores job history, repo settings, and review metadata in external Postgres through Cloudflare Hyperdrive |
22 | | -- Ships with a built-in dashboard for jobs, repos, stats, settings, and replay/debug workflows |
23 | | -- Lets each repository override review behavior, skip globs, labels, and model routing |
| 1 | +<div align="center"> |
| 2 | + <h1>Codra</h1> |
| 3 | + |
| 4 | + <p> |
| 5 | + Self-hosted AI code review for GitHub pull requests.<br/> |
| 6 | + Cloudflare-native, queue-backed, repository-aware, and built for teams that want to own their review engine. |
| 7 | + </p> |
| 8 | + |
| 9 | + <p> |
| 10 | + <a href="LICENSE"><img alt="License: AGPL-3.0" src="https://img.shields.io/badge/license-AGPL--3.0-blue.svg"></a> |
| 11 | + <a href="https://github.com/devarshishimpi/codra/stargazers"><img alt="GitHub stars" src="https://img.shields.io/github/stars/devarshishimpi/codra?style=flat&logo=github"></a> |
| 12 | + <a href="https://workers.cloudflare.com/"><img alt="Cloudflare Workers" src="https://img.shields.io/badge/runtime-Cloudflare%20Workers-f38020?logo=cloudflare"></a> |
| 13 | + <a href="https://react.dev/"><img alt="Built with React" src="https://img.shields.io/badge/dashboard-React-61dafb?logo=react&logoColor=111"></a> |
| 14 | + <a href="https://www.typescriptlang.org/"><img alt="TypeScript" src="https://img.shields.io/badge/language-TypeScript-3178c6?logo=typescript&logoColor=fff"></a> |
| 15 | + </p> |
| 16 | + |
| 17 | + <br/> |
| 18 | + <br/> |
| 19 | + |
| 20 | + <p> |
| 21 | + <a href="https://codra.run">Website</a> |
| 22 | + | |
| 23 | + <a href="https://codra.run/docs">Docs</a> |
| 24 | + | |
| 25 | + <a href="https://codra.run/docs/installation">Installation</a> |
| 26 | + | |
| 27 | + <a href="https://github.com/devarshishimpi/codra/issues">Issues</a> |
| 28 | + | |
| 29 | + <a href="CONTRIBUTING.md">Contributing</a> |
| 30 | + </p> |
| 31 | +</div> |
| 32 | + |
| 33 | + |
| 34 | + |
| 35 | +Codra listens to GitHub pull request events, runs AI-powered review jobs, posts inline findings back to the PR, and gives you a dashboard to inspect jobs, repositories, model routing, review history, and failed queue runs. |
| 36 | + |
| 37 | +## Why Codra |
| 38 | + |
| 39 | +- **Own the whole review loop**: Run the GitHub App, Cloudflare Worker, queue, database, model credentials, and dashboard under your own control. |
| 40 | +- **Review with repository context**: Codra checks pull request diffs for correctness, security, performance, maintainability, and repo-specific patterns. |
| 41 | +- **Configure each repository**: Tune triggers, skipped paths, draft handling, mention reviews, labels, custom rules, and review budgets from the dashboard. |
| 42 | +- **Route models deliberately**: Use global defaults, per-repo model chains, fallbacks, and size-based overrides for larger pull requests. |
| 43 | +- **Operate the system**: Inspect job history, PR findings, webhook deliveries, queue failures, DLQ replay, model usage, and dashboard stats. |
| 44 | + |
| 45 | +## Features |
| 46 | + |
| 47 | +- Automatic reviews on `opened`, `synchronize`, `ready_for_review`, and `reopened` pull request events |
| 48 | +- Mention-triggered reviews for on-demand analysis |
| 49 | +- Inline GitHub review comments plus summary reviews and check run updates |
| 50 | +- Queue-backed processing through Cloudflare Queues |
| 51 | +- Dead letter queue inspection, replay, and purge workflows |
| 52 | +- GitHub OAuth dashboard authentication |
| 53 | +- External PostgreSQL storage through Cloudflare Hyperdrive |
| 54 | +- Google Gemini and Cloudflare Workers AI model providers |
| 55 | +- Repository settings for labels, skipped globs, custom rules, and model routing |
| 56 | + |
| 57 | +## How It Works |
| 58 | + |
| 59 | +1. GitHub sends Codra a pull request webhook. |
| 60 | +2. Codra verifies the signature and loads repository review settings. |
| 61 | +3. A review job is stored in PostgreSQL and queued on Cloudflare Queues. |
| 62 | +4. The Worker consumes the job, fetches the PR diff, runs model review passes, and formats findings. |
| 63 | +5. Codra posts inline comments and a summary review back to GitHub. |
| 64 | +6. The dashboard keeps the job history, findings, logs, stats, and replay tools available for operators. |
24 | 65 |
|
25 | 66 | ## Stack |
26 | 67 |
|
