multi-agent-code-review

<div align="center">

# 🔍 Multi-Agent Automatic Code Review System

### *An autonomous AI-powered CI/CD code review pipeline built with CrewAI & OpenAI*

---

![Python](https://img.shields.io/badge/Python-3.10+-3776AB?style=for-the-badge&logo=python&logoColor=white)
![CrewAI](https://img.shields.io/badge/CrewAI-1.3.0-FF6B6B?style=for-the-badge&logo=robot&logoColor=white)
![OpenAI](https://img.shields.io/badge/OpenAI-GPT--4o--mini-412991?style=for-the-badge&logo=openai&logoColor=white)
![OWASP](https://img.shields.io/badge/Security-OWASP-000000?style=for-the-badge&logo=owasp&logoColor=white)
![Jupyter](https://img.shields.io/badge/Jupyter-Notebook-F37626?style=for-the-badge&logo=jupyter&logoColor=white)
![License](https://img.shields.io/badge/License-MIT-22C55E?style=for-the-badge)

---

> 💡 *"Code reviews are critical but time-consuming. I built this system to automate the entire review pipeline — quality, security, and final decision — using collaborating AI agents."*
>
> **— Pradeep Kumar**

---

![Banner](https://images.unsplash.com/photo-1555066931-4365d14bab8c?w=1200&h=400&fit=crop&q=80)

</div>

---

## 📌 Table of Contents

- [🌟 Why I Built This](#-why-i-built-this)
- [✨ Key Features](#-key-features)
- [🏗️ System Architecture](#-system-architecture)
- [🤖 The AI Agents](#-the-ai-agents)
- [🛠️ Tools Used](#-tools-used)
- [📋 Tasks Breakdown](#-tasks-breakdown)
- [⚙️ Installation & Setup](#-installation--setup)
- [🚀 How to Run](#-how-to-run)
- [📊 Example Output](#-example-output)
- [🧠 How It Works](#-how-it-works)
- [📁 Project Structure](#-project-structure)
- [🔮 Future Improvements](#-future-improvements)
- [👤 Author](#-author)

---

## 🌟 Why I Built This

Manual code reviews are one of the biggest bottlenecks in software development. Engineers spend hours reviewing PRs — checking for bugs, style issues, and security vulnerabilities — before a single line reaches production.

I built this system to **automate that entire process** using three collaborating AI agents. Each agent has a specialized role, just like a real engineering team: one reviews code quality, one checks security against OWASP standards, and one makes the final call on whether to approve, request fixes, or escalate to a human.

The result is a system that can review a pull request in minutes and produce a structured, actionable report — all without human intervention.

---

## ✨ Key Features

| Feature | Description |
|--------|-------------|
| 🤖 **3-Agent Pipeline** | Senior Developer, Security Engineer, and Tech Lead work in sequence |
| 🔐 **OWASP Security Checks** | Live search of OWASP standards for real-world vulnerability detection |
| 🌐 **Live Web Research** | Agents use SerperDev + web scraping for up-to-date security intelligence |
| 📋 **Structured JSON Output** | Quality and security reports returned as parseable JSON |
| ✅ **3-Way Decision Engine** | Auto-approve, request fixes, or escalate to human reviewer |
| 🔗 **CI/CD Ready** | Designed to plug into any continuous integration pipeline |
| 🔧 **Fully Configurable** | Works with any codebase — just swap out `code_changes.txt` |

---

## 🏗️ System Architecture

```
┌──────────────────────────────────────────────────────────────┐
│                    CODE REVIEW CREW                          │
│                                                              │
│  ┌──────────────────┐                                        │
│  │  Senior Developer│ ──── Analyzes code quality            │
│  │  Agent 🧑‍💻        │      bugs & maintainability           │
│  └────────┬─────────┘                                        │
│           │ output (JSON)                                    │
│  ┌────────▼─────────┐                                        │
│  │ Security Engineer│ ──── Checks OWASP vulnerabilities     │
│  │ Agent 🔐          │      via live web search              │
│  └────────┬─────────┘                                        │
│           │ output (JSON)                                    │
│  ┌────────▼─────────┐                                        │
│  │  Tech Lead        │ ──── Makes final decision:            │
│  │  Agent ✅         │      Approve / Fix / Escalate         │
│  └────────┬─────────┘                                        │
│           │                                                  │
│  ┌────────▼──────────────────────────┐                       │
│  │  TOOLS: SerperDevTool (OWASP)     │                       │
│  │         ScrapeWebsiteTool         │                       │
│  └───────────────────────────────────┘                       │
└──────────────────────────────────────────────────────────────┘
                         │
                         ▼
            📊 Final Code Review Report
         (Approve / Request Fixes / Escalate)
```

