The AI VCS PR Review application helps users connect their VCS platforms such as GitHub and GitLab. Users can list their repositories and pull requests, and review PRs using AI. The application allows users to select different AI models, such as OpenAI and Gemini, for code reviews
This initial module implementation will deliver the following capabilities:
- Connect GitHub and GitLab repositories
- Sync pull requests for each repository
- Generate AI-powered summaries for pull requests
- Delete existing pull request reviews
- Regenerate summaries using a different AI model
- View complete review history
- Receive email notifications for user actions such as:
- Repository sync
- Pull request sync
- AI review generation
- OpenAI API – Generates AI-based code reviews and summaries for pull requests.
- Gemini API – Provides an alternative AI model for generating PR reviews and summaries.
- Nango – Manages OAuth authentication and securely handles API integrations and token refresh.
- AIReview
- id
- pull_request_id
- review
- status
- model
- PullRequest
- id
- repository_id
- provider_pr_id
- title
- state
- url
- author
- number
- last_synced_at
- pullRequestCount
- Repository
- id
- vcs_connection_id
- provider_repo_id
- name
- description
- is_private
- last_synced_at
- owner
- User
- id
- password_hash
- email_verified
- VCSConnection
- id
- user_id
- provider
- connection_id
- metadata
- PasswordResetToken
- id
- user_id
- token
- expires_at
- used
- EmailVerificationToken
- id
- user_id
- token
- expires_at
- used
| Method | Endpoint |
|---|---|
| POST | /api/internal/v1/auth/signup |
| POST | /api/internal/v1/auth/login |
| POST | /api/internal/v1/auth/verify-email |
| POST | /api/internal/v1/auth/forgot-password |
| POST | /api/internal/v1/auth/reset-password |
| Method | Endpoint |
|---|---|
| GET | /api/internal/v1/vcs/integrations |
| POST | /api/internal/v1/vcs/create-session |
| POST | /api/internal/v1/vcs/repos |
| POST | /api/internal/v1/vcs/sync |
| Method | Endpoint |
|---|---|
| GET | /api/internal/v1/pull-requests |
| POST | /api/internal/v1/pull-requests/sync |
| GET | /api/internal/v1/pull-requests/ai-models |
| GET | /api/internal/v1/pull-requests/:id/files |
| GET | /api/internal/v1/pull-requests/ai-review/:prId |
| GET | /api/internal/v1/pull-requests/ai-review/:prId/history |
| POST | /api/internal/v1/pull-requests/ai-review |
| PATCH | /api/internal/v1/pull-requests/ai-review |
| DELETE | /api/internal/v1/pull-requests/ai-review/:id |
| Method | Endpoint |
|---|---|
| GET | /api/internal/v1/health |
Handles the request–response cycle. Extracts request parameters, performs high-level validation (often using Valibot), and delegates execution to the appropriate service layer.
Acts as the core business logic layer of the application. Services interact with models and external APIs (such as Nango and VCS providers) and orchestrate complex workflows.
Responsible for API route registration.
Each module defines its endpoints using a RouteDefinition structure, centralizing:
- Path naming
- Authentication requirements
- Schema validation
Centralized repository for application-wide constants, including:
- AI model identifiers
- Status enums
- Provider configurations
Handles asynchronous background processing for long-running tasks such as:
- Repository synchronization
- AI review generation
This ensures the user-facing API remains responsive by offloading heavy workloads to BullMQ workers.
Root entry route. Automatically redirects users to the /login page. No UI is rendered on this route.
- Form validation
- Login API integration
- Post-login redirection
- User registration form
- Input validation
- Signup API integration
- Redirect after successful registration
- Email input form
- Forgot-password API integration
- Success and error feedback
- New password form
- Token validation
- Reset-password API integration
- Confirmation feedback
- Token validation
- Success or failure notification
- Automatic redirection after verification
- View connected VCS integrations (GitHub, GitLab, etc.)
- List repositories from connected providers
- Connect new VCS providers
- Trigger manual repository synchronization
- View repository cards and summaries
- View all pull requests for the selected repository
- View pull request status and metadata
- Browse pull request file diffs
- Generate and view AI-powered code reviews
- Interact with pull request workflows
/models- All complex Interactions, routing, API calls/ui– All UI components/api– All API functions/hooks– All custom hooks/dtos– All DTO definitions/queries– All query functions (React Query)
- Triggers actions (fetch, update, create)
- Reads data via React Query hooks
- Contains all React Query useQuery and useMutation hooks
- Calls the
api/layer - Manages:
- Loading states
- Error states
- Caching
- Refetching logic
- Contains actual API request functions (GET, POST, PUT, DELETE)
- Only responsible for making HTTP calls
- Receive fully prepared data from React Query via props
- Re-render automatically when data changes
- Show updates without manual refresh
No Global state is managed, all are managed through tanstack-query.
verified users can access the platform and API's
- Error from the LLM model provider (OpenAI | Gemini),
- Rate limit errors
Since the above errors occur in the workers, we will be able to retry the jobs at a later time.
- Excessive AI Usage Cost
- Slow AI Review Processing
- Sensitive Code Exposure to AI Providers
Usual alerts are well enough
Usual deployment strategy is well enough for this module rollout.