Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
1641cb7
add: update readme docs
devarshishimpi Jun 8, 2026
1b09185
fix: bump vulnerable packages
devarshishimpi Jun 29, 2026
d516dcd
add: anonymous telemetry support
devarshishimpi Jun 29, 2026
1d476ef
add: enhance new installs ui components and skeleton loaders for bett…
devarshishimpi Jun 29, 2026
249c686
feat: update font imports, improve jobs search bar UI, add stale repo…
devarshishimpi Jun 30, 2026
ff827a4
feat: add motion components for sidebar navigation and enhance UI int…
devarshishimpi Jul 1, 2026
874240c
refactor: remove dead letter queue (DLQ) functionality and related code
devarshishimpi Jul 1, 2026
da78d2c
feat: enhance job recovery and review flow with improved error handli…
devarshishimpi Jul 2, 2026
ab5476d
feat: add workflow instance ID column and index, enhance telemetry er…
devarshishimpi Jul 2, 2026
7caa12c
fix: sidebar active btn colors
devarshishimpi Jul 2, 2026
1441b4c
fix: update onMouseEnter typecheck
devarshishimpi Jul 2, 2026
fa0dd10
feat: add role property to systemInstruction in reviewWithGoogle func…
devarshishimpi Jul 2, 2026
cad969b
Merge pull request #24 from devarshishimpi/feature/anon-metadata-trac…
devarshishimpi Jul 2, 2026
9a4373d
add: tabs and select component for motion UI
devarshishimpi Jul 2, 2026
03b1506
feat: add review performance settings and UI components
devarshishimpi Jul 2, 2026
2dc58af
feat: implement smooth scrolling with lenis integration
devarshishimpi Jul 3, 2026
402da0f
feat: refactor diff parsing and review flow to support custom file ma…
devarshishimpi Jul 3, 2026
0417628
refactor: stats page and model configurations
devarshishimpi Jul 6, 2026
82c0bba
refactor: enhance review job concurrency handling and caching mechanisms
devarshishimpi Jul 7, 2026
8b03e91
refactor: improve handling of subrequest budget limits in review job …
devarshishimpi Jul 7, 2026
49819a8
fix: enhance model service caching and timeout handling, improve revi…
devarshishimpi Jul 7, 2026
5e48346
fix: implement job continuation tracking and enhance concurrency hand…
devarshishimpi Jul 7, 2026
cf8539a
fix: enhance CI configuration, improve select component accessibility…
devarshishimpi Jul 7, 2026
2da6d8e
fix: google api test case failing
devarshishimpi Jul 7, 2026
ebf33dc
add: enhance model timeout handling and implement concurrency limits …
devarshishimpi Jul 7, 2026
69bf655
feat: add job cancellation and deletion endpoints, enhance job status…
devarshishimpi Jul 9, 2026
7578742
feat(telemetry): add opt-out for telemetry and allow secret override
devarshishimpi Jul 9, 2026
d9ae6d7
feat: implement in-memory token caching for GitHub requests and enhan…
devarshishimpi Jul 10, 2026
0a4074e
Merge pull request #26 from devarshishimpi/feature/ui-slider-jobs-con…
devarshishimpi Jul 10, 2026
08c9545
add: prepare v0.9.4 release
devarshishimpi Jul 10, 2026
33f7ba3
feat: enhance job handling and review process, optimize KV writes, an…
devarshishimpi Jul 11, 2026
0af847f
feat: enhance review workflow to support fresh instance handling for …
devarshishimpi Jul 11, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions .dev.vars.example
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,7 @@ GITHUB_CLIENT_SECRET="REPLACE_WITH_YOUR_CLIENT_SECRET"
APP_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\nREPLACE_WITH_YOUR_GITHUB_APP_PRIVATE_KEY_CONTENT\n-----END RSA PRIVATE KEY-----"

