PRISM

Landing page
Repo Analytics

Inspiration

Modern development moves fast, but code review hasn’t evolved at the same pace. Teams rely on CI tools that flag syntax errors or enforce rigid rules, but they rarely help reviewers understand why a change matters or how it affects the long-term health of a repository.

We were inspired by the gap between automated checks and human judgment. Pull requests are where critical decisions happen, yet reviewers often skim diffs without enough context. We wanted to build a system that augments human review instead of replacing it.

PRISM was created to make code reviews more thoughtful, data-driven, and risk-aware.

What it does

PRISM is a human-in-the-loop AI GitHub supervisor that analyzes pull requests and tracks repository health over time.

For every pull request, PRISM: • Collects structural signals (diff size, files changed, directories touched) • Performs basic automated checks (lint signals, test presence) • Uses AI to reason about the intent and risk of the change • Posts a clear, human-readable review comment directly on the PR

Over time, PRISM aggregates these signals to compute a repository health score, helping teams understand whether development is getting safer or riskier as they move fast.

PRISM does not block merges or auto-approve code. It explains, suggests, and highlights risk — humans remain in control.

How we built it

PRISM is built as a modular system: • GitHub Actions (Node.js) Triggers on pull request events, gathers metadata and diffs, runs lightweight checks, and sends structured data to the backend. • Backend API (FastAPI) Exposes analysis endpoints, combines deterministic heuristics with AI reasoning, and returns structured insights. • AI Layer (Gemini) Performs semantic analysis of code diffs to identify intent, risk, and potential failure modes. • Scoring & Synthesis Layer Converts raw signals into meaningful risk explanations and health score updates. • Frontend Dashboard (Next.js + Tailwind) Visualizes repository health trends and recent pull request insights in a simple, developer-friendly UI.

The system is designed around a clear contract between components so each part can evolve independently.

Challenges we ran into

• Balancing AI and determinism

We had to carefully separate what machines should calculate deterministically (size, frequency, structure) from what AI should reason about (meaning and impact). • Deployment complexity Managing multiple runtimes (Node.js, Python, AI APIs) across different environments required careful isolation and configuration. • Avoiding over-automation Many existing tools feel intrusive. We intentionally designed PRISM to advise rather than enforce, which required restraint in both logic and UX. • Keeping outputs explainable AI output needed to be grounded in evidence from the diff, not vague or generic statements.

Accomplishments that we’re proud of

• Built a working end-to-end PR analysis pipeline
• Designed a clear human-in-the-loop review model
• Implemented semantic code reasoning, not just linting
• Created a clean backend contract usable by both GitHub Actions and the dashboard
• Delivered meaningful insights without blocking developer workflows

Most importantly, PRISM already answers questions reviewers actually care about:

“Why does this change matter, and what should I double-check?”

What we learned

• AI is most effective when it augments judgment, not when it replaces it
• Clear interfaces and contracts matter more than clever implementations
• Developer tools succeed when they reduce cognitive load, not when they add rules
• Good explanations are often more valuable than perfect predictions

We also learned how to coordinate complex systems under time pressure — and when not to over-engineer.

What’s next for PRISM

• Deeper AI-driven reasoning over historical changes
• More granular health metrics and trend analysis
• Security-focused extensions like secret detection
• Integration with analytics platforms for richer insights
• Customizable risk profiles for different teams and repositories

Long-term, PRISM aims to treat codebases like products — with health, trends, and signals that guide better decisions.