XavvyNess Code Reviewer

AI code review agent. Point it at any public GitHub repo or paste code directly — get a structured review with critical issues, improvement suggestions, and a score out of 10. Powered by Claude 3.5 Haiku for security/full reviews, Llama 3.3 70B for style/performance.

Demo

🎬 Video demo coming soon. Upload code-reviewer.mp4 to YouTube, then run python3 scripts/actor-video-gen.py --embed-readmes to embed it here automatically.

---

What it does

1. Fetches real source files via GitHub API — not just metadata, actual code content
2. Smart file prioritization — scores and selects the most important files (skips node_modules, dist, lock files, binaries)
3. Auto-detects default branch — works on repos using main, master, or any other default
4. Structured review output — Summary, Critical Issues, Improvements, Positives, Score/10
5. Two input modes — GitHub repo URL or raw code paste

---

Input

Field	Type	Default	Description
repoUrl	string	—	GitHub repo URL (e.g. https://github.com/owner/repo)
code	string	—	Paste raw code instead of a repo URL
language	string	—	Language hint for inline code (e.g. typescript)
focus	enum	full	full · security · performance · style
branch	string	main	Branch to review (auto-detected if repo uses different default)
maxFiles	integer	10	Max files to review (1–50)

One of repoUrl or code is required.

Example — GitHub repo

{
  "repoUrl": "https://github.com/expressjs/express",
  "focus": "security",
  "maxFiles": 20
}

Example — paste code

{
  "code": "const query = `SELECT * FROM users WHERE id = ${req.params.id}`",
  "language": "javascript",
  "focus": "security"
}

---

Example output

Real output from a live run on apify/apify-sdk-js:

{
  "repo": "https://github.com/apify/apify-sdk-js",
  "source": "github",
  "branch": "master",
  "focus": "full",
  "filesReviewed": 5,
  "files": ["src/actor.ts", "src/charging.ts", "src/configuration.ts", "src/index.ts", "src/input-schemas.ts"],
  "score": 8,
  "summary": "The codebase is well-structured and follows good practices, with clear documentation. Organized into modules with specific responsibilities — actor management, charging, configuration, and input schema handling. Overall the code is well-written and architecture is sound.",
  "review": "## Summary\nWell-structured with clear documentation...\n\n## Critical Issues 🔴\nNone found. Free of security vulnerabilities, syntax errors, or major logical flaws.\n\n## Improvements 🟡\n1. **Error Handling** — More comprehensive error logging would help debug edge cases.\n2. **Type Definitions** — `Dictionary` and `Record` types could be more specific.\n3. **Code Duplication** — `readJSONIfExists` appears in multiple modules.\n\n## Positives ✅\n- Clear module separation with single responsibilities\n- Comprehensive TypeScript types throughout\n- Well-documented public API surface\n\n## Score\n8/10 — Production-ready with only minor improvements needed.",
  "criticalIssues": 0,
  "model": "groq/llama-3.3-70b-versatile",
  "agent": "XavvyNess Code Reviewer",
  "runAt": "2026-04-08T22:22:10.000Z"
}

---

Review structure

Every review follows this exact format:

## Summary
2-3 sentence overall assessment

## Critical Issues 🔴
Must-fix bugs, security holes, or broken logic
(or "None found" if the code is clean)

## Improvements 🟡
Recommended changes with brief reasoning

## Positives ✅
What's done well

## Score
X/10 — one sentence justification

---

Focus modes and model routing

Focus	Model	Best for
security	Llama 3.3 70B (Groq)	SQL injection, XSS, auth issues, OWASP Top 10
full	Llama 3.3 70B (Groq)	Comprehensive review across all areas
performance	Llama 3.3 70B (Groq)	N+1 queries, memory leaks, unnecessary re-renders
style	Llama 3.3 70B (Groq)	Readability, naming, complexity, best practices

All reviews use Llama 3.3 70B via Groq — fast, structured output, and free-tier eligible.

---

File prioritization

The actor scores files by importance before fetching:

1. src/, app/, lib/, server/, api/ — source directories (highest priority)
2. Entry points: index.ts, main.js, app.py, server.go
3. Dependency manifests: package.json, Cargo.toml, go.mod, requirements.txt
4. Any .ts, .js, .py, .go, .rs, .java file (lowest priority)

Skipped automatically: node_modules, dist, build, .next, *.lock, *.min.js, *.map, images, fonts.

---

Use cases

• Pre-merge security check — "Does this PR introduce any vulnerabilities?"
• Open-source due diligence — "Is this library safe to add as a dependency?"
• Code quality gate — "Score this before we ship to production"
• Learning tool — "What would a senior engineer say about my code?"
• Compliance prep — "Flag anything that might fail a SOC2 audit"
• PR review assist — Paste the changed code, get a structured second opinion

---

Integration

Via Apify JavaScript client

import { ApifyClient } from 'apify-client';

const client = new ApifyClient({ token: 'YOUR_APIFY_TOKEN' });

const run = await client.actor('AqpYDXAFzXWOCe10G').call({
  repoUrl: 'https://github.com/expressjs/express',
  focus: 'security',
});

const { items } = await client.dataset(run.defaultDatasetId).listItems();
console.log(`Score: ${items[0].score}/10`);
console.log(items[0].review);

Via HTTP API

curl -X POST \
  "https://api.apify.com/v2/acts/AqpYDXAFzXWOCe10G/runs?token=YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "repoUrl": "https://github.com/expressjs/express",
    "focus": "full"
  }'

Via Make.com / Zapier

Use the Apify module → Run Actor action. Actor ID: AqpYDXAFzXWOCe10G. Map {{score}}, {{summary}}, and {{review}} from the output to your next step (Slack notification, database write, email, etc.).

---

Private repositories

To review a private GitHub repository, add your GitHub personal access token to the actor's environment variables:

• Key: GITHUB_TOKEN
• Value: A GitHub PAT with repo scope

The token is used only to authenticate GitHub API requests during the run and is never stored or logged.

---

Pricing

$0.05 per review ($50.00 per 1,000 reviews) — PAY_PER_RESULT. Failed runs are not charged — you only pay for completed reviews.

---

Limitations

• Analyzes up to maxFiles files (default 10, configurable up to 50). For very large repos, the most important files are prioritized automatically.
• File content is truncated at 3,000 characters per file to fit within model context limits. Full files are fetched but only the first 3,000 chars are reviewed.
• Works best on repos with clear source structure. Monorepos with unusual layouts may require specifying a subdirectory (planned feature).
• Only public repos are supported without a GITHUB_TOKEN.

---

About XavvyNess

XavvyNess is an AI agent platform focused on practical, production-ready automation. This actor is part of a suite of research and development tools built for developers and operators who need real answers fast.

Questions or feature requests → open an issue or contact us via the Apify Store.