DEV Community

Cover image for Stop Reviewing Code Like It's 2020: I Built a Multi-Agent AI Code Reviewer
fayeloja.dev
fayeloja.dev

Posted on

Stop Reviewing Code Like It's 2020: I Built a Multi-Agent AI Code Reviewer

#opensource #ai #node #javascript

Meet NodeGuard, an open-source, multi-agent AI code review pipeline for Node.js built with LangGraph.

Code reviews are exhausting.

If you are the designated "PR approver" on your team, you know the drill. You look at a 500-line diff and your brain has to simultaneously check for three completely different things:

  1. Logic: Does this code actually work? Are there edge cases?
  2. Security: Did they just introduce an SQL injection or expose a secret?
  3. Style: Are we still following our single-responsibility principles and naming conventions?

Humans are terrible at context-switching like this. And honestly, single-prompt Large Language Models (like pasting code into ChatGPT) aren't much betterβ€”they hallucinate or give shallow, generic advice when asked to do too much at once.

That's why I built NodeGuard.

Enter the Multi-Agent Review Pipeline

NodeGuard is an open-source AI code review tool specifically tailored for JavaScript and Node.js. Instead of using one massive LLM prompt, NodeGuard uses LangGraph to orchestrate a directed graph of specialized AI agents. It acts like an entire senior engineering team reviewing your code in sequence:

  1. πŸ•΅οΈβ€β™‚οΈ The Logic Analyst hunts for bugs and async/await edge cases.
  2. πŸ”’ The Security Auditor scans for injection risks and vulnerabilities.
  3. 🧹 The Style Enforcer yells at you (politely) for deep nesting and bad naming conventions.
  4. πŸ“ The Report Compiler synthesizes all findings into a unified report.
  5. 🚦 The Severity Router acts as a gatekeeper. If the report comes back with "HIGH" severity...
  6. πŸ”§ The Code Fixer automatically kicks in, rewriting the code to fix the critical issues.

Built for the Real World

Building AI tools for toys is easy. Building them to scan actual, massive enterprise codebases requires some defensive engineering. I wanted NodeGuard to be a tool you could actually use on your company's repos today.

Here is what makes it production-ready:

  • Token-saving Content Cache: Scanning 100 files costs API tokens. NodeGuard hashes every file (SHA-256). If the file hasn't changed since the last run, it hits a local cache and completely bypasses the LLM. You save money and time.
  • Full-Jitter Exponential Backoff: When you scan an entire GitHub repository, you will hit API rate limits. NodeGuard intercepts RateLimitErrors and applies a randomized exponential backoff so the pipeline never crashes mid-scan.
  • CI/CD Quality Gates: NodeGuard comes with a ready-to-go GitHub Actions workflow. If it detects a HIGH severity issue, it will automatically fail the build and block the PR.
  • LLM Agnostic: Don't want to pay for OpenAI? No problem. By default, NodeGuard uses Groq (llama-3.3-70b-versatile), which is blazingly fast and free. If you want to use OpenAI, just flip an environment variable.

Seeing is Believing
NodeGuard doesn't just output a wall of text in your terminal. When you scan a repository, it generates a beautiful, interactive HTML dashboard sorting all your files by severity.

You can scan a single local file, or you can point it at an entire public GitHub repo:

Try It Out

NodeGuard is completely open-source (MIT License). I would love for you to try it out, break it, and help me improve it.

  • ⭐️ Star the repo on GitHub: https://github.com/fayeloja/nodeguard
  • πŸ“– Read the manual: Check out the repo for setup instructions.
  • πŸ› οΈ Contribute: Want to add a new Agent (like a License Checker)? The LangGraph architecture makes adding new nodes incredibly easy.

Let's stop reviewing code like it's 2020. Automate the baseline, and save your human brain power for the architecture.

Let me know what you think in the comments! πŸ‘‡

Top comments (0)