██████╗ ██████╗ ██████╗ ███████╗ ██████╗ ███████╗██╗ ██╗██╗███████╗██╗ ██╗
██╔════╝██╔═══██╗██╔══██╗██╔════╝ ██╔══██╗██╔════╝██║ ██║██║██╔════╝██║ ██║
██║ ██║ ██║██║ ██║█████╗ ██████╔╝█████╗ ██║ ██║██║█████╗ ██║ █╗ ██║
██║ ██║ ██║██║ ██║██╔══╝ ██╔══██╗██╔══╝ ╚██╗ ██╔╝██║██╔══╝ ██║███╗██║
╚██████╗╚██████╔╝██████╔╝███████╗ ██║ ██║███████╗ ╚████╔╝ ██║███████╗╚███╔███╔╝
╚═════╝ ╚═════╝ ╚═════╝ ╚══════╝ ╚═╝ ╚═╝╚══════╝ ╚═══╝ ╚═╝╚══════╝ ╚══╝╚══╝
🚀 Try the Live API · ⚙️ Run Locally · ☁️ Deploy to GCP · 📖 API Docs
Built with: Google ADK · Gemini 2.0 Flash · FastAPI · Cloud Run · Secret Manager · Docker
Paste any code snippet. Get back a structured, actionable review — bugs, security holes, improvements, and a quality score — powered by Gemini 2.0 Flash via Google's Agent Development Kit (ADK).
You paste this: You get back this:
────────────────────────────── ──────────────────────────────────────────────
def divide(a, b): → ❌ Bug (critical): ZeroDivisionError on b=0
return a / b 🔐 Security: None found
💡 Suggestion: Add type hints
result = divide(10, 0) ✅ Positive: Single-purpose function
⭐ Score: 3 / 10
No IDE plugin. No GitHub integration. Just a clean REST API — call it from anywhere.
┌──────────────────────────────┐
│ POST /review │
│ { "code": "...", │
│ "language": "python" } │
└──────────────┬───────────────┘
│
┌──────────────▼───────────────┐
│ FastAPI │ main.py
│ (request validation) │
└──────────────┬───────────────┘
│
┌──────────────▼───────────────┐
│ ADK Runner │ per-request ephemeral session
│ (InMemorySessionService) │
└──────────────┬───────────────┘
│
┌──────────────▼───────────────┐
│ root_agent │ agent/agent.py
│ model: gemini-2.0-flash │
│ + structured JSON prompt │
└──────────────┬───────────────┘
│
┌──────────────▼───────────────┐
│ Gemini API │
│ (key via Secret Manager) │
└──────────────┬───────────────┘
│
┌──────────────▼───────────────┐
│ Structured JSON Report │
│ bugs · security · score · + │
└──────────────────────────────┘
| Service | Role |
|---|---|
| Cloud Run | Serverless container — scales to zero, 0–10 instances |
| Artifact Registry | Stores the Docker image |
| Secret Manager | Gemini API key — never in env vars or logs |
| Cloud Build | Optional CI/CD pipeline |
code-review-agent/
│
├── 📂 agent/
│ ├── __init__.py
│ └── agent.py ← ADK Agent definition (model + system instruction)
│
├── main.py ← FastAPI server + ADK Runