feat: Add PR Review Agent Kit

[Supsource]

What This Kit Does

AI-powered GitHub pull request reviewer. Paste any public PR URL and get an instant structured code review, with file-level citations, before/after code diffs, and actionable fixes ready to copy-paste.

What it returns:

• Summary : 3-4 sentences on what the PR does, why it exists, and what systems it touches
• Issues : bugs, security holes, and edge cases with exact file + line number, the problematic snippet, and a ready-to-paste fix
• Suggestions : PERF / STYLE / TEST / DOCS improvements with before/after code
• Verdict : approve, needs_changes, or discuss

Why this is useful: Teams using Lamatic can drop this into their dev workflow to get consistent, structured reviews on every PR, without waiting for a senior engineer to be available.

Providers & Prerequisites

• GitHub API : no auth required for public repos. For private repos, add a GITHUB_TOKEN to your env and pass it as Authorization: Bearer in the API node header.
• LLM provider : tested with Gemini 2.5 Pro. Works with GPT-4o and Claude 3.5 Sonnet. Connect via Lamatic Studio → Connections.
• Lamatic account : free trial available at lamatic.ai

How to Run Locally

1. cd kits/automation/pr-review
2. npm install
3. cp .env.example .env and fill in values
4. npm run dev

Open http://localhost:3000, paste a GitHub PR URL, hit Review PR.

Full flow setup instructions: flows/pr-review-flow/README.md

Live Preview

Lamatic Flow

Flow ID: a70ea776-386d-4474-953c-a7fe7bf54d41

Built with: API Request → Code (URL parser) → API (GitHub diff fetch) → Generate JSON (LLM review) → API Response

---

Checklist

• Kit runs locally with npm run dev
• .env.example has no secrets, only placeholders
• README.md documents setup and usage
• Folder structure follows kits/automation/pr-review/
• config.json is present and valid
• All flows exported in flows/ folder
• Vercel deployment works
• Live preview URL works end-to-end

PR Review Agent Kit

• New kit added: kits/automation/pr-review - an AI-powered GitHub PR reviewer built with Lamatic.ai and Next.js
• Core functionality: Accepts public GitHub PR URLs and returns structured code reviews with:
  • 3–4 sentence summary
  • Issues (bugs, security, edge cases) with file/line citations and fixes
  • Suggestions (performance, style, tests, docs) with before/after code
  • Verdict badge (approve, needs_changes, or discuss)
• Architecture:
  • Next.js frontend with split-pane review UI component
  • Server-side orchestration that calls Lamatic flow
  • Lamatic flow: parses PR URL → fetches GitHub diff → generates JSON review via LLM
  • Supports public repos (no auth) and private repos (via GITHUB_TOKEN)
• LLM support: Tested with Gemini 2.5 Pro; compatible with GPT-4o and Claude 3.5 Sonnet
• Setup: Includes .env.example, package.json with Next.js 14.2.5 and Lamatic SDK, tsconfig.json, and full documentation
• Configuration: config.json defines agent metadata, GitHub integration, and feature descriptions

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR introduces a complete "PR Review Agent" kit—a Next.js application that automates code review by accepting GitHub PR URLs and generating structured reviews via Lamatic.ai integration. The flow fetches PR diffs from GitHub and uses an LLM to produce verdict badges, summaries, issues, and suggestions.

Changes

Cohort / File(s)	Summary
Project Configuration & Environment package.json, tsconfig.json, .env.example, .gitignore, next-env.d.ts	Establishes Next.js 14.2.5 project dependencies, TypeScript strict mode configuration with path aliases, environment variable placeholders, and common exclusions for git and build artifacts.
Documentation & Metadata README.md, config.json, flows/pr-review-flow/README.md	Comprehensive setup and deployment guides, agent metadata describing features (GitHub PR fetching, LLM summarization, issue/suggestion detection), and Lamatic flow specification (regex parsing, GitHub REST API calls, JSON schema validation).
Next.js Application Structure app/layout.tsx, app/page.tsx	Root layout with metadata, HTML lang attribute, and dark theme styling; main page rendering PRReviewForm component with full-viewport container styling.
Server-side Logic actions/orchestrate.ts, lib/lamatic-client.ts	Exported TypeScript interfaces (ReviewItem, PRReviewResult) and reviewPR server action that validates PR URLs, invokes lamatic.executeFlow, and normalizes multi-level response structures; Lamatic singleton client initialized with environment variables.
Client Components components/PRReviewForm.tsx	Large interactive React component managing PR submission, loading/error/result states, verdict badge styling, issue/suggestion rendering with diff blocks, clipboard-based copy actions, and responsive two-panel layout with CSS keyframes for animations.

