My coworkers really like AI-powered code review tools and it seems that every time I make a pull request in one of their repos I learn about yet another AI code review SaaS product. Given that there are so many of them, I decided to see how easy it would be to develop my own AI-powered code review bot that targets GitHub repositories. I managed to hack out the core of it in a single afternoon using a model that runs on my desk. I've ended up with a little tool I call reviewbot that takes GitHub pull request information and submits code reviews in response.

reviewbot is powered by a DGX Spark, llama.cpp, and OpenAI's GPT-OSS 120b. The AI model runs on my desk with a machine that pulls less power doing AI inference than my gaming tower pulls running fairly lightweight 3D games. In testing I've found that nearly all runs of reviewbot take less than two minutes, even at a rate of only 60 tokens per second generated by the DGX Spark.

reviewbot is about 350 lines of Go that just feeds pull request information into the context window of the model and provides a few tools for actions like "leave pull request review" and "read contents of file". I'm considering adding other actions like "read messages in thread" or "read contents of issue", but I haven't needed them yet.

To make my life easier, I distribute it as a Docker image that gets run in GitHub Actions whenever a pull review comment includes the magic phrase /reviewbot.

The main reason I made reviewbot is that I couldn't find anything like it that let you specify the combination of:

• Your own AI model name
• Your own AI model provider URL
• Your own AI model provider API token

I'm fairly sure that there are thousands of similar AI-powered tools on the market that I can't find because Google is a broken tool, but this one is mine.

How it works

When reviewbot reviews a pull request, it assembles an AI model prompt like this:

Pull request info:
        
        <pr>
        <title>Pull request title</title>
        <author>GitHub username of pull request author</author>
        <body>
        Text body of the pull request
        </body>
        </pr>
        
        Commits:
        
        <commits>
        <commit>
        <author>Xe</author>
        <message>
        chore: minor formatting and cleanup fixes
        
        - Format .mcp.json with prettier
        - Minor whitespace cleanup
        
        Assisted-by: GLM 4.7 via Claude Code
        Reviewbot-request: yes
        Signed-off-by: Xe Iaso <me@xeiaso.net>
        </message>
        </commit>
        </commits>
        
        Files changed:
        
        <files>
        <file>
        <name>.mcp.json</name>
        <status>modified</status>
        <patch>
        @@ -3,11 +3,8 @@
             "python": {
               "type": "stdio",
               "command": "go",
        -      "args": [
        -        "run",
        -        "./cmd/python-wasm-mcp"
        -      ],
        +      "args": ["run", "./cmd/python-wasm-mcp"],
               "env": {}
             }
           }
        -}
        \ No newline at end of file
        +}
        </patch>
        </file>
        </files>
        
        Agent information:
        
        <agentInfo>
        [contents of AGENTS.d in the repository]
        </agentInfo>
        

The AI model can return one of three results:

• Definite approval via the submit_review tool that approves the changes with a summary of the changes made to the code.
• Definite rejection via the submit_review tool that rejects the changes with a summary of the reason why they're being rejected.
• Comments without approving or rejecting the code.

The core of reviewbot is the "AI agent loop", or a loop that works like this:

• Collect information to feed into the AI model
• Submit information to AI model
• If the AI model runs the submit_review tool, publish the results and exit.
• If the AI model runs any other tool, collect the information it's requesting and add it to the list of things to submit to the AI model in the next loop.
• If the AI model just returns text at any point, treat that as a noncommittal comment about the changes.

Don't use reviewbot

reviewbot is a hack that probably works well enough for me. It has a number of limitations including but not limited to:

• It does not work with closed source repositories due to the gitfs library not supporting cloning repositories that require authentication. Could probably fix that with some elbow grease if I'm paid enough to do so.
• A fair number of test invocations had the agent rely on unpopulated fields from the GitHub API, which caused crashes. I am certain that I will only find more such examples and need to issue patches for them.
• reviewbot is like 300 lines of Go hacked up by hand in an afternoon. If you really need something like this, you can likely write one yourself with little effort.

Frequently asked questions

When such an innovation as reviewbot comes to pass, people naturally have questions. In order to give you the best reading experience, I asked my friends, patrons, and loved ones for their questions about reviewbot. Here are some answers that may or may not help:

Does the world really need another AI agent?

Probably not! This is something I made out of curiosity, not something I made for you to actually use. It was a lot easier to make than I expected and is surprisingly useful for how little effort was put into it.

Is there a theme of FAQ questions that you're looking for?

Nope. Pure chaos. Let it all happen in a glorious way.

Where do we go when we die?

How the fuck should I know? I don't even know if chairs exist.

Has anyone ever really been far even as decided to use even go want to do look more like?

At least half as much I have wanted to use go wish for that. It's just common sense, really.

If you have a pile of sand and take away one grain at a time, when does it stop being a pile?

When the wind can blow all the sand away.

How often does it require oatmeal?

Three times daily or the netherbeast will emerge and doom all of society. We don't really want that to happen so we make sure to feed reviewbot its oatmeal.

How many pancakes does it take to shingle a dog house?

At least twelve. Not sure because I ran out of pancakes.

Will this crush my enemies, have them fall at my feet, their horses and goods taken?

Only if you add that functionality in a pull request. reviewbot can do anything as long as its code is extended to do that thing.

Why should I use reviewbot?

Frankly, you shouldn't.

