{"id":"dgouron-review-flow","name":"review-flow","homepage":"https://dgouron.github.io/review-flow","repo_url":"https://github.com/DGouron/review-flow","category":"devtools","subcategories":[],"tags":["ai-ml","automation","code-review","claude","mcp","webhooks","dashboard","typescript","github","gitlab"],"what_it_does":"reviewflow is an npm CLI/server that automates AI code reviews for GitHub PRs and GitLab merge requests. It receives webhook events, queues and deduplicates review jobs, runs multi-agent Claude Code reviews, reports structured progress via an MCP server, streams live status to a WebSocket dashboard, posts review results to the MR/PR, and performs follow-up reviews after fix pushes.","use_cases":["Automated AI code review for GitHub PRs and GitLab MRs","Multi-agent, standards-based auditing (architecture, tests, quality, etc.)","Iterative review cycles with automatic follow-ups when developers push fixes","Live review progress tracking and job management via a dashboard"],"not_for":["Environments that cannot run a persistent local/server process to receive webhooks","Teams that require fully deterministic, offline-only review (uses external AI via Claude Code)","Use cases needing a strict, vendor-agnostic API for embedding into other systems (API docs appear limited to endpoints, no clients/SDKs shown)"],"best_when":"You want a self-hosted-style review automation workflow tightly integrated with GitHub/GitLab webhooks and want agents/progress tracked via MCP and a live dashboard.","avoid_when":"You cannot provide OAuth/CLI-based authentication for GitHub/GitLab actions or you need a stable, well-specified public API/SDK for programmatic integration beyond basic endpoints/webhooks.","alternatives":["GitHub Actions / GitLab CI pipelines with custom AI review scripts","Other PR review automation tools that use LLMs and post comments (self-hosted or SaaS)","Frameworks for MCP tool servers and custom dashboarding, paired with your own MR/PR review bot"],"af_score":49.5,"security_score":54.0,"reliability_score":37.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:27:32.624864+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":true},"auth":{"methods":["GitHub CLI OAuth (gh) integration","GitLab CLI OAuth (glab) integration","Webhook secrets (generated during init)"],"oauth":true,"scopes":false,"notes":"README indicates no API tokens needed because GitHub/GitLab use secure CLI-based OAuth, plus webhook secrets for webhook verification. No fine-grained OAuth scopes or exact auth flow details are documented in the provided README."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Pricing for any external AI usage (Claude Code/LLM tokens) is not described in the provided content; reviewflow itself is MIT licensed."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":49.5,"security_score":54.0,"reliability_score":37.5,"mcp_server_quality":65.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":55.0,"rate_limit_clarity":10.0,"tls_enforcement":70.0,"auth_strength":55.0,"scope_granularity":25.0,"dependency_hygiene":55.0,"secret_handling":65.0,"security_notes":"README mentions generation of webhook secrets during init, but does not describe transport security requirements (e.g., mandatory HTTPS) or secret storage/rotation. OAuth is delegated to GitHub/GitLab CLIs, but fine-grained scope documentation is not provided. WebSocket dashboard and log streaming increase the need for access control, which is not detailed in the provided content.","uptime_documented":0.0,"version_stability":45.0,"breaking_changes_history":40.0,"error_recovery":65.0,"idempotency_support":"false","idempotency_notes":"Deduplication exists for review jobs and failed jobs clear deduplication for immediate re-triggering, but no explicit idempotency guarantees are stated for endpoints or webhook handling.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Follow-up reviews rely on discussion threads being re-read and issues being resolved; if thread state/format differs from expectations, follow-up resolution behavior may be inconsistent.","Webhook-driven queue deduplication can suppress repeated events within a time window; clients expecting one review per push event may need to align with dedup timing."]}}