27 | | -- Cloudflare Workers + Hono |
28 | | -- React + Vite |
29 | | -- Cloudflare Queues + KV + Workers AI |
30 | | -- External Postgres via Cloudflare Hyperdrive and `postgres` |
31 | | -- GitHub App webhooks + checks + PR review APIs |
32 | | - |
33 | | -## Architecture |
34 | | - |
35 | | -1. GitHub sends a webhook to Codra. |
36 | | -2. Codra validates the signature and loads repo config from the database. |
37 | | -3. A review job is inserted into Postgres via Hyperdrive and queued on Cloudflare Queues. |
38 | | -4. The worker consumes the job, fetches the PR diff, runs model review passes, and formats findings. |
39 | | -5. Codra posts inline comments plus a summary review back to GitHub and stores the run for the dashboard. |
40 | | - |
41 | | -## Deploy To Cloudflare |
42 | | - |
43 | | -Use the button above to clone and deploy Codra to your own Cloudflare account. |
44 | | - |
45 | | -Cloudflare can provision or bind the Cloudflare-native resources defined in [`wrangler.jsonc`](/wrangler.jsonc), including: |
46 | | - |
47 | | -- `APP_KV` |
48 | | -- `REVIEW_QUEUE` |
49 | | -- Workers AI binding |
50 | | -- static asset hosting from `dist/client` |
51 | | - |
52 | | -What the deploy button does not provision for you: |
53 | | - |
54 | | -- your Postgres database and Hyperdrive config |
55 | | -- GitHub App credentials |
56 | | -- GitHub OAuth app credentials |
57 | | -- Gemini API key |
58 | | -- Cloudflare API credentials for DLQ inspection, replay, and purge |
59 | | - |
60 | | -That means the deploy flow is best thought of as "Cloudflare infrastructure bootstrap", followed by a short secrets setup step. |
61 | | - |
62 | | -For this repo's own production deployment, the checked-in route and binding IDs in [`wrangler.jsonc`](/wrangler.jsonc) are intentional. They are what keep `codra.run` deploying against the same Worker, KV namespace, and queues. If you fork Codra, replace those values with your own resources. |
63 | | - |
64 | | -## Required Secrets, DLQ, And Local DB Vars |
65 | | - |
66 | | -Codra expects these secrets in Cloudflare production and in local `.dev.vars` for development: |
67 | | - |
68 | | -- `APP_PRIVATE_KEY` |
69 | | -- `GITHUB_APP_ID` |
70 | | -- `GITHUB_APP_WEBHOOK_SECRET` |
71 | | -- `GITHUB_CLIENT_ID` |
72 | | -- `GITHUB_CLIENT_SECRET` |
73 | | -- `GEMINI_API_KEY` |
74 | | -- `CF_API_TOKEN` |
75 | | -- `CF_ACCOUNT_ID` |
76 | | - |
77 | | -DLQ setup is required during installation because Codra includes `/api/dlq` inspection, replay, and purge workflows. Create or identify the dead letter queue and copy its queue ID into `CF_DLQ_ID`: |
78 | | - |
79 | | -```bash |
80 | | -npx wrangler queues create codra-review-dlq |
81 | | -npx wrangler queues list |
82 | | -``` |
83 | | - |
84 | | -The Cloudflare API token must have Queues edit access for the account that owns the Worker queues. `CF_DLQ_ID` is a required environment variable, not a secret, and should point at the `codra-review-dlq` queue used by the `dead_letter_queue` consumer config in [`wrangler.jsonc`](/wrangler.jsonc). |
85 | | - |
86 | | -Local development and migrations also need: |
87 | | - |
88 | | -- `CLOUDFLARE_HYPERDRIVE_LOCAL_CONNECTION_STRING_HYPERDRIVE` for local Worker DB access |
89 | | -- `DATABASE_URL` for local/admin migrations |
90 | | - |
91 | | -The expected local shape is already documented in [`.dev.vars.example`](/.dev.vars.example). |
92 | | - |
93 | | -In the checked-in production Wrangler config, these values are regular environment vars rather than secrets: |
| 68 | +- **Worker**: Cloudflare Workers, Hono, Wrangler |
| 69 | +- **Dashboard**: React, Vite, Tailwind CSS, Radix UI, Recharts |
| 70 | +- **Data**: PostgreSQL, Cloudflare Hyperdrive, Cloudflare KV |
| 71 | +- **Queues**: Cloudflare Queues with DLQ workflows |
| 72 | +- **Models**: Google Gemini and Cloudflare Workers AI |
| 73 | +- **GitHub**: GitHub App webhooks, checks, reviews, and OAuth |
| 74 | +- **Quality**: TypeScript, Zod, Vitest, Playwright browser tests |
94 | 75 |
|
95 | | -- `AUTH_CALLBACK_URL` |
96 | | -- `DASHBOARD_ALLOWED_USERS` |
97 | | -- `CF_DLQ_ID` |
| 76 | +## Documentation |
98 | 77 |
|
99 | | -## Dashboard Auth |
| 78 | +The full setup and operations guides live at [codra.run/docs](https://codra.run/docs). |
100 | 79 |
|
