review-flow

reviewflow is an npm CLI/server that automates AI code reviews for GitHub PRs and GitLab merge requests. It receives webhook events, queues and deduplicates review jobs, runs multi-agent Claude Code reviews, reports structured progress via an MCP server, streams live status to a WebSocket dashboard, posts review results to the MR/PR, and performs follow-up reviews after fix pushes.

Evaluated Mar 30, 2026 (21d ago)
Homepage ↗ Repo ↗ DevTools ai-ml automation code-review claude mcp webhooks dashboard typescript github gitlab
⚙ Agent Friendliness
50
/ 100
Can an agent use this?
🔒 Security
54
/ 100
Is it safe for agents?
⚡ Reliability
38
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
65
Documentation
70
Error Messages
0
Auth Simplicity
55
Rate Limits
10

🔒 Security

TLS Enforcement
70
Auth Strength
55
Scope Granularity
25
Dep. Hygiene
55
Secret Handling
65

README mentions generation of webhook secrets during init, but does not describe transport security requirements (e.g., mandatory HTTPS) or secret storage/rotation. OAuth is delegated to GitHub/GitLab CLIs, but fine-grained scope documentation is not provided. WebSocket dashboard and log streaming increase the need for access control, which is not detailed in the provided content.

⚡ Reliability

Uptime/SLA
0
Version Stability
45
Breaking Changes
40
Error Recovery
65
AF Security Reliability

Best When

You want a self-hosted-style review automation workflow tightly integrated with GitHub/GitLab webhooks and want agents/progress tracked via MCP and a live dashboard.

Avoid When

You cannot provide OAuth/CLI-based authentication for GitHub/GitLab actions or you need a stable, well-specified public API/SDK for programmatic integration beyond basic endpoints/webhooks.

Use Cases

  • Automated AI code review for GitHub PRs and GitLab MRs
  • Multi-agent, standards-based auditing (architecture, tests, quality, etc.)
  • Iterative review cycles with automatic follow-ups when developers push fixes
  • Live review progress tracking and job management via a dashboard

Not For

  • Environments that cannot run a persistent local/server process to receive webhooks
  • Teams that require fully deterministic, offline-only review (uses external AI via Claude Code)
  • Use cases needing a strict, vendor-agnostic API for embedding into other systems (API docs appear limited to endpoints, no clients/SDKs shown)

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
Yes

Authentication

Methods: GitHub CLI OAuth (gh) integration GitLab CLI OAuth (glab) integration Webhook secrets (generated during init)
OAuth: Yes Scopes: No

README indicates no API tokens needed because GitHub/GitLab use secure CLI-based OAuth, plus webhook secrets for webhook verification. No fine-grained OAuth scopes or exact auth flow details are documented in the provided README.

Pricing

Free tier: No
Requires CC: No

Pricing for any external AI usage (Claude Code/LLM tokens) is not described in the provided content; reviewflow itself is MIT licensed.

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • Follow-up reviews rely on discussion threads being re-read and issues being resolved; if thread state/format differs from expectations, follow-up resolution behavior may be inconsistent.
  • Webhook-driven queue deduplication can suppress repeated events within a time window; clients expecting one review per push event may need to align with dedup timing.

Alternatives

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for review-flow.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo

Scores are editorial opinions as of 2026-03-30.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered