ai-code-buddy-0.1.3 is not a library.
Visit the last successful build:
ai-code-buddy-0.4.20
AI Code Buddy
๐ค An AI-powered code review tool that analyzes Git repositories and provides intelligent feedback on code quality, security, performance, and maintainability.
Features
- ๐ Intelligent Code Analysis: Uses AI-powered pattern matching to analyze code and provide meaningful suggestions
- ๐ก๏ธ OWASP Security Analysis: Comprehensive OWASP Top 10 vulnerability detection with precise line-by-line reporting
- ๐ฒ Git Branch Comparison: Compare commits between branches with detailed diff analysis
- ๐ฏ Multi-Language Support: Supports Rust, JavaScript, Python, and more programming languages
- ๐ Detailed Reporting: Categorized issues by severity (Critical, High, Medium, Low, Info)
- ๐ฅ๏ธ Dual Interface: Both CLI and interactive TUI modes
- ๐ Multiple Output Formats: Summary, detailed, JSON, and Markdown output formats
- ๐จ File Filtering: Include/exclude files using glob patterns
- ๐ฅ Credits System: Track and display all project contributors
- ๐ง Professional CLI: Complete argument parsing with help and validation
Installation
From crates.io
From source
Command Line Interface
Usage
Arguments
| Argument | Description | Default |
|---|---|---|
[REPO_PATH] |
Path to the Git repository | Current directory (.) |
Options
| Option | Short | Description | Default | Example |
|---|---|---|---|---|
--source <BRANCH> |
-s |
Source branch to compare from | main |
-s feature-branch |
--target <BRANCH> |
-t |
Target branch to compare to | HEAD |
-t develop |
--cli |
Run in CLI mode with text output | Interactive TUI | --cli |
|
--verbose |
-v |
Enable verbose output for debugging | Off | -v |
--credits |
Show credits and list all contributors | Off | --credits |
|
--format <FORMAT> |
-f |
Output format for results | summary |
-f json |
--exclude <PATTERN> |
Exclude files matching glob pattern | None | --exclude "test_files/**" |
|
--include <PATTERN> |
Include only files matching glob pattern | None | --include "src/**" |
|
--help |
-h |
Print help information | --help |
|
--version |
-V |
Print version information | --version |
Output Formats
| Format | Description | Use Case |
|---|---|---|
summary |
Summary output with key findings | Quick overview and human review |
detailed |
Detailed output with all issues | Comprehensive analysis |
json |
JSON format for programmatic use | CI/CD integration, tooling |
markdown |
Markdown format for documentation | GitHub Issues, documentation |
Examples
Basic Usage
1. Quick Analysis (Interactive Mode)
Launches the interactive TUI interface for exploring issues.
2. CLI Analysis with Summary
Output Example:
๐ AI Code Review Tool v0.1.0
๐ Repository: .
๐ฟ Comparing: main โ HEAD
๐ฏ Code Review Summary
==========================================
๐ฟ Branches: main โ test-ai-analysis
๐ Files modified: 8
โ Lines added: 6
โ Lines removed: 702
๐ Total issues: 1
๐ค AI Assessment:
Based on the code changes between branches, I've analyzed 2 files with detailed attention to security, performance, and code quality.
KEY FINDINGS:
โข src/main.rs:
๐จ CRITICAL: Line 84: Potential command injection vulnerability
โ ๏ธ HIGH: Line 93: Potential path traversal vulnerability
โ ๏ธ MEDIUM: Line 377: Inefficient string concatenation pattern
๐ Technology Stack:
Languages: Rust, JavaScript, Python
๐ Issues by Category:
Maintainability: 1 issues
๐ถ src/main.rs:221
Function is too long
Advanced Usage
3. Compare Specific Branches
4. Exclude Test Files
5. Include Only Source Files
6. JSON Output for CI/CD
JSON Output Example:
7. Markdown Report Generation
8. Verbose Analysis with Debugging
9. Show Contributors and Credits
10. OWASP Security Analysis Example
OWASP Analysis Output Example:
๐ AI Code Review Tool v0.1.0
๐ Repository: .
๐ฟ Comparing: main โ HEAD
โข test_files/javascript/owasp_vulnerabilities.js:
๐จ CRITICAL [OWASP A01]: Line 11: Insecure Direct Object Reference
๐จ CRITICAL [OWASP A03]: Line 11: SQL injection vulnerability
๐จ CRITICAL [OWASP A01]: Line 15: Missing authorization check for admin endpoint
๐จ CRITICAL [OWASP A02]: Line 34: Hardcoded secrets/credentials
๐จ CRITICAL [OWASP A02]: Line 35: Hardcoded secrets/credentials
๐จ CRITICAL [OWASP A02]: Line 36: Hardcoded secrets/credentials
๐จ CRITICAL [OWASP A02]: Line 42: Weak cryptographic algorithm
โ ๏ธ HIGH [OWASP A02]: Line 48: Insecure storage of sensitive data
๐จ CRITICAL [OWASP A03]: Line 58: SQL injection vulnerability
๐จ CRITICAL [OWASP A03]: Line 73: Command injection vulnerability
๐จ CRITICAL [OWASP A03]: Line 171: Code injection vulnerability via eval()
๐จ CRITICAL [OWASP A03]: Line 178: Code injection vulnerability via eval()
โ ๏ธ HIGH [OWASP A09]: Line 195: Logging sensitive information
๐จ CRITICAL [OWASP A03]: Line 232: DOM-based XSS vulnerability
Credits Output Example:
๐ AI Code Buddy - Credits & Contributors
==========================================
๐ About AI Code Buddy:
AI Code Buddy is an intelligent code analysis tool that combines
advanced pattern matching with AI-powered analysis to provide
comprehensive code reviews with precise line-by-line feedback.
๐ฅ Contributors to this project:
==========================================
๐ฅ Edgar H Sanchez <esanchez@m2iab.com>
๐ 20 commits
๐
First contribution: 2025-04-02
๐
Latest contribution: 2025-08-01
๐ง Built with:
โข Rust ๐ฆ - Systems programming language
โข Kalosm - AI/ML framework
โข Git2 - Git repository analysis
โข Clap - Command-line argument parsing
โข Tokio - Async runtime
File Filtering Examples
Include Only Rust Files
Exclude Generated and Build Files
Focus on Source Code Only
CI/CD Integration Examples
GitHub Actions Integration
- name: Run AI Code Review
run: |
cargo install ai-code-buddy
ai-code-buddy --cli --format json --source ${{ github.event.pull_request.base.ref }} --target ${{ github.event.pull_request.head.ref }} > review.json
GitLab CI Integration
code_review:
script:
- cargo install ai-code-buddy
- ai-code-buddy --cli --format markdown --source $CI_MERGE_REQUEST_TARGET_BRANCH_NAME --target $CI_COMMIT_REF_NAME
Interactive TUI Mode
Launch without --cli flag for an interactive interface:
TUI Features
- Arrow keys: Navigate through issues
- Enter: View detailed issue information
- R: Generate comprehensive report
- Q: Quit application
- Tab: Switch between different views
- Space: Toggle issue selection
Issue Categories
- ๐ Security: Potential security vulnerabilities
- ๐ Potential Bugs: Code patterns that might cause issues
- โก Performance: Performance optimization opportunities
- ๐ Documentation: Missing or inadequate documentation
- ๐จ Style: Code style and formatting issues
- ๐ง Maintainability: Code maintainability improvements
- ๐ Readability: Code readability enhancements
- ๐งช Testing: Testing-related suggestions
Configuration
AI Buddy automatically detects:
- Repository technology stack
- Programming languages used
- Code patterns and anti-patterns
- Git branch structure
- File dependencies and relationships
Requirements
- Rust 1.70+
- Git repository
- Network connection for AI processing (when available)
Tips and Best Practices
Performance Optimization
- Use
--excludepatterns to skip large directories liketarget/,node_modules/,dist/ - Focus analysis using
--includepatterns for specific directories - Use
--format jsonfor programmatic processing in scripts
Security Analysis
AI Code Buddy includes comprehensive OWASP Top 10 security analysis with precise line-by-line vulnerability detection:
OWASP Top 10 Coverage
-
๐จ A01: Broken Access Control
- Insecure Direct Object References
- Missing authorization checks
- Path traversal vulnerabilities
-
๐ A02: Cryptographic Failures