# --- Cloudflare API ---
# Required permissions: Queues Edit for DLQ actions, Workers AI Read for
# Cloudflare model catalog discovery.
# Required permission: Workers AI Read for Cloudflare model catalog discovery.
CF_ACCOUNT_ID="REPLACE_WITH_YOUR_CLOUDFLARE_ACCOUNT_ID"
CF_API_TOKEN="REPLACE_WITH_CLOUDFLARE_API_TOKEN"

Expand All @@ -26,6 +25,13 @@ APP_URL="http://localhost:8787"
AUTH_CALLBACK_URL="http://localhost:8787/auth/github/callback"
ENVIRONMENT="development"

# --- Telemetry (optional) ---
# Anonymous aggregate usage stats are sent to https://codra.run/api/telemetry by default.
# Set TELEMETRY_DISABLED to "true" (or "1") to opt out entirely.
# TELEMETRY_DISABLED="true"
# TELEMETRY_API_URL="https://codra.run/api/telemetry"
# TELEMETRY_SECRET="REPLACE_TO_OVERRIDE_DEFAULT_TELEMETRY_SECRET"

# --- Database connections ---
DATABASE_URL="postgresql://user:password@localhost:5432/codra_dev"
CLOUDFLARE_HYPERDRIVE_LOCAL_CONNECTION_STRING_HYPERDRIVE="postgresql://user:password@localhost:5432/codra_dev"
11 changes: 11 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"

- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
7 changes: 5 additions & 2 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

permissions:
contents: read

jobs:
verify:
name: Verify Stability
Expand Down Expand Up @@ -46,10 +49,10 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Setup Node.js
uses: actions/setup-node@v4
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: 20
cache: 'npm'
Expand Down
33 changes: 33 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
name: CodeQL

on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
- cron: '0 0 * * 1'

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write

strategy:
matrix:
language: ['javascript-typescript']

steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Initialize CodeQL
uses: github/codeql-action/init@411c4c9a36b3fca4d674f06b6396b2c6d23522c6 # v3.36.3
with:
languages: ${{ matrix.language }}

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@411c4c9a36b3fca4d674f06b6396b2c6d23522c6 # v3.36.3
61 changes: 61 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
# Changelog

## v0.9.4

### What's New

- **Job Cancellation & Deletion:** Review jobs can now be cancelled and deleted directly, with improved job status handling.
- **Telemetry Opt-Out:** Anonymous telemetry now ships with a clear opt-out and support for overriding the telemetry secret.
- **Concurrency Controls:** Model calls now respect configurable concurrency limits, with enhanced timeout handling to keep reviews from stalling.
- **Custom File Matchers:** Diff parsing and the review flow were refactored to support custom file matchers.
- **Review Performance Settings:** New settings and UI for tuning review performance.
- **Motion UI:** Smooth scrolling (Lenis) and new motion-based sidebar navigation, tabs, and select components.
- **New Installs Experience:** Improved UI and skeleton loaders for new installs.

### Improvements

- Added in-memory token caching for GitHub requests to reduce redundant API calls.
- Job continuation tracking added so long-running reviews resume more reliably under concurrency limits.
- Improved handling of subrequest budget limits during review job processing.
- Enhanced review job concurrency handling and caching mechanisms.
- Improved model service caching, timeout handling, and review settings API, with added tests for concurrency limits.
- Enhanced CI configuration, select component accessibility, and optimized stats queries.
- Refactored stats page and model configurations.
- Removed dead letter queue (DLQ) functionality and related dead code.
- Updated font imports and improved the jobs search bar UI, with added stale repo cleanup.
- Bumped vulnerable packages.

### Bug Fixes

- Fixed a failing Google API test case.
- Fixed `onMouseEnter` typecheck issue.
- Fixed sidebar active button colors.

