An AI-powered code review platform that provides instant feedback on security vulnerabilities, performance issues, and best practices. Built with Next.js 15, TypeScript, and Google Gemini AI.
- AI-Powered Analysis: Get instant code reviews using Google Gemini 1.5 Flash (FREE)
- Multi-Language Support: JavaScript, TypeScript, Python, Java, Go, Rust, C++, C#, PHP, and Ruby
- Security Scanning: Detect SQL injection, XSS, authentication issues, and more
- Performance Optimization: Identify inefficient algorithms and bottlenecks
- Code Editor: Monaco editor with syntax highlighting
- Review History: Track all your past reviews
- Rate Limiting: Free tier (5 reviews/day) with production-ready limits
- Authentication: Secure auth with Clerk
- Database: PostgreSQL with Supabase
- Framework: Next.js 15 (App Router)
- Language: TypeScript
- Styling: Tailwind CSS
- AI: Google Gemini API (FREE)
- Authentication: Clerk
- Database: Supabase (PostgreSQL)
- Code Editor: Monaco Editor
- Validation: Zod
- Package Manager: pnpm
- Node.js 18+ installed
- pnpm installed (
npm install -g pnpm) - Accounts created for:
- Clerk - Authentication
- Supabase - Database
- Google AI Studio - FREE AI API
cd code-review-ai
pnpm installCopy .env.example to .env.local and fill in your credentials:
cp .env.example .env.localRequired environment variables:
# Clerk Authentication
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=pk_test_...
CLERK_SECRET_KEY=sk_test_...
# Supabase
NEXT_PUBLIC_SUPABASE_URL=https://your-project.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJhbG...
SUPABASE_SERVICE_ROLE_KEY=eyJhbG...
# Google Gemini AI (FREE)
GEMINI_API_KEY=AIza...- Go to your Supabase project
- Navigate to SQL Editor
- Run the schema from
supabase/schema.sql
- Go to Clerk Dashboard
- Create a new application
- Copy the API keys to
.env.local - In Clerk settings, set redirect URLs:
- Sign-in URL:
/sign-in - Sign-up URL:
/sign-up - After sign-in:
/review - After sign-up:
/review
- Sign-in URL:
- Go to Google AI Studio
- Sign in with your Google account
- Click "Create API key in new project"
- Copy your API key
- Add to
.env.local
See GEMINI_SETUP.md for detailed instructions.
pnpm devOpen http://localhost:3000 in your browser.
code-review-ai/
├── src/
│ ├── app/ # Next.js app router
│ │ ├── api/ # API routes
│ │ │ ├── review/ # Code review endpoint
│ │ │ └── reviews/ # Review history endpoint
│ │ ├── dashboard/ # Review history page
│ │ ├── review/ # Main review page
│ │ ├── sign-in/ # Auth pages
│ │ ├── sign-up/
│ │ ├── layout.tsx # Root layout
│ │ └── page.tsx # Landing page
│ ├── components/
│ │ ├── features/ # Feature components
│ │ │ ├── code-editor.tsx
│ │ │ ├── issue-card.tsx
│ │ │ └── language-selector.tsx
│ │ └── ui/ # Reusable UI components
│ ├── lib/ # Utilities and services
│ │ ├── ai-service.ts # Google Gemini AI integration
│ │ ├── rate-limit.ts # Rate limiting logic
│ │ └── supabase.ts # Supabase client
│ ├── types/ # TypeScript types
│ │ └── index.ts
│ └── middleware.ts # Clerk middleware
├── supabase/
│ └── schema.sql # Database schema
├── .env.local # Environment variables
├── .env.example # Environment template
├── .prettierrc # Prettier config
└── package.json
pnpm dev- Start development serverpnpm build- Build for productionpnpm start- Start production serverpnpm lint- Run ESLintpnpm format- Format code with Prettierpnpm type-check- Check TypeScript types
The AI service (src/lib/ai-service.ts) uses Google Gemini to analyze code and returns:
- Security vulnerabilities
- Performance issues
- Style problems
- Potential bugs
- Best practice suggestions
Each issue includes:
- Type and severity
- Description and location
- Actionable suggestions
- Before/after code examples
Production-grade rate limiting in src/lib/rate-limit.ts:
- Free tier: 5 reviews per day
- Pro tier: 100 reviews per day (ready for implementation)
- Automatic daily reset
- Per-user tracking
PostgreSQL with Row Level Security:
userstable - User profiles and tier informationcode_reviewstable - Review history with JSONB issues- Indexes for performance
- RLS policies for security
- Automatic timestamp updates
- Push code to GitHub
- Go to Vercel
- Import your repository
- Add environment variables
- Deploy
Add all variables from .env.local to Vercel:
- Clerk keys
- Supabase keys
- Google Gemini API key
- Rate limit settings
- ✅ Row Level Security in Supabase
- ✅ API route authentication
- ✅ Input validation with Zod
- ✅ Rate limiting per user
- ✅ Secure environment variables
- ✅ Database indexes
- ✅ Efficient queries
- ✅ Monaco editor lazy loading
- ✅ API response caching ready
- ✅ Serverless API routes
- ✅ PostgreSQL database
- ✅ Rate limiting infrastructure
- ✅ Horizontal scaling ready
- GitHub integration for PR reviews
- CI/CD pipeline integration
- Team accounts
- Custom review rules
- VSCode extension
- Batch file reviews
- Analytics dashboard
- Payment integration (Stripe)
This is a portfolio project. Feel free to fork and customize for your own use.
MIT
Built as a portfolio project to demonstrate full-stack development skills with modern technologies.
Tech Stack Highlights: Next.js 15, TypeScript, Tailwind CSS, Clerk Auth, Supabase, Google Gemini AI (FREE), Monaco Editor, Zod Validation