Article URL: https://steipete.me/posts/just-talk-to-it

Comments URL: https://news.ycombinator.com/item?id=45588689

Points: 106

# Comments: 49

Article URL: https://www.alexedwards.net/blog/preventing-csrf-in-go

Comments URL: https://news.ycombinator.com/item?id=45581288

Points: 100

# Comments: 54

Article URL: https://www.statichost.eu/blog/google-safe-browsing/

Comments URL: https://news.ycombinator.com/item?id=45538760

Points: 129

# Comments: 109

Article URL: https://github.com/stateless-me/uuidv47

Comments URL: https://news.ycombinator.com/item?id=45275973

Points: 115

# Comments: 62

Draft changes to a key research and development (R&D) tax credit program are being lauded by players in the Canadian tech ecosystem, as some argue they could address Canada’s productivity woes by further de-risking research spending. 

The Department of Finance introduced draft reforms for the Scientific Research and Experimental Development (SR&ED), Canada’s largest federal program for business R&D, last Friday. 

The proposed SR&ED reforms address longstanding pain points, experts told BetaKit, by reintroducing capital expenditures as claimable under SR&ED and making public companies eligible for the preferred tax credit rate. The changes would also increase the total amounts companies can claim, and allow them to stay within the eligibility threshold for longer.

“This will enable growth-stage companies to invest more and scale faster.”

Dani Lipkin
TMX Group

First introduced in the feds’ Fall Economic Statement last December, the updates were put into legislative limbo after Finance Minister Chrystia Freeland resigned and Parliament was prorogued in January. 

Administered by the Canada Revenue Agency, SR&ED was first created in 1948 and provides billions in tax incentives annually to encourage Canadian businesses, including tech companies, to engage in research activities. 

Canadian tech and business interest groups have been debating the merits of a SR&ED overhaul since the Trudeau government pledged to review the program in 2022. In early 2024, the government launched consultations on how to improve its approach, with a focus on improving the creation and retention of intellectual property (IP). 

Benjamin Bergen, president of tech scaleup lobby group the Council of Canadian Innovators (CCI), welcomed the drafted reforms but acknowledged that the “economic and geopolitical environment” is different than when they were introduced. 

“What we need is policies that help to protect and commercialize key intellectual property and ensure that Canadians benefit from homegrown innovation,” Bergen said in a statement.

RELATED: How to fix SR&ED

The organization has advocated for the program to incentivize domestic IP creation through a patent-box regime. Such a system would give tax breaks to profits generated from domestic IP.

Though the new draft legislation does not mention IP, the government said it would explore a patent-box regime in last year’s Fall Economic Statement, the details of which would be revealed in Budget 2025.

The draft legislation is open for public feedback until Sept. 12, according to the finance department. The House of Commons is set to resume sessions on Sept. 15, which is the earliest point at which this legislation could be tabled. If set into motion, the changes could apply retroactively to companies with fiscal years ending in 2025. 

The return of capital expenditures

The draft legislation seeks to reintroduce capital expenditures, which include spending on equipment used for research and testing, not production. For example, companies would be allowed to claim up to 40 percent of their spending on machinery such as microscopes.

Business and tax experts told BetaKit that this change, if implemented, would positively impact Canadian tech companies’ research efforts and could make a dent in national productivity rates, which is typically measured as the gross domestic product output per hour worked. Canada’s labour productivity growth has declined over the past 30 years, according to the Bank of Canada, with the decrease accelerating after 2014. 

Martha Breithaupt, a tax partner for credits and incentives at accounting firm BDO Canada, told BetaKit she sees a relationship between the removal of this provision in 2013 to Canada’s flagging productivity today, which is among the lowest of G7 countries.  

“That coincided with a massive innovation and productivity downturn when it was taken out,” Breithaupt said. 

RELATED: Is Canada’s productivity saviour a hallucination?

Incentivizing companies to invest in hard assets could create more jobs through new research pursuits and bolster investment opportunities, she said. Experts have argued that boosting IP protections, investing in artificial intelligence (AI), and increasing competition could also increase productivity. 

Bryan Watson, managing partner of CleanTech North and longtime SR&ED expert and commentator, argued to BetaKit that the reforms are “absolutely a step in the right direction” for hardtech, medtech, and engineering companies. “Anything that’s not just coding only” could benefit from the capital expenditure claims, he said.

The potential legislation comes as Canadian hardware companies deal with the uncertainty of an ongoing trade war as well as a gloomy early-stage venture capital (VC) funding landscape. 

For the year ending in March 2025, 40 percent of SR&ED tax credits were issued for software development while roughly 40 percent more went towards electrical, mechanical, and medical engineering, according to official program statistics.

Public companies could reap benefits

The drafted changes would allow publicly listed Canadian companies to also benefit from the enhanced SR&ED tax credit rate of 35 percent, which was previously only accessible to private Canadian companies. 

That barrier had contributed to challenges for companies that sought to raise capital from the public markets but stood to lose SR&ED benefits to fund R&D efforts, such as life sciences companies with long-term research needs.  At the BetaKit Town Hall: Vancouver last year, AbCellera vice-president of business development Anne Stevens said that companies who need to go public earlier lose out on tax credits under the current system.

Andrew White, CEO of TSX Venture-listed cleantech company CHAR Technologies, said that losing SR&ED eligibility was a downside to going public in 2016. CHAR converts wood waste into biocarbon to replace metallurgical coal, among other renewables. 

White told BetaKit his company plans to reinvest in R&D for more intellectual property and chase new research avenues if the changes take effect. 

Dani Lipkin, managing director of the global innovation sector at TMX Group, told BetaKit that it’s currently “harmful” for private companies to go public if they are reliant on SR&ED. The new changes could potentially level the playing field for publicly listed companies, he said.

“This will enable growth-stage companies to invest more and scale faster,” Lipkin added.

Feature image courtesy François-Philippe Champagne via LinkedIn. 

The post Proposed SR&ED changes could boost tech companies and national productivity, experts say first appeared on BetaKit.