**Full Changelog**: https://github.com/devarshishimpi/codra/commits/v0.9.4

## v0.9.2

### What's New

- **UI Redesign:** Full visual overhaul of the dashboard, landing page, and auth flows with an updated color system, improved dark mode, and a cleaner layout overall.
- **Code Splitting:** All pages now use `React.lazy` for async loading, reducing initial bundle size and improving load times.
- **Custom LLM Providers:** Manage custom OpenAI-compatible API providers directly from the dashboard. Rate limits are optional. No more hardcoded keys in wrangler config.
- **Cloudflare Setup Script:** A new Node.js script automates the full Cloudflare deployment setup, making self-hosting significantly easier.
- **Increased Review Capacity:** Max files processed per review raised from 15 to 100.

### Improvements

- Review jobs are now resumable and lease-aware, stalled reviews can recover automatically.
- Added retry logic for transient model provider failures.
- Optimized job polling with ETag caching and adaptive delays.
- Improved settings UI, error reporting, and API robustness across the board.
- Added GitHub Actions CI with a disposable test environment for the full test suite.

### Bug Fixes

- Fixed `APP_PRIVATE_KEY` parsing for single-line strings with literal `\n` sequences.
- Fixed database migration failures on existing deployments.
- Fixed duplicate `/api/auth/updates-email` calls on page load.
- Fixed file review status bar rendering on the dashboard.

**Full Changelog**: https://github.com/devarshishimpi/codra/commits/v0.9.2
9 changes: 4 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,23 +30,22 @@

Codra listens to GitHub pull request events, runs AI-powered review jobs, posts inline findings back to the PR, and gives you a dashboard to inspect jobs, repositories, model routing, review history, and failed queue runs.

> **Beta** -- Codra is under active development. Expect rough edges, missing features, and breaking changes between releases. Feedback and bug reports are welcome via [GitHub Issues](https://github.com/devarshishimpi/codra/issues).
> **Beta** - Codra is under active development. Expect rough edges, missing features, and breaking changes between releases. Feedback and bug reports are welcome via [GitHub Issues](https://github.com/devarshishimpi/codra/issues).

## Why Codra

- **Own the whole review loop**: Run the GitHub App, Cloudflare Worker, queue, database, model credentials, and dashboard under your own control.
- **Review with repository context**: Codra checks pull request diffs for correctness, security, performance, maintainability, and repo-specific patterns.
- **Configure each repository**: Tune triggers, skipped paths, draft handling, mention reviews, labels, custom rules, and review budgets from the dashboard.
- **Route models deliberately**: Use global defaults, per-repo model chains, fallbacks, and size-based overrides for larger pull requests.
- **Operate the system**: Inspect job history, PR findings, webhook deliveries, queue failures, DLQ replay, model usage, and dashboard stats.
- **Operate the system**: Inspect job history, PR findings, webhook deliveries, model usage, and dashboard stats.

## Features

- Automatic reviews on `opened`, `synchronize`, `ready_for_review`, and `reopened` pull request events
- Mention-triggered reviews for on-demand analysis
- Inline GitHub review comments plus summary reviews and check run updates
- Queue-backed processing through Cloudflare Queues
- Dead letter queue inspection, replay, and purge workflows
- GitHub OAuth dashboard authentication
- External PostgreSQL storage through Cloudflare Hyperdrive
- Dashboard-managed LLM providers for OpenAI, OpenRouter, Anthropic, Google, and Cloudflare models
Expand All @@ -59,14 +58,14 @@ Codra listens to GitHub pull request events, runs AI-powered review jobs, posts
3. A review job is stored in PostgreSQL and queued on Cloudflare Queues.
4. The Worker consumes the job, fetches the PR diff, runs model review passes, and formats findings.
5. Codra posts inline comments and a summary review back to GitHub.
6. The dashboard keeps the job history, findings, logs, stats, and replay tools available for operators.
6. The dashboard keeps the job history, findings, logs, and stats available for operators.

