AI code review for GitHub PRs
AI code review, anchored to real lines
A provider-agnostic GitHub Action — Claude or OpenAI — that posts inline review comments with one-click suggestions, and runs CVE and secret scanning in parallel, all in a single PR review.
Everything in one review
An AI reviewer plus deterministic scanners, sharing the same severity pipeline and posting once.
Anchored inline comments
Suggestions land on the exact diff line — not a wall of text at the bottom of the PR.
No hallucinated lines
The post tool validates every (file, line) against the real diff before accepting, and hints the agent toward valid lines on rejection.
Dependency CVE scanning
Parses changed lockfiles and queries OSV.dev for known CVEs — npm, yarn, pnpm, and pinned pip requirements.
Secret detection
Scans added lines for ~14 high-confidence credential patterns — AWS keys, GitHub PATs, Slack, Stripe, PEM keys — masked before posting.
Claude or OpenAI
Defaults to Claude Sonnet. Swap to Haiku for cost, Opus for depth, or a GPT / o-series model — provider is inferred from the id.
Noise control
Severity floor plus per-file and per-PR comment caps keep reviews signal-dense instead of overwhelming.
Repo-aware context
Reads .vor.yml, CLAUDE.md, AGENTS.md, and custom docs so findings respect your conventions.
Sticky reviews
Re-run any time. Prior agent reviews are dismissed so you only ever see the latest pass against HEAD.
Works with your stack
The AI review reads any language — no per-language setup. Deterministic scanners add zero-token depth wherever your toolchain runs.
Any language
The agent reasons over any diff the model understands — no language list to maintain.
JavaScript & TypeScript
Your repo’s ESLint, tsc —noEmit, and knip, surfaced inline.
Python
Ruff, run against the .py files your PR changes.
Dart
dart analyze on changed .dart files.
GitHub Actions
actionlint flags workflow and shell mistakes in your CI.
Custom rules
Bring your own Semgrep ruleset under .vor/semgrep-rules (opt-in).
Dependency CVEs
npm (package-lock, yarn, pnpm) and PyPI (
requirements.txt) via OSV.dev.
Secrets
~14 credential patterns — any language, any file.
Linters run only when the tool is available in your repo, so they stay silent on stacks they don’t apply to.
60-second setup
Drop one workflow file in your repo, add your API key as a secret, and trigger a review by hand.
name: Voron: workflow_dispatch: inputs: pr_number: description: 'PR number to review' required: true
permissions: contents: read pull-requests: write
jobs: review: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: { fetch-depth: 0 } - uses: driches/vor@v0 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} pr_number: ${{ inputs.pr_number }}Prefer OpenAI? Swap in openai_api_key and set model: gpt-4.1 — the provider is inferred from the model id. Then: Actions → Vor → Run workflow → enter the PR number. A sticky review appears within minutes.
What a review looks like
Findings land on the exact line, tagged by severity, with concrete suggestions and provenance.
lodash@4.17.20 is affected by prototype pollution.
via OSV · GHSA-jf85-cpcp-j695 — fixed in 4.17.21
Why this works when “ask the AI to review the PR” doesn’t
Output is actionable, not prose
The agent has no free-text output channel. Findings can only surface through the validated
post_inline_comment tool.
Comments land inline
Reviews post via pulls.createReview with a structured comments[]
array — path, line, side, and suggestion blocks.
No hallucinated lines
The validator rejects any line outside the real diff and returns the valid ranges as a hint, so the agent self-corrects.
Add it to your repo
Free, MIT-licensed, and runs on your own API key. Manual-trigger by default — no surprise token spend.
Path traversal —
req.body.filenameflows intopath.joinunsanitized, so../../etc/passwdescapes the upload dir.Why it matters: an attacker controls the write path and can overwrite arbitrary files.