-
-
1. Landing Page
-
2. Landing Page
-
3. Connect with Github
-
4. OAuth
-
5. OAuth
-
6. Dashboard
-
8. Dashboard Graph
-
7. Dashboard Graph
-
9. Ask Sensai
-
10. Conventions from repo
-
11. Conventions from repo
-
12. PR Review
-
13. Review History
-
14. Security Scanner
-
15. Leadership Gamification
CORE: COde REviewer sensei
About the Project
We come from a development-driven environment where shipping code quickly is often the priority. In that process, mistakes happen more often than we would like to admit. Code gets pushed to the wrong branch. Pull requests get merged without a proper second look. Small issues slip through and later turn into conflicts that slow everyone down.
These were not rare incidents. We saw them happening around us, and we experienced them ourselves. What stood out was that most of these problems could have been avoided if there had been a proper reviewer in place before the merge happened.
But the bigger issue we noticed was knowledge transfer. Every development team has unwritten rules—naming conventions, architectural patterns, error handling approaches. This tribal knowledge lives in senior developers' heads, making onboarding slow and code reviews repetitive. When experienced developers leave, that knowledge often leaves with them.
This made us stop and reflect on the role of code reviews in real teams. Reviews are not just about finding bugs. They are about understanding intent, maintaining consistency, and protecting the stability of the codebase. When reviews are rushed or skipped, productivity drops and frustration grows.
That realization became the starting point for Core. We wanted to build a reviewer that could learn your team's unique coding DNA, step in early, understand the context of the code, and guide developers before problems make their way into the main branch. Something that supports the team instead of slowing it down, and helps the development process stay smooth, predictable, and efficient.
What We Built
Core is an AI-powered code review assistant and team learning platform designed to work alongside developers during the pull request stage.
It helps teams by:
- Learning Conventions — Automatically analyzes your codebase to extract team-specific coding patterns, naming conventions, and
architectural decisions - Intelligent PR Reviews — Reviews pull requests against YOUR team's standards using RAG (Retrieval-Augmented Generation), not generic
rules
- Ask Sensei — An interactive AI tutor that answers questions about your codebase structure, conventions, and best practices
- Security Scanner — Detects OWASP Top 10 vulnerabilities, hardcoded secrets, SQL injection, XSS, and other security issues
- AI Auto-Fix — Generates context-aware code fixes with diff previews for every violation
- Gamification — Leaderboards, badges, and streaks to keep developers engaged and motivated to improve code quality
By addressing issues before the merge and making knowledge accessible to everyone, Core helps reduce friction, accelerate onboarding,
improve collaboration, and increase overall productivity across the team.
🔹 High-Level System Flow
┌──────────────────────────────────────────────────────────────┐
│ CLIENT INTERFACES │
│ GitHub CLI • Web UI • IDE Plugin • API Consumers │
└──────────────────────────────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────────┐
│ API / ENTRY LAYER │
│ Express │
│ - Auth & Validation │
│ - Request Normalization │
└──────────────────────────────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────────┐
│ LANGGRAPH ORCHESTRATOR │
│ - Controls agent routing │
│ - Maintains state machine │
│ - Decides which agents run and in what order │
└──────────────────────────────────────────────────────────────┘
│
┌────────────────────┼────────────────────┐
▼ ▼ ▼
┌───────────────┐ ┌───────────────┐ ┌───────────────┐
│ LEARNER │ │ REVIEWER │ │ TUTOR │
│ │ │ │ │ │
│ Learns coding │ │ Detects │ │ Explains │
│ conventions │ │ violations │ │ issues with │
│ from: │ │ in code │ │ pedagogy │
│ - Repo history│ │ │ │ & examples │
│ - Style guides│ │ │ │ │
└───────────────┘ └───────────────┘ └───────────────┘
│ │ │
│ ┌─────────┴─────────┐ │
│ ▼ ▼ │
│ ┌──────────────┐ ┌──────────────┐ │
│ │ Naming Agent │ │ Structure │ │
│ │ │ │ Agent │ │
│ └──────────────┘ └──────────────┘ │
│ ┌──────────────┐ ┌──────────────┐ │
│ │ Patterns │ │ Testing │ │
│ │ Agent │ │ Agent │ │
│ └──────────────┘ └──────────────┘ │
│ │
└────────────────────┬───────────────────┘
▼
┌──────────────────────────────────────────────────────────────┐
│ FEEDBACK CONTROLLER │
│ - Aggregates agent output │
│ - Deduplicates & ranks issues │
│ - Formats into dev-friendly review comments │
└──────────────────────────────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────────┐
│ DELIVERY CHANNELS │
│ • GitHub PR Comments │
│ • CLI Output │
│ • IDE Hints │
│ • JSON API Response │
└──────────────────────────────────────────────────────────────┘
How We Built It
We built Core with a strong focus on real-world development workflows and intelligent automation.
