CodeRabbit reviews your PR. CodePulse reviews your habits.
Install once on GitHub, pick your repos, and open a pull request. CodePulse reviews the diff inline like a senior engineer would β pinned to exact lines, with severity labels β then quietly remembers every issue against the developer who wrote it.
Every Week, each developer gets a personalized digest: "You introduced 3 SQL injection patterns this week. Here's how to stop."
| π€ Automatic PR reviews | Triggered on opened, synchronize, and reopened. Inline comments pinned to exact lines with Critical / High / Medium / Low severity labels. |
| π§ Two-pass AI analysis | File triage first, then chunked deep review. Groq + Llama 3.3 70B with structured tool-calling returns typed JSON per issue. |
| π Per-developer pattern tracking | Every issue is stored against the developer who wrote it, across every PR, forever. The longer you use it, the sharper it gets. |
| π¬ Weekly personalized digests | Weekly emails surface recurring mistakes per developer with concrete fixes. Powered by Resend. |
| π Team dashboard | PR volume, review latency, connected repos, severity trends, category breakdown, file-level hotspots. |
| π Multi-tenant isolation | Scoped per GitHub App installation β each org's data is fully isolated. |
| π‘οΈ Signed webhooks | HMAC-SHA256 verification on every event. Lockfiles, minified assets, and generated files are skipped automatically. |
ββββββββββββββββββββββββββββββββ
β GitHub PR opened β
ββββββββββββββββ¬ββββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββ
β Webhook (HMAC-SHA256 β) β
ββββββββββββββββ¬ββββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββ
β Express Β· Fetch diff β
β Parse unified diff format β
ββββββββββββββββ¬ββββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββ
β Groq Β· Llama 3.3 70B β
β Structured tool-calling β
β β typed JSON per issue β
ββββββββββββββββ¬ββββββββββββββββ
β
βββββββββββββββββββββ΄ββββββββββββββββββββ
βΌ βΌ
ββββββββββββββββββββββββββββ ββββββββββββββββββββββββββββ
β GitHub REST API β β PostgreSQL (Neon) β
β Inline review comments β β Per dev Β· per repo Β· PR β
ββββββββββββββββββββββββββββ ββββββββββββββββ¬ββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββ
β GitHub Actions (schedule)β
β Weekly trigger β
βββββββββββββββ¬βββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββ
β Digest API endpoint β
β Aggregate β Build digest β
βββββββββββββββ¬βββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββ
β Email pipeline (Resend) β
β β
ββββββββββββββββββββββββββββ
Webhooks hit the API on Azure directly. The Vercel frontend proxies /api/v1/* to the backend, keeping session cookies same-origin so sign-in works without third-party cookie headaches.
|
Backend
|
Frontend
|
Infrastructure
|
- Mapping GitHub diff hunks to absolute file line numbers reliably across multi-commit PR updates
- Structuring LLM outputs into strict JSON to eliminate parsing ambiguity
- Preventing duplicate or noisy review comments across webhook retries
- Designing per-developer attribution logic from Git commit metadata across forks and rebases
- Node.js 18+
- PostgreSQL β Neon free tier works great
- GitHub App + OAuth App β setup docs
- Groq API key β console.groq.com
- Resend API key β resend.com
git clone https://github.com/ahmadmustafa02/CodePulse
cd CodePulse
cd server && npm install
cd ../web && npm installcd server
cp .env.example .env
# Fill in your values (see env vars table below)
npx prisma migrate deploy
npm run devServer runs at
http://localhost:3001
cd web
cp .env.example .env.local
npm run devDashboard runs at
http://localhost:3000
| Local | Production | |
|---|---|---|
| OAuth callback | http://localhost:3001/api/v1/auth/github/callback |
https://your-api-host/api/v1/auth/github/callback |
| Webhook URL | ngrok β /api/v1/webhooks/github |
https://your-api-host/api/v1/webhooks/github |
| Webhook events | Pull request | Pull request |
Minimum GitHub App permissions
| Permission | Access |
|---|---|
| Repository metadata | Read |
| Contents | Read |
| Pull requests | Read & write |
- Sign in with GitHub at
localhost:3000 - Install the GitHub App on a test repository
- Confirm the repo appears under Connected Repositories
- Open a PR with a real code change (not just lockfiles)
- Watch for inline review comments within 1β3 minutes
- Refresh the dashboard β the PR appears under Recent Reviews
π‘ Debugging tip: Check GitHub β App β Advanced β Recent Deliveries for
202responses to confirm webhooks are reaching the server.
Server Β· server/.env
| Variable | Description |
|---|---|
DATABASE_URL |
Neon / PostgreSQL connection string |
GITHUB_APP_ID |
GitHub App ID |
GITHUB_PRIVATE_KEY |
App private key (PEM, \n escaped) |
GITHUB_WEBHOOK_SECRET |
Webhook secret (min 20 chars) |
GITHUB_OAUTH_CLIENT_ID |
OAuth App client ID |
GITHUB_OAUTH_CLIENT_SECRET |
OAuth App client secret |
GITHUB_OAUTH_CALLBACK_URL |
Must match OAuth app settings exactly |
GROQ_API_KEY |
Groq API key |
AUTH_SECRET |
Session JWT signing secret (min 32 chars) |
WEB_APP_URL |
Frontend origin for CORS and redirects |
RESEND_API_KEY |
Resend API key |
DIGEST_FROM_EMAIL |
Sender address for digest emails |
DIGEST_CRON_SECRET |
Protects the digest trigger endpoint |
Web Β· web/.env.local
| Variable | Description |
|---|---|
AUTH_SECRET |
Must match server AUTH_SECRET |
AUTH_GITHUB_ID |
OAuth App client ID |
AUTH_GITHUB_SECRET |
OAuth App client secret |
VITE |
API base URL (http://localhost:3001/api/v1 locally) |
# ββ Server ββββββββββββββββββββββββββββββββ
npm run dev # nodemon + ts-node
npm run build # compile TypeScript
npm run start # node dist/index.js
npm run lint
npm run typecheck
# ββ Web βββββββββββββββββββββββββββββββββββ
npm run dev # react dev server
npm run build # production build
npm run lint| Layer | Host |
|---|---|
| Frontend | Vercel |
| API | Azure App Service |
| Database | Neon PostgreSQL |
| Cron | Github Actions |
β οΈ Webhooks must point to the API host directly β never the Vercel frontend URL.
Not another noisy bot.
β If CodePulse is useful to you, star the repo β it helps a lot.