DEV Community

SANKET PATIL
SANKET PATIL

Posted on

πŸš€ Building an AI-Powered Code Reviewer for Bitbucket Using Groq & Pipelines

#bitbucket #ai #codereview #cicd

Modern development teams rely heavily on pull requests for code quality-but manual reviews are slow, inconsistent, and expensive. Recently, Bitbucket introduced Rovo Dev, and GitHub has Ask Copilot, both offering AI-assisted PR reviews.

But there was one major problem for me:

❌ I wasn’t ready to pay $20 per developer per month just to get AI reviews.

βœ… I already had a Groq API key.

βœ… I wanted a fully automated, pipeline-driven solution.

So I built my own AI-powered PR review system for Bitbucket using:

  • βœ… Bitbucket Pipelines
  • βœ… Groq LLM (llama-3.3-70b-versatile)
  • βœ… Git-based diff extraction (no REST API auth headaches)

This system reviews every PR automatically and outputs a structured, checklist-driven AI review-with zero dependency on Bitbucket’s unreliable token ecosystem and zero per-developer licensing cost.

In this post, I’ll cover:

  • How this compares to Rovo Dev & GitHub Copilot
  • Why I avoided Bitbucket’s REST APIs
  • The final production architecture
  • How the AI review works
  • Key engineering lessons from building this

πŸ€– Rovo Dev vs Ask Copilot vs This Approach

Feature Rovo Dev (Bitbucket) Ask Copilot (GitHub) This Groq-Based System
AI PR Reviews βœ… βœ… βœ…
Fully Automated in CI ❌ (mostly UI based) ❌ (manual prompts) βœ…
Per-Developer Cost ❌ $20/month/dev ❌ Bundled with Copilot βœ… $0 per dev
Works in Pipelines ❌ ❌ βœ…
Custom Review Rules ❌ Limited ❌ Limited βœ… Full control
Vendor Lock-in βœ… βœ… ❌ None (Groq + Git)

I didn’t want:

  • Another per-seat SaaS subscription
  • A manual β€œAsk AI” workflow
  • Or a system that breaks when pricing changes

I wanted:
βœ… Fully automated

βœ… CI-level enforcement

βœ… Custom review rules

βœ… Lowest possible cost

That’s why I chose Groq + Pipelines.

❌ The Problem with Traditional Bitbucket PR Automation

Initially, I tried the standard approach:

  • Fetch PR diffs using the Bitbucket REST API
  • Post PR comments using:
    • Atlassian API tokens
    • Workspace tokens
    • Repository access tokens

Despite correct scopes, PR comment posting repeatedly failed with 401 Unauthorized errors due to:

  • Inconsistent token behaviors
  • Bitbucket’s evolving security model
  • Poor documentation around 2025 token behavior

After continous debugging, I realized:

βœ… The smartest move was to eliminate Bitbucket’s REST API entirely for diff collection.

βœ… The Final Working Architecture

Here’s the production setup that actually works:

Pull Request Created
↓
Bitbucket Pipeline Triggered
↓
Git diff extracted using: git diff origin/main...HEAD
↓
Diff sent to Groq LLM
↓
AI generates structured checklist-based review
↓
Review shown in Pipeline logs + downloadable artifact

Why this works so well:

  • βœ… No REST API calls for diffs
  • βœ… No authentication failures
  • βœ… No permission issues
  • βœ… No flakiness
  • βœ… Fully deterministic

πŸ€– The AI Review Rules (Enterprise-Grade)

The AI review is driven by a strict TypeScript + Angular + security checklist:

  • ❌ No any types
  • βœ… Strong typing with interfaces & generics
  • βœ… Modern Angular syntax (@if, @for, standalone components)
  • βœ… Authentication guards
  • βœ… No hardcoded secrets
  • βœ… Error handling
  • βœ… Tests present
  • βœ… Performance checks
  • βœ… Accessibility (WCAG)
  • βœ… Final verdict: MERGE READY / NEEDS WORK

This ensures:

  • Consistent reviews
  • Enforced standards
  • Zero reviewer bias

🧠 Git-Based Diff Instead of REST API

Instead of calling Bitbucket’s REST endpoints, the pipeline simply runs:

git fetch origin main
git diff origin/main...HEAD
Enter fullscreen mode Exit fullscreen mode

This gives:

βœ… The exact PR diff

βœ… No API authentication

βœ… Works in every CI environment

This single decision eliminated 90% of the system’s complexity.

⚑ Groq LLM Integration
The diff is sent to Groq using:
llama-3.3-70b-versatile

Why Groq?
⚑ Extremely fast inference

🧠 Excellent reasoning on large diffs

πŸ’Έ Much cheaper than many alternatives

βœ… OpenAI-compatible API

🌱 More eco-friendly due to lower compute time per request

The AI responds with:

🚨 Critical Issues

πŸ”’ Security Analysis

⚑ Performance Review

πŸ—οΈ Architecture Feedback

πŸ“ Maintainability

βœ… Final Verdict: MERGE READY / NEEDS WORK

πŸ“„ Where the AI Review Appears Instead of battling PR comment permissions:

βœ… The full AI review appears in the Pipelines logs

βœ… Optionally saved as a downloadable ai-review.md artifact

βœ… No PR write permissions required

βœ… No security risks

This turned out to be far more enterprise-compliant than auto-commenting.

πŸ§ͺ Production Impact After enabling this system:

βœ… Every PR is reviewed automatically

βœ… Developers get feedback in minutes

βœ… Review standards are enforced consistently

βœ… Human reviewers focus only on business logic

βœ… No failed pipelines due to auth issues

βœ… No wasted build minutes on retries

βœ… Zero per-developer licensing cost

πŸ”‘ Key Engineering Lessons
Avoid brittle platform APIs when Git can do the job

AI reviewers should assist, not block developers

PR comments are optional-reviews must be reliable

Pipelines + Git + LLM = extremely powerful combination

Groq is ideal for CI/CD AI workloads

Not every AI solution needs a $20/month/dev license

πŸ“Œ What’s Next?
Planned upgrades:

βœ… Auto-block merge when verdict = NEEDS WORK

βœ… Language-specific reviewers (.NET, SQL)

βœ… Security-only review mode

βœ… Architectural drift detection

βœ… Final Thoughts
If you're using Bitbucket and want reliable AI-powered PR reviews without paying enterprise per-seat pricing, my recommendation is:

πŸ’‘ Use Git for diff extraction + Groq for AI analysis + Pipelines for automation. Avoid REST API auth wherever possible.

It’s simpler. It’s faster. It’s cheaper. And it actually works in production.

Top comments (0)