Spaces:
Sleeping
Sleeping
File size: 5,577 Bytes
fd8fc09 4b445f6 babd3b4 fd8fc09 babd3b4 4b445f6 fd8fc09 4b445f6 fd8fc09 4b445f6 fd8fc09 4b445f6 fd8fc09 4b445f6 fd8fc09 4b445f6 fd8fc09 4b445f6 fd8fc09 4b445f6 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 | ---
title: Ninja Code Guard
emoji: π‘οΈ
colorFrom: purple
colorTo: blue
sdk: docker
app_port: 7860
---
# Ninja Code Guard
**Multi-agent code review system that reviews GitHub pull requests the way a senior engineering team would.**
Three specialized AI agents β Security, Performance, and Style β analyze your code in parallel, then a Synthesizer merges their findings into a single, prioritized, non-overlapping review with inline GitHub comments.
## Screenshots
Screenshots available in the [GitHub repository](https://github.com/ninjacode911/Project-Ninja-Code-Guard) β PR review comments, dashboard home, repo detail with health trends, and PR findings table.
## How It Works
```
PR opened on GitHub
β
βΌ
Webhook received βββ HMAC-SHA256 validated
β
βΌ
Redis cache check βββ Skip if already reviewed
β
βΌ
Fetch PR data βββ Diff + full file contents
β
βΌ
RAG Context βββ Embed files β ChromaDB β Retrieve related code
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββ
β 3 Agents run IN PARALLEL β
β π Security β‘ Performance βοΈ Style β
β Bandit+LLM Radon+LLM Ruff+LLM β
βββββββββββββββ¬ββββββββββββββββββββββββββββ
β
βΌ
Synthesizer βββ Deduplicate β Rank β Score β Summarize
β
βΌ
Post to GitHub βββ Inline comments + Summary with Health Score
```
## What Each Agent Does
| Agent | Focus | Static Tools | Example Findings |
|-------|-------|-------------|------------------|
| π **Security** | Vulnerabilities, auth, secrets | Bandit, detect-secrets | SQL injection, hardcoded API keys, weak crypto |
| β‘ **Performance** | Efficiency, scalability | Radon complexity | N+1 queries, O(nΒ²) loops, blocking I/O |
| βοΈ **Style** | Readability, maintainability | Ruff linter | Unused imports, bad naming, dead code |
| π§ **Synthesizer** | Merge & prioritize | β | Deduplication, conflict resolution, Health Score |
## Tech Stack
| Layer | Technology | Why |
|-------|-----------|-----|
| LLM | Groq (Llama-3.3-70B) | 500+ tokens/sec, free 14.4K req/day |
| Agents | LangChain + Structured Output | Typed JSON responses, prompt templates |
| Backend | FastAPI | Async, auto OpenAPI docs |
| Vector DB | ChromaDB + sentence-transformers | RAG context, semantic code search |
| Cache | Upstash Redis | Prevent duplicate reviews |
| Database | Neon Postgres | Review history, Health Score trends |
| Dashboard | Next.js on Vercel | Review history, trend charts |
| GitHub | GitHub App (webhooks) | Inline PR comments, bot identity |
## Quick Start
### Prerequisites
- Python 3.11+
- Groq API key (free at console.groq.com)
- GitHub App (registered at github.com/settings/apps)
### Setup
```bash
git clone https://github.com/ninjacode911/Project-Ninja-Code-Guard
cd Project-Ninja-Code-Guard
python -m venv .venv && source .venv/bin/activate # Windows: .venv\Scripts\activate
pip install -r requirements.txt
cp .env.example .env
# Edit .env with your API keys
uvicorn app.main:app --reload --port 8000
```
## Architecture
**4 Layers:**
- **GitHub Layer** β Webhooks, PR events, inline comments
- **Orchestration Layer** β FastAPI, agent dispatch, asyncio.gather
- **Agent Layer** β 3 domain agents + synthesizer (LangChain)
- **Knowledge Layer** β ChromaDB (RAG), Redis (cache), Postgres (history)
**Key Design Patterns:**
- Template Method β All agents share a base class, override only prompt + tools
- Structured Output β LLM constrained to return valid JSON (Pydantic schema)
- Fail-Open Cache β If Redis is down, proceed with analysis
- Background Tasks β Return 200 to GitHub immediately, review asynchronously
- Parallel Execution β asyncio.gather runs 3 agents concurrently
## Running Tests
```bash
pytest tests/unit/ -v # 92 tests
```
## Project Structure
```
app/
agents/ # Security, Performance, Style, Synthesizer
tools/ # Bandit, detect-secrets, Radon, Ruff wrappers
context/ # RAG pipeline (embedder, indexer, retriever)
github/ # Webhook validation, API client, comment formatter
models/ # Pydantic schemas (Finding, SynthesizedReview)
db/ # Redis cache, Postgres queries
services/ # Health Score calculator
dashboard/ # Next.js frontend (Vercel)
tests/ # Unit tests + evaluation harness
prompts/ # Agent system prompts (Markdown)
docs/ # Week-by-week documentation
```
## Documentation
Detailed week-by-week documentation in `docs/`:
- [Week 1: Foundation & Setup](docs/WEEK1_FOUNDATION_AND_SETUP.md)
- [Week 2: GitHub Integration](docs/WEEK2_GITHUB_INTEGRATION.md)
- [Week 3: Security Agent](docs/WEEK3_SECURITY_AGENT.md)
- [Week 4: Performance Agent](docs/WEEK4_PERFORMANCE_AGENT.md)
- [Week 5: Style Agent](docs/WEEK5_STYLE_AGENT.md)
- [Week 6: RAG & Parallel Execution](docs/WEEK6_RAG_AND_PARALLEL.md)
- [Week 7: Synthesizer](docs/WEEK7_SYNTHESIZER.md)
- [Week 8: Dashboard](docs/WEEK8_DASHBOARD.md)
- [Week 9: Polish & Evaluation](docs/WEEK9_POLISH_AND_EVALUATION.md)
- [Week 10: Deployment & Launch](docs/WEEK10_DEPLOYMENT_AND_LAUNCH.md)
## License
Apache 2.0
---
Built by [ninjacode911](https://github.com/ninjacode911)
|