101 | | -Codra now uses GitHub OAuth for dashboard access instead of a shared password. The main deployment only accepts GitHub users listed in `DASHBOARD_ALLOWED_USERS`. |
| 80 | +- [Installation guide](https://codra.run/docs/installation) |
| 81 | +- [Configuration guide](https://codra.run/docs/configuration) |
| 82 | +- [Deploy with Neon](https://codra.run/docs/neon) |
| 83 | +- [Contributing](CONTRIBUTING.md) |
| 84 | +- [Security policy](SECURITY.md) |
102 | 85 |
|
103 | | -Production setup requires: |
| 86 | +## Contributing |
104 | 87 |
|
105 | | -- one GitHub OAuth App for the dashboard |
106 | | -- the existing GitHub App for webhook/check/review automation |
107 | | - |
108 | | -## Postgres + Hyperdrive Setup |
109 | | - |
110 | | -Codra uses Cloudflare Hyperdrive to connect Workers to an external Postgres database. The database can be self-hosted or managed, and can sit behind PgBouncer. |
111 | | - |
112 | | -### 1. Create a Postgres database |
113 | | - |
114 | | -Create a Postgres database and keep a direct connection string available for migrations. |
115 | | - |
116 | | -### 2. Create a Hyperdrive config |
117 | | - |
118 | | -Point Hyperdrive at your database or PgBouncer endpoint: |
119 | | - |
120 | | -```bash |
121 | | -npx wrangler hyperdrive create codra-postgres --connection-string "postgresql://<user>:<password>@<host>:5432/<db>" |
122 | | -``` |
123 | | - |
124 | | -Copy the returned Hyperdrive ID into the `HYPERDRIVE` binding in [`wrangler.jsonc`](/wrangler.jsonc). |
125 | | - |
126 | | -### 3. Run migrations |
127 | | - |
128 | | -Codra applies SQL migrations automatically during deploy: |
129 | | - |
130 | | -- [`db/migrations/001_initial.sql`](/db/migrations/001_initial.sql) |
131 | | -- [`db/migrations/002_normalize_existing_schema.sql`](/db/migrations/002_normalize_existing_schema.sql) |
132 | | - |
133 | | -On a fresh database, `npm run deploy` initializes `001` and then applies newer migration files in order. On an existing database that predates migration tracking, deploy marks `001` as already applied and then runs later migrations. |
134 | | - |
135 | | -For local/admin runs, set `DATABASE_URL` and run: |
136 | | - |
137 | | -```bash |
138 | | -npm run migrate |
139 | | -``` |
140 | | - |
141 | | -### 4. Configure local development |
142 | | - |
143 | | -For `wrangler dev`, set Hyperdrive's local connection-string override in `.dev.vars`: |
144 | | - |
145 | | -```text |
146 | | -CLOUDFLARE_HYPERDRIVE_LOCAL_CONNECTION_STRING_HYPERDRIVE="postgresql://<user>:<password>@localhost:5432/<db>" |
147 | | -``` |
148 | | - |
149 | | -Do not commit a real local connection string. |
150 | | - |
151 | | -### 5. Keep one direct URL around for admin work |
152 | | - |
153 | | -For schema/admin tooling, keep a direct Postgres or PgBouncer connection string handy as `DATABASE_URL`. The deployed worker should use the Hyperdrive binding, while migration tools connect directly. |
154 | | - |
155 | | - |
156 | | -## Repository Config |
157 | | - |
158 | | -Each connected repo can be configured directly through the Codra dashboard. You can toggle reviews, customize model routing (including fallbacks and size-based overrides), set custom review rules, and manage labels. |
159 | | - |
160 | | -The dashboard provides a visual interface to manage all your repositories in one place, ensuring consistent and predictable AI review behavior across your organization. |
| 88 | +Contributions are welcome. Please read [CONTRIBUTING.md](CONTRIBUTING.md) before opening a pull request. Codra uses a Contributor License Agreement for contributions. |
161 | 89 |
|
162 | 90 | ## License |
163 | 91 |
|
164 | | -Codra is licensed under the **GNU Affero General Public License v3.0 (AGPL-3.0)**. |
165 | | - |
166 | | -### What this means: |
167 | | -- **Keep it Open**: If you modify Codra and host it as a service (SaaS), you **must** make your modified source code available to your users. |
168 | | -- **Hosted Version**: The maintainer (Devarshi Shimpi) reserves the right to provide a separate, proprietary hosted version of Codra. |
169 | | -- **Contributions**: By contributing to this repository, you agree that your contributions will be licensed under the same AGPL-3.0 license. |
170 | | - |
171 | | -See the [LICENSE](LICENSE) file for the full text. |
| 92 | +Codra is licensed under the [GNU Affero General Public License v3.0](LICENSE). |
0 commit comments