Sequence Diagram

sequenceDiagram
    actor User
    participant React as React Component<br/>(PRReviewForm)
    participant Server as Next.js Server<br/>(reviewPR Action)
    participant Lamatic as Lamatic Flow<br/>(Executor)
    participant GitHub as GitHub REST API
    participant LLM as LLM Provider

    User->>React: Paste PR URL & Submit
    React->>Server: Call reviewPR(prUrl)
    Server->>Lamatic: executeFlow({ pr_url })
    Lamatic->>Lamatic: Extract owner/repo/pr_number<br/>via Regex Node
    Lamatic->>GitHub: Fetch PR Diff<br/>(Accept: application/vnd.github.v3.diff)
    GitHub-->>Lamatic: Unified Diff Content
    Lamatic->>LLM: Generate Review<br/>(JSON Schema Constraint)
    LLM-->>Lamatic: Verdict + Issues + Suggestions
    Lamatic-->>Server: Flow Result (nested response)
    Server->>Server: Normalize & Parse<br/>Multi-level Response
    Server-->>React: PRReviewResult Object
    React->>React: Update UI State<br/>(verdict, summary, issues, suggestions)
    React-->>User: Display Review Badge,<br/>Summary & Diff Blocks

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: Add PR Review Agent Kit' directly and clearly summarizes the main change—introduction of a new PR review automation kit with complete setup, documentation, and UI components.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

You can disable the changed files summary in the walkthrough.

Disable the reviews.changed_files_summary setting to disable the changed files summary in the walkthrough.

[coderabbitai]

Actionable comments posted: 6

🧹 Nitpick comments (1)

kits/automation/pr-review/lib/lamatic-client.ts (1)

3-7: Add validation for missing environment variables.

The non-null assertions (!) will cause cryptic runtime errors if any environment variable is missing. Consider adding validation with descriptive error messages to improve developer experience during setup.

♻️ Proposed fix with environment validation

 import { Lamatic } from "lamatic";

+const apiKey = process.env.LAMATIC_API_KEY;
+const projectId = process.env.LAMATIC_PROJECT_ID;
+const endpoint = process.env.LAMATIC_API_URL;
+
+if (!apiKey || !projectId || !endpoint) {
+  throw new Error(
+    `Missing required environment variables. Please check your .env file:\n` +
+    `  LAMATIC_API_KEY: ${apiKey ? "✓" : "✗ missing"}\n` +
+    `  LAMATIC_PROJECT_ID: ${projectId ? "✓" : "✗ missing"}\n` +
+    `  LAMATIC_API_URL: ${endpoint ? "✓" : "✗ missing"}`
+  );
+}
+
 export const lamatic = new Lamatic({
-  apiKey: process.env.LAMATIC_API_KEY!,
-  projectId: process.env.LAMATIC_PROJECT_ID!,
-  endpoint: process.env.LAMATIC_API_URL!,
+  apiKey,
+  projectId,
+  endpoint,
 });

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 446c70ca-8400-4a80-af25-8980d09711ee

📥 Commits

Reviewing files that changed from the base of the PR and between 994954e and 75afc36.

⛔ Files ignored due to path filters (1)

• kits/automation/pr-review/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (13)

• kits/automation/pr-review/.env.example
• kits/automation/pr-review/.gitignore
• kits/automation/pr-review/README.md
• kits/automation/pr-review/actions/orchestrate.ts
• kits/automation/pr-review/app/layout.tsx
• kits/automation/pr-review/app/page.tsx
• kits/automation/pr-review/components/PRReviewForm.tsx
• kits/automation/pr-review/config.json
• kits/automation/pr-review/flows/pr-review-flow/README.md
• kits/automation/pr-review/lib/lamatic-client.ts
• kits/automation/pr-review/next-env.d.ts
• kits/automation/pr-review/package.json
• kits/automation/pr-review/tsconfig.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Treat the flow output as untrusted input.

