Code Reviews
Kilo's Code Reviews feature automatically analyzes your pull requests using an AI model of your choice. It can review code the moment a PR is opened or updated, surface issues, and provide structured feedback across performance, security, style, and test coverage.
What Code Reviews Enable
- Automated AI review on every pull request
- Consistent feedback based on your team’s standards
- Automatic detection of bugs, security risks, and anti-patterns
- Deep reasoning over changed files, diffs, and repo context
- Customizable review strictness and focus areas
Prerequisites
Before enabling Code Reviews:
- GitHub Integration must be configured
Connect your account via the Integrations tab so that the Review Agent can access your repositories.
Cost
- Compute and review time are free during limited beta
- Feedback is welcome in the Code Reviews beta Discord channel:
- Kilo Code credits are still used when the agent performs model reasoning during a review.
How to Use
- Go to the Review Agent section in your Kilo Code personal or Organization dashboard.
- Toggle Enable AI Code Review to automatically review PRs on open/update.
- Choose an AI Model (e.g., Grok Code Fast 1).
- Select a Review Style:
- Strict
- Balanced
- Lenient
- Choose which repositories should receive automatic reviews.
- Optionally select Focus Areas such as:
- Security vulnerabilities
- Performance issues
- Bug detection
- Code style
- Test coverage
- Documentation gaps
- Set a maximum review time (5–30 minutes).
- Add custom instructions to shape how the agent reviews your code.
Once configured, the Review Agent will run automatically on PR events.
How Code Reviews Work
- When a pull request is opened or updated:
- The Review Agent receives the PR metadata, diff, and file context.
- The selected model analyzes all changes.
- The agent applies your chosen review style and focus areas.
- It generates a structured review with:
- Inline comments
- Summary findings
- Suggested fixes
- Risk and severity tagging
- Reviews respect the maximum time limit you set.
- Only repositories you’ve selected will trigger automatic analysis.
Reviews are posted directly in GitHub as if coming from a team reviewer.
Review Styles
Strict
- Flags all potential issues
- Emphasizes correctness, quality, and security
- Useful for mission-critical code paths or production services
Balanced
- Most popular option
- Prioritizes clarity and practicality
- Surfaces important issues without overwhelming noise
Lenient
- Flags only critical issues
- Encouraging and lightweight
- Ideal for exploratory PRs, prototypes, or early WIP reviews
Focus Areas
You can tailor what the Review Agent pays attention to:
Security Vulnerabilities
- SQL injection
- XSS
- Unsafe APIs
- Secrets and credential exposure
Performance Issues
- N+1 queries
- Inefficient loops
- High-complexity functions
Bug Detection
- Logic errors
- Edge-case failures
- Incorrect assumptions
Code Style
- Formatting
- Naming conventions
- Readability improvements
Test Coverage
- Missing or inadequate tests
- Uncovered logic paths
Documentation
- Missing comments
- Unclear APIs
Perfect For
The Review Agent is ideal for:
- Teams wanting consistent, real-time PR reviews
- Small teams without dedicated reviewers
- Large repos where issues are easy to miss
- High-velocity engineering orgs shipping many daily PRs
- Security-focused environments requiring strict gates
- Educating junior developers with rich explanations
Limitations and Guidance
- Reviews can run for up to 30 minutes depending on your setting.
- The agent reviews only the changed files, not the entire repository.
- Some highly dynamic or domain-specific code may require additional context in custom instructions.
- The agent will only run on selected repositories.
- During beta, review capacity may be throttled for extremely large PRs.