|
|
--- |
|
|
license: apache-2.0 |
|
|
tags: |
|
|
- code-review |
|
|
- multi-language |
|
|
- mlx |
|
|
- gguf |
|
|
- qwen2.5-coder |
|
|
base_model: Qwen/Qwen2.5-Coder-1.5B-Instruct |
|
|
--- |
|
|
|
|
|
# AI Code Review Model |
|
|
|
|
|
Multi-language code review model optimized for automated code review in CI/CD pipelines. |
|
|
|
|
|
## Model Details |
|
|
|
|
|
- **Base Model**: Qwen/Qwen2.5-Coder-1.5B-Instruct |
|
|
- **Training Method**: LoRA fine-tuning with MLX |
|
|
- **Format**: GGUF (Q4_K_M quantization) |
|
|
- **Purpose**: Automated code review for CI/CD pipelines |
|
|
|
|
|
## Usage |
|
|
|
|
|
### Docker (Recommended) |
|
|
|
|
|
```bash |
|
|
docker pull ghcr.io/iq2i/ai-code-review:latest |
|
|
|
|
|
# Review your codebase |
|
|
docker run --rm -v $(pwd):/workspace ghcr.io/iq2i/ai-code-review:latest /workspace/src |
|
|
``` |
|
|
|
|
|
### llama.cpp |
|
|
|
|
|
```bash |
|
|
# Download the model |
|
|
wget https://huggingface.co/iq2i/ai-code-review/resolve/main/model-Q4_K_M.gguf |
|
|
|
|
|
# Run inference |
|
|
./llama-cli -m model-Q4_K_M.gguf -p "Review this code: ..." |
|
|
``` |
|
|
|
|
|
### Python (llama-cpp-python) |
|
|
|
|
|
```python |
|
|
from llama_cpp import Llama |
|
|
|
|
|
llm = Llama(model_path="model-Q4_K_M.gguf") |
|
|
output = llm("Review this code: ...", max_tokens=512) |
|
|
print(output) |
|
|
``` |
|
|
|
|
|
## Output Format |
|
|
|
|
|
The model outputs concise text-based code reviews: |
|
|
|
|
|
``` |
|
|
**SQL injection vulnerability** |
|
|
|
|
|
User input is concatenated directly into a raw SQL query without parameterization or escaping. |
|
|
|
|
|
Impact: An attacker can execute arbitrary SQL commands, potentially dumping the entire database, deleting data, or escalating privileges. For example: keyword=' OR '1'='1' -- would return all products. |
|
|
|
|
|
Suggestion: |
|
|
Use parameter binding: DB::select("SELECT * FROM products WHERE name LIKE ?", ['%' . $keyword . '%']) or better, use Eloquent: Product::where('name', 'like', '%' . $keyword . '%')->get() |
|
|
``` |
|
|
|
|
|
## Training |
|
|
|
|
|
- **Training examples**: 100+ real-world code issues |
|
|
- **Format**: ChatML conversation format with concise reviews |
|
|
- **Framework**: MLX for Apple Silicon acceleration |
|
|
- **Method**: LoRA adapters (r=4, alpha=8) |
|
|
- **Iterations**: 625 |
|
|
|
|
|
For training details, see the [GitHub repository](https://github.com/iq2i/ai-code-review). |
|
|
|
|
|
## Limitations |
|
|
|
|
|
- Should be used as a supplementary tool, not a replacement for human review |
|
|
- May not catch all edge cases or security vulnerabilities |
|
|
- Best results on common programming patterns and frameworks |
|
|
|
|
|
## License |
|
|
|
|
|
Apache 2.0 |
|
|
|
|
|
## Citation |
|
|
|
|
|
```bibtex |
|
|
@software{ai_code_review, |
|
|
title = {AI Code Review Model}, |
|
|
author = {IQ2i Team}, |
|
|
year = {2025}, |
|
|
url = {https://github.com/iq2i/ai-code-review} |
|
|
} |
|
|
``` |
|
|
|