AI Architecture:
At the core of the system is a multi-agent pipeline built with LangGraph that orchestrates specialized AI agents:
- Learner Agent — Analyzes codebases to extract conventions
- Reviewer Agent — Reviews PRs against learned conventions
- Tutor Agent — Answers questions using RAG-based retrieval
- Feedback Controller — Formats and delivers actionable feedback
All agents are powered by Google Gemini 3 through LangChain, enabling deep code understanding and contextual reasoning.
GitHub Integration:
We integrated with GitHub OAuth for authentication and used GitHub webhooks to trigger reviews automatically whenever a pull
request is created or updated. This allows the system to respond in real time, making the reviewer feel like a natural part of the
development cycle.
Knowledge Retrieval:
The system uses RAG (Retrieval-Augmented Generation) to ground all AI responses in actual code and conventions. When answering
questions or reviewing code, it retrieves relevant files from GitHub and conventions from the knowledge store, ensuring responses are
accurate and hallucination-free.
Frontend:
The frontend was built with Next.js 14 and designed to keep things simple and focused. Developers can quickly understand feedback, view diff previews, apply auto-fixes, and track their progress on the leaderboard.
Data Persistence:
Supabase with PostgreSQL stores conventions, review history, leaderboard data, and user sessions, allowing the system to continuously
improve with usage.
What We Learned
This project taught us that good tooling is deeply tied to how people actually work.
We learned how important context is when reviewing code, and how much better feedback becomes when it explains the reasoning behind
each suggestion rather than just pointing out errors. Educational feedback helps developers grow, not just fix issues.
We discovered the power of RAG for keeping AI responses grounded and accurate. By retrieving actual code and conventions before
generating responses, we eliminated the hallucination problem that plagues many AI coding assistants.
We also learned that automation works best when it supports developers instead of replacing human judgment. The goal is not to automate away code reviews, but to make them faster, more consistent, and more educational.
Most importantly, we learned the value of collaboration. Building this system required constant discussion, iteration, and problem-solving as a team.
Challenges We Faced
Cross-Domain Authentication:
One of the biggest challenges was handling OAuth authentication between our Vercel-hosted frontend and Render-hosted backend. Modern
browsers block third-party cookies, breaking traditional session-based auth. We solved this by implementing a token-based authentication
flow that passes user data via URL callbacks and stores credentials in localStorage.
GitHub Integration Complexity:
Integrating GitHub webhooks and ensuring events triggered correctly and securely took careful planning. We needed to handle multiple event types (PR opened, synchronized, reopened) and validate webhook signatures for security.
Context Window Management:
Large codebases exceed Gemini's context limits. We implemented smart chunking and relevance-based retrieval to fetch only pertinent files
for each question or review, using keyword extraction and scoring algorithms.
Grounded AI Responses:
Preventing AI hallucinations required strict grounding. We designed the system to only answer based on retrieved evidence, and to
explicitly say "I don't have information about that" when context is missing.
Balancing Feedback Quality:
Designing feedback that felt helpful and constructive rather than overwhelming was challenging. We had to balance accuracy, clarity, and
performance while ensuring explanations taught developers WHY patterns matter, not just what to fix.
Overcoming these challenges together strengthened the project and reinforced the importance of teamwork in building reliable developer
tools.
Built With
- Google Gemini 3
- LangChain
- LangGraph
- TypeScript
- Node.js
- Express.js
- Next.js 14
- React
- Tailwind CSS
- shadcn/ui
- Supabase
- PostgreSQL
- GitHub OAuth
- GitHub API
- GitHub Webhooks
- Vercel
- Render
Try It Out
- Live Demo: https://code-reviewer-sensei.vercel.app
- Source Code: https://github.com/shalwin04/code-reviewer-sensei
- Demo Video: https://www.youtube.com/watch?v=qazbX-ssp2c
Built With
- gemini
- genai
- git
- github
- langgraph
- llm
- mcp
- nextjs
- postgresql
- render
- supabase
- typescript
- vercel
Log in or sign up for Devpost to join the conversation.