Pre-review code analyzer that catches issues before human reviewers see them, reducing review cycles from 4-6 hours to 30 minutes. Uses 8-layer analysis (heuristic + entropy + AST + plugins + ML + Copilot) for context-aware analysis beyond static linters.
This is a submission for the GitHub Copilot CLI Challenge
Demo: 7 Issues in 15 Seconds
Setting up the benchmark repository with 7 intentional bugs
ReviewPilot catches all 7 issues: API keys, eval(), console statements
Complete analysis in 4.2 seconds with detailed performance breakdown
What you're seeing: ReviewPilot analyzes our benchmark repo with 7 intentional bugs and catches them all locally before push.
What I Built
ReviewPilot is a pre-commit code analyzer that catches issues before human reviewers see them. It's like having a senior engineer review your git diff in real-time.
The Problem
- PRs take 4-6 hours for first review
- 60% of comments are about style/trivial issues
- Security leaks (hardcoded keys) slip through
The Solution
9-step AI pipeline that runs in <30 seconds:
| Step | What It Checks | Powered By |
|---|---|---|
| Smart Linting | 8 layers: Heuristics → AST → Entropy → ML → Copilot | Babel + Shannon + Naive Bayes |
| Breaking Changes | API signature diffs | AST comparison |
| Test Coverage | Untested code paths | Heuristic + Copilot |
| Performance | File size, complexity limits | AST metrics |
| PR Description | Structured markdown | Copilot CLI |
| Auto-Fix | One-command fixes | Built-in + Copilot |
By The Numbers
142/142 tests passing - 100% coverage across all modules
⚡ Speed: 7 issues in 4.2s (benchmark repo)
🧪 Tests: 138/138 passing (100% coverage)
🎯 Accuracy: 100% on benchmark (7/7 issues caught)
📦 Size: 1,200 LOC core + 800 LOC tests
🔌 Plugins: Custom rule system (.reviewpilot-rules/)
How GitHub Copilot CLI 10x'd My Build
I used Copilot CLI as a pair programmer, not a snippet generator. Three real examples:
1. Entropy-Based Secret Detection
Challenge: Detect hardcoded AWS keys without false positives.
My Prompt:
"Implement Shannon entropy calculation in JavaScript.
Flag strings with >4.5 bits/char entropy that match
AWS patterns (AKIA...) or JWT tokens."
Copilot Output: Generated src/utils/entropy.js with:
- Entropy formula:
H(X) = -Σ p(x) log₂ p(x) - Pattern matching for known prefixes
- Test cases with edge cases
Result: Caught 3/3 real API keys, 0 false positives.
View code →
2. Circuit Breaker for API Resilience
Challenge: If Copilot CLI times out, don't crash the tool.
My Prompt:
"Implement a circuit breaker pattern with exponential backoff
for async GitHub Copilot CLI calls. Track failures and trip
after 5 consecutive errors."
Copilot Output: Suggested state-tracking wrapper with retry logic.
Result: Tool runs 100% reliably offline (heuristic mode).
View code →
3. AST Analysis for XSS Detection
Challenge: Parse JavaScript to find unsafe DOM manipulation.
My Prompt:
"Using @babel/parser, detect patterns like
'innerHTML = userInput' or 'eval()' calls in JavaScript AST."
Copilot Output: Traversal logic with visitor pattern.
Result: Catches 12 AST-level patterns (XSS, empty catches, etc).
View code →
Architecture: 8-Layer Smart Linting
Input: git diff
↓
1. Heuristic Rules → console.log, debugger, eval
2. Entropy Detection → API keys, tokens (Shannon algorithm)
3. AST Analysis → XSS, empty catches, complexity
4. .env Scanning → Hardcoded secrets in env files
5. Performance Budgets → File size, function length limits
6. Plugin Rules → Custom team standards
7. ML Filtering → Naive Bayes false-positive reduction
8. Copilot Semantic → Logic errors, race conditions ← AI
↓
Output: Findings + Auto-fixes
Copilot powers 4 of 9 pipeline steps (44% AI-driven).
Auto-Fix: One Command to Fix Issues
Interactive mode lets you approve/skip each fix
Interactive mode lets you approve/skip each fix
3 issues auto-fixed in seconds
ReviewPilot vs Alternatives
| Feature | ReviewPilot | ESLint | SonarQube |
|---|---|---|---|
| AI-Powered | ✅ Copilot | ❌ | ❌ |
| Entropy Secrets | ✅ Shannon | ❌ | ⚠️ Basic |
| Breaking Changes | ✅ API diff | ❌ | ❌ |
| Local + Offline | ✅ | ✅ | ❌ Server |
| Auto-Fix | ✅ Interactive | ⚠️ Limited | ❌ |
| Setup Time | 2 min | 5 min | Hours |
| Cost | Free | Free | $150+/mo |
🚀 Try It Yourself (2 Minutes)
Step 1: Clone the benchmark repo (7 intentional bugs)
git clone https://github.com/Gokul287/Review-Pilot.git
cd Review-Pilot/examples/benchmark-repo
chmod +x setup.sh && ./setup.sh
Step 2: Install and run
npm install -g reviewpilot # or: npm link from repo root
reviewpilot check --save --verbose
Expected Output: 7 findings in <15 seconds
See expected results →
Step 3: Auto-fix issues
reviewpilot fix --interactive
What's Next?
- 🔍 Deep learning model for vulnerability detection
- 🌐 VS Code extension (right-click → Review This File)
- 📊 Team dashboard (aggregate findings across org)
Links
📦 GitHub Repository
📖 Full Documentation
🐛 Report Issues
Built with Node.js, 142 tests, and GitHub Copilot CLI. Catches issues so your teammates don't have to. ❤️
Top comments (0)