- Hardcoded secrets and credentials
- Weak cryptographic algorithms (MD5, SHA1)
- Insecure storage of sensitive data
-
๐ A03: Injection
- SQL injection vulnerabilities
- Command injection risks
- Cross-Site Scripting (XSS)
- Code injection via eval()
-
โ ๏ธ A04: Insecure Design
- Missing rate limiting
- Overly permissive CORS configuration
- Insufficient security controls
-
๐ง A05: Security Misconfiguration
- Debug mode in production
- Default credentials
- Insecure cookie configuration
-
๐งฉ A06: Vulnerable Components
- Memory safety issues (Rust unsafe code)
- Outdated dependency patterns
-
๐ A07: Authentication Failures
- Weak password policies
- Session fixation vulnerabilities
- Missing multi-factor authentication
-
๐ก๏ธ A08: Software Integrity Failures
- Insecure deserialization
- Missing integrity checks
- Remote code execution risks
-
๐ A09: Logging & Monitoring Failures
- Logging sensitive information
- Missing audit trails
- Information disclosure
-
๐ A10: Server-Side Request Forgery
- Unvalidated URL requests
- Internal service exposure
- SSRF attack vectors
Security Best Practices
- Run analysis before merging feature branches
- Pay special attention to Critical and High severity issues
- Use verbose mode (
-v) for debugging analysis issues - Review OWASP findings with security team
- Test fixes in isolated environments
File Filtering Best Practices
# Exclude common build/generated directories
# Include only source code
# Language-specific filtering
Output Format Selection
- Summary: Quick daily code reviews
- Detailed: Comprehensive analysis before releases
- JSON: CI/CD integration and automated processing
- Markdown: Documentation and GitHub issue reports
Troubleshooting
Common Issues
Git Repository Not Found
# Ensure you're in a git repository
# Or specify the repository path explicitly
Branch Not Found
# List available branches
# Use correct branch names
No Issues Found
This usually means:
- No differences between the specified branches
- All files are excluded by patterns
- Analysis is limited to supported file types
Performance Issues with Large Repositories
# Exclude large directories
# Focus on specific areas
API and Integration
Exit Codes
0: Analysis completed successfully1: Error occurred during analysis2: Invalid arguments or configuration
Environment Variables
AI Code Buddy respects standard Git environment variables:
GIT_DIR: Git directory locationGIT_WORK_TREE: Working tree location
Contributing
- Rust 1.70+
- Git repository
- Network connection for AI processing
Contributing
We welcome contributions! Here's how you can help:
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Make your changes and add tests
- Run the analysis:
ai-code-buddy --cli --source main --target feature/amazing-feature - Commit your changes:
git commit -m 'Add amazing feature' - Push to the branch:
git push origin feature/amazing-feature - Open a Pull Request
Development Setup
Testing Your Changes
# Test the CLI
# Test with your changes
# Run the test suite
License
This project is licensed under the MIT License - see the LICENSE file for details.
Roadmap
- Professional CLI with comprehensive argument parsing
- Multiple output formats (Summary, Detailed, JSON, Markdown)
- File filtering with glob patterns
- Contributors and credits system
- Support for more programming languages (Go, Java, C++)
- Custom rule configuration files
- Integration with popular CI/CD pipelines
- Web interface for team collaboration
- Real AI integration with Kalosm
- Plugin system for custom analyzers
- Performance metrics and benchmarking
- Integration with IDEs and editors
Acknowledgments
- Built with Kalosm for AI language processing
- Uses git2 for Git repository analysis
- Powered by clap for professional CLI parsing
- Async runtime provided by tokio
Made with โค๏ธ by the AI Code Buddy team
For more examples and advanced usage, check out our documentation and examples repository.