GitHub Integration
Mesrai integrates seamlessly with GitHub to provide AI-powered code reviews directly in your pull requests.
Overview
The GitHub integration enables:
- Automatic PR Reviews: AI analyzes every pull request
- Inline Comments: Contextual suggestions on specific code lines
- Status Checks: Review results appear in PR checks
- Review Summaries: High-level analysis of changes
- Security Scanning: Identify vulnerabilities automatically
Quick Start
Get started with GitHub integration in 3 steps:
- Install the App: Install Mesrai GitHub App
- Select Repositories: Choose which repos to enable
- Start Reviewing: Open a PR and get instant feedback
Features
Automatic Code Review
Every pull request triggers an automatic review:
- Smart Analysis: Understands your entire codebase context
- Fast Results: Reviews complete in under 60 seconds
- Detailed Feedback: Architecture, security, and performance insights
Inline Comments
Mesrai posts comments directly on relevant code lines:
// Mesrai will comment on issues like this:
function processData(data) {
// ⚠️ Missing input validation
return data.map((x) => x * 2);
}Review Status Checks
GitHub status checks show review results:
- ✅ Passed: No critical issues found
- ⚠️ Warning: Non-blocking suggestions
- ❌ Failed: Critical issues require attention
Configuration
Repository Settings
Configure per-repository via .mesrai.yml:
# .mesrai.yml
version: 1
github:
enabled: true
auto_review: true
# Review triggers
on:
pull_request: true
push_to_main: false
# Comment settings
comments:
style: conversational
inline: true
summary: trueIgnored Files
Exclude files from reviews:
ignore:
- "**/*.test.js"
- "dist/**"
- "node_modules/**"
- "*.md"Integration Types
GitHub App (Recommended)
Best for teams and organizations:
- Easy one-click installation
- Granular repository permissions
- Automatic webhook configuration
- No manual API key management
GitHub Actions
For custom workflows:
# .github/workflows/mesrai.yml
name: Mesrai Review
on:
pull_request:
types: [opened, synchronize]
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: mesrai/review-action@v1
with:
api-key: ${{ secrets.MESRAI_API_KEY }}Permissions
Mesrai requires these GitHub permissions:
| Permission | Access | Why Needed |
|---|---|---|
| Pull requests | Read/Write | Post reviews and comments |
| Contents | Read | Analyze code and files |
| Metadata | Read | Access repo information |
| Checks | Write | Update PR status checks |
Review Types
Full Review
Comprehensive analysis of all changes:
@mesrai review --full- Deep architectural analysis
- Performance profiling
- Security audit
- Best practices check
Quick Review
Fast feedback on critical issues only:
@mesrai review --quick- Syntax errors
- Critical security issues
- Breaking changes
Focused Review
Target specific concerns:
@mesrai review security
@mesrai review performance
@mesrai review styleBest Practices
1. Enable Auto-Review
Let Mesrai review every PR automatically:
# .mesrai.yml
auto_review: true2. Set Up Branch Protection
Require Mesrai checks before merging:
- Go to Settings → Branches
- Add rule for
mainbranch - Enable Require status checks to pass
- Select
mesrai/review
3. Configure Review Depth
Balance speed vs thoroughness:
reviews:
context_depth: medium # quick | medium | deep
max_files: 50
include_dependencies: true4. Use Labels
Trigger specific reviews with labels:
mesrai:security- Security-focused reviewmesrai:performance- Performance analysismesrai:skip- Skip automatic review
Advanced Features
Custom Rules
Define team-specific rules:
rules:
- name: No console.log
pattern: "console\\.log"
severity: warning
message: "Remove console.log before merging"
- name: TODO comments
pattern: "TODO:"
severity: info
message: "Create a GitHub issue for this TODO"Review Templates
Create consistent review formats:
templates:
default:
sections:
- summary
- security
- performance
- suggestions
security_focused:
sections:
- security
- vulnerabilities
- best_practicesMetrics & Analytics
Track review effectiveness:
- Review Coverage: % of PRs reviewed
- Issue Detection: Critical bugs caught
- Time Savings: Hours saved on manual review
- Code Quality Trends: Quality improvements over time
Webhook Events
Mesrai listens to these GitHub webhooks:
pull_request(opened, synchronize, reopened)pull_request_review(submitted, edited)pull_request_review_comment(created)push(to protected branches)issue_comment(for manual triggers)
Rate Limits
GitHub API rate limits:
- Authenticated: 5,000 requests/hour
- GitHub App: 15,000 requests/hour (Mesrai uses this)
- Webhooks: No rate limit
Mesrai optimizes API usage to stay within limits.
Troubleshooting
Reviews Not Triggering
- Check webhook deliveries in repo settings
- Verify repository is in app installation
- Confirm
.mesrai.ymlis valid YAML - Check Status Page
Permission Issues
- Reinstall GitHub App with required permissions
- Verify organization allows third-party apps
- Check if repo is in private mode
Slow Reviews
- Reduce
max_filesin configuration - Use
--quickmode for faster results - Check if repo has very large files
Security & Privacy
Mesrai takes security seriously:
- Code Privacy: Your code never leaves our secure servers
- Encrypted Transfer: All data encrypted in transit (TLS 1.3)
- No Storage: Code is analyzed in memory only
- SOC 2 Certified: Annual compliance audits
- GDPR Compliant: EU data protection standards
Migration Guide
From Other Tools
Migrating from other code review tools:
From CodeRabbit
- Uninstall CodeRabbit GitHub App
- Install Mesrai GitHub App
- Copy configuration to
.mesrai.yml - Test on a sample PR
From GitHub Copilot Reviews
- Keep Copilot for code completion
- Add Mesrai for PR reviews
- Both tools work together seamlessly
Next Steps
Support
Need help with GitHub integration?