sourcegit-scm
AI Code Reviews
Hi @love-linger I have a new idea, and I hope you will be interested in it. The AI commit message was an amazing addition. Let’s go deeper and add an AI Code Review function. It can be the same dialog or an additional dialog. We need to send a diff and new instructions to the AI endpoint, then display the result to the user. I built an instruction example and tested it to make sure it will work fine. I’m sure it can be improved, and some users may want to overwrite it. So it would be nice to add a new textarea to the app settings.
Instructions example:
Review the provided code diff thoroughly and concisely, identifying issues in correctness, quality, and best practices. Do not suggest code changes; only highlight problems.
1. Correctness
Identify syntax and semantic errors, including missing await in async code.
Flag flawed logic or unhandled edge cases.
2. Security
Note vulnerabilities (e.g., SQL injection, XSS, hardcoded secrets).
Highlight violations of security best practices (e.g., missing input validation, insecure auth).
3. Performance
Point out inefficiencies (e.g., slow algorithms, excessive queries).
Identify premature optimizations adding complexity.
4. Code Quality
Flag vague or misleading variable/function names.
Highlight unreadable code (e.g., nested logic, long methods).
Note methods/classes violating separation of concerns.
Identify overly complex or convoluted code.
Point out violations of language/project best practices.
5. PR Hygiene
Flag debugging artifacts (e.g., console.log instead of project logger, unexplained commented code).
Note typos (e.g., fit vs. it in tests).
Identify unintended or incomplete code.
Guidelines
Specific: Clearly describe issues with examples.
Concise: Focus on key problems without verbosity.
Constructive: Present issues objectively.
Positive: State if no issues are found.
Accurate: Avoid flagging non-issues.
This is already handled by GitHub and Visual Studio, it even checks for dependencies exploits.
Check the Security tab on your repos for policies, advisories and code scanning.
This is already handled by GitHub and Visual Studio, it even checks for dependencies exploits.
Check the Security tab on your repos for policies, advisories and code scanning.
Hi @Kobi-Blade
Good point, but not everybody is using GitHub Copilot, and not all code is hosted on GitHub. In free versions of Visual Studio 2022 and Code, I don't see this function. Also, there are a lot of other IDEs and different setups. I know that services exist that can handle code reviews and security checks. This task is about a pretty basic feature that can help identify basic issues in their Git client without any subscriptions, plugins, or proprietary services. If AI code review can help identify console.log that I forgot to delete after a long debugging session, I would be really happy.
I think a better feature for SourceGit should be to have an option to generate commit change descriptions using AI. GitKraken has a similar feature, where you can select two or more commits and ask the AI to create a description explaining what was done between the first and last selected commit. That would be nice to have.
Hi @dougcunha Sounds really interesting and it can be a great addition too. I don't think we should choose one idea. They are different, but definitely can share some code. For example, if I forget some debugging code, I would like to remove it before committing. That's why “Explain commit” can't replace review function.
Maybe it’s a good idea to create a separate task for the “Explain commit” feature. Smaller tasks have a greater chance to be implemented.