## Stack

- **Worker**: Cloudflare Workers, Hono, Wrangler
- **Dashboard**: React, Vite, Tailwind CSS, Radix UI, Recharts
- **Data**: PostgreSQL, Cloudflare Hyperdrive, Cloudflare KV
- **Queues**: Cloudflare Queues with DLQ workflows
- **Queues**: Cloudflare Queues and Workflows
- **Models**: OpenAI, OpenRouter, Anthropic, Google, and Cloudflare providers
- **GitHub**: GitHub App webhooks, checks, reviews, and OAuth
- **Quality**: TypeScript, Zod, Vitest, Playwright browser tests
Expand Down
4 changes: 2 additions & 2 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ Only the latest version of Codra is currently supported with security updates. I

| Version | Supported |
| ------- | ------------------ |
| >=0.9.x | :white_check_mark: |
| < 0.9.0 | :x: |
| >=0.9.4 | :white_check_mark: |
| < 0.9.4 | :x: |

## Reporting a Vulnerability

Expand Down
20 changes: 0 additions & 20 deletions db/migrations/001_initial.sql
Original file line number Diff line number Diff line change
Expand Up @@ -615,26 +615,6 @@ ON CONFLICT (model_id) DO UPDATE SET
model_name = EXCLUDED.model_name,
updated_at = now();

INSERT INTO model_configs (model_id, rpm, tpm, rpd, provider, provider_id, model_name, updated_at)
SELECT 'gemma-4-31b-it', 15, 1000000, 1500, 'gemini', p.id, 'gemma-4-31b-it', now()
FROM llm_providers p
WHERE p.name = 'Google'
ON CONFLICT (model_id) DO UPDATE SET
provider = EXCLUDED.provider,
provider_id = EXCLUDED.provider_id,
model_name = EXCLUDED.model_name,
updated_at = now();

INSERT INTO model_configs (model_id, rpm, tpm, rpd, provider, provider_id, model_name, updated_at)
SELECT 'gemma-4-26b-a4b-it', 30, 1000000, 1500, 'gemini', p.id, 'gemma-4-26b-a4b-it', now()
FROM llm_providers p
WHERE p.name = 'Google'
ON CONFLICT (model_id) DO UPDATE SET
provider = EXCLUDED.provider,
provider_id = EXCLUDED.provider_id,
model_name = EXCLUDED.model_name,
updated_at = now();

ALTER TABLE model_configs ALTER COLUMN provider_id SET NOT NULL;
ALTER TABLE model_configs ALTER COLUMN model_name SET NOT NULL;
ALTER TABLE model_configs ALTER COLUMN rpm DROP NOT NULL;
Expand Down
25 changes: 25 additions & 0 deletions db/migrations/002_jobs_async_review.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
ALTER TABLE jobs ADD COLUMN IF NOT EXISTS workflow_instance_id UUID;
CREATE INDEX IF NOT EXISTS idx_jobs_workflow_instance_id ON jobs(workflow_instance_id);

CREATE TABLE IF NOT EXISTS global_settings (
key TEXT PRIMARY KEY,
value TEXT NOT NULL
);

INSERT INTO global_settings (key, value) VALUES
('review_concurrency_level', 'medium'),
('review_max_comments', '10')
ON CONFLICT (key) DO NOTHING;

ALTER TABLE model_configs DROP COLUMN IF EXISTS rpm;
ALTER TABLE model_configs DROP COLUMN IF EXISTS tpm;
ALTER TABLE model_configs DROP COLUMN IF EXISTS rpd;

ALTER TABLE jobs ADD COLUMN IF NOT EXISTS continuation_count INT NOT NULL DEFAULT 0;

ALTER TABLE file_reviews ADD COLUMN IF NOT EXISTS async_request_id TEXT;
ALTER TABLE file_reviews ADD COLUMN IF NOT EXISTS async_model TEXT;

ALTER TABLE jobs DROP CONSTRAINT IF EXISTS jobs_status_check;
ALTER TABLE jobs ADD CONSTRAINT jobs_status_check
CHECK (status IN ('queued', 'running', 'done', 'failed', 'superseded', 'cancelled', 'stopped'));
Loading
Loading