---

## 🤖 The AI Agents

### 🧑‍💻 Agent 1 — Senior Developer
- **Role:** Reviews code for bugs, style issues, and maintainability problems
- **Goal:** Classify issues as critical (blocking) or minor (non-blocking)
- **Output:** JSON with `critical_issues`, `minor_issues`, `reasoning`

### 🔐 Agent 2 — Security Engineer
- **Role:** Identifies security vulnerabilities using OWASP Top 10 standards
- **Goal:** Determine risk levels and whether issues should block the PR
- **Tools:** `SerperDevTool` (OWASP search), `ScrapeWebsiteTool`
- **Output:** JSON with `security_vulnerabilities`, `blocking`, `highest_risk`, `security_recommendations`

### ✅ Agent 3 — Tech Lead
- **Role:** Reads both agents' reports and makes the final PR decision
- **Goal:** Auto-approve, request specific fixes, or escalate to human review
- **Context:** Receives outputs from both previous agents
- **Output:** Final review report with decision and recommendations

---

## 🛠️ Tools Used

| Tool | Purpose |
|------|---------|
| 🌐 `SerperDevTool` | Searches OWASP website for relevant security vulnerabilities |
| 🔬 `ScrapeWebsiteTool` | Scrapes OWASP pages for detailed vulnerability information |
| 🧠 `ChatOpenAI (GPT-4o-mini)` | Powers all three agents' reasoning and decision-making |

---

## 📋 Tasks Breakdown

### 📋 Task 1 — Code Quality Analysis
Reviews the PR diff for bugs, anti-patterns, and style issues. Classifies each issue as critical or minor and returns a structured JSON report.

### 🔐 Task 2 — Security Review
Scans for OWASP Top 10 vulnerabilities — SQL injection, XSS, auth weaknesses, data exposure. Determines risk levels and whether any issue should block the PR.

### ✅ Task 3 — Review Decision
Uses both previous reports as context to make the final decision: auto-approve, request fixes with a specific list, or escalate with reasoning for why human review is needed.

---

## ⚙️ Installation & Setup

### Prerequisites
- Python 3.10+
- OpenAI API Key → [Get one here](https://platform.openai.com)
- Serper API Key → [Get one here](https://serper.dev)

### Install Dependencies

```bash
pip install -r requirements.txt
```

### Configure API Keys

```bash
cp .env.example .env
```

Then open `.env` and fill in your keys:
```
OPENAI_API_KEY=your-openai-api-key-here
OPENAI_MODEL_NAME=gpt-4o-mini
SERPER_API_KEY=your-serper-api-key-here
```

---

## 🚀 How to Run

```bash
# 1. Clone the repository
git clone https://github.com/Pradeep-Kumar25th/multi-agent-code-review.git
cd multi-agent-code-review

# 2. Install dependencies
pip install -r requirements.txt

# 3. Set up API keys
cp .env.example .env   # then fill in your keys

# 4. Add your code changes
# Paste your PR diff into code_changes.txt

# 5. Open the notebook
jupyter notebook "Multi-Agent Automatic Code Review System.ipynb"

# 6. Run all cells!
```

### 🎯 Customize for Your Own PR

Replace the contents of `code_changes.txt` with your own pull request diff:

```bash
# Export your git diff to code_changes.txt
git diff main feature/your-branch > code_changes.txt
```

---

## 📊 Example Output

```
✅ FINAL REVIEW DECISION — Tech Lead
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

🔴 DECISION: REQUIRES FIXES

[truncated…]