This branch casts model output straight to PRReviewResult and then echoes the raw payload in thrown errors. If the flow returns malformed JSON or drops a required field, PRReviewForm.tsx Line 322 can surface the full payload to the browser, and Lines 328-331 can still crash while rendering. Parse to unknown, validate summary/issues/suggestions/verdict plus item fields, and replace payload-echoing errors with generic client-safe messages.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Wire each copy button to the pane it belongs to.

Both panes call copyFix, so clicking Copy in the BEFORE block still copies the replacement code instead of the original snippet.

Suggested fix

 function CodeDiff({ code, fix }: { code: string; fix: string }) {
-  async function copyFix() {
+  async function copyText(value: string) {
     try {
-      await navigator.clipboard.writeText(fix);
+      await navigator.clipboard.writeText(value);
     } catch {
       // no-op
     }
   }
@@
-      <CodePane label="BEFORE" symbol="-" text={code} tone="#ff000015" onCopy={copyFix} />
-      <CodePane label="AFTER" symbol="+" text={fix} tone="#00ff0015" borderTop onCopy={copyFix} />
+      <CodePane label="BEFORE" symbol="-" text={code} tone="#ff000015" onCopy={() => copyText(code)} />
+      <CodePane label="AFTER" symbol="+" text={fix} tone="#00ff0015" borderTop onCopy={() => copyText(fix)} />

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	async function copyFix() {
	try {
	await navigator.clipboard.writeText(fix);
	} catch {
	// no-op
	}
	}
	return (
	<div
	style={{
	border: "1px solid #27272a",
	borderRadius: 6,
	overflow: "hidden",
	background: "#1a1a1a",
	}}
	>
	<CodePane label="BEFORE" symbol="-" text={code} tone="#ff000015" onCopy={copyFix} />
	<CodePane label="AFTER" symbol="+" text={fix} tone="#00ff0015" borderTop onCopy={copyFix} />
	async function copyText(value: string) {
	try {
	await navigator.clipboard.writeText(value);
	} catch {
	// no-op
	}
	}
	return (
	<div
	style={{
	border: "1px solid `#27272a`",
	borderRadius: 6,
	overflow: "hidden",
	background: "#1a1a1a",
	}}
	>
	<CodePane label="BEFORE" symbol="-" text={code} tone="#ff000015" onCopy={() => copyText(code)} />
	<CodePane label="AFTER" symbol="+" text={fix} tone="#00ff0015" borderTop onCopy={() => copyText(fix)} />

[coderabbitai]

⚠️ Potential issue | 🟠 Major

The error state is currently unreachable.

When reviewPR throws, result stays null, so the !result || !verdict branch wins and the message stored in error never renders. Bad URLs and flow failures will look like a silent reset instead of a failed review.

One minimal way to surface the error

-            ) : !result || !verdict ? (
+            ) : error ? (
+              <div style={{ fontSize: 13, color: "#fca5a5" }}>{error}</div>
+            ) : !result || !verdict ? (
               <EmptyLeftPanel />
             ) : (
@@
-                {error && <div style={{ fontSize: 13, color: "#fca5a5" }}>{error}</div>}

Also applies to: 565-567, 627-627

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Correct the documented flow node count.

This README says the flow has 4 nodes, but the walkthrough later defines a fifth API Response node. That makes the setup look ambiguous even though the last node is required.

Suggested doc fix

-This flow has 4 nodes: **API Request → Code → API → Generate JSON → API Response**
+This flow has 5 nodes: **API Request → Code → API → Generate JSON → API Response**

Also applies to: 140-142

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check latest versions and security advisories for key dependencies

echo "=== Checking Next.js ==="
curl -s https://registry.npmjs.org/next/latest | jq -r '.version'

echo "=== Checking lamatic ==="
curl -s https://registry.npmjs.org/lamatic/latest | jq -r '.version // "Package not found or no latest tag"'

echo "=== Security advisories for Next.js ==="
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: NPM, package: "next") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Repository: Lamatic/AgentKit

Length of output: 323

---

Update Next.js to a current major version.

Next.js 14.2.5 is significantly outdated; version 16.2.0 is now available. Consider upgrading to the latest major version to receive security updates and new features. The lamatic@^0.1.0 dependency already permits updates (latest available is 0.3.2), though be mindful of breaking changes in early-stage dependencies.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Populate or remove the empty demo section.

Right now this renders as a blank blockquote, so the README advertises a demo without giving readers anything to open or compare against.

[Supsource]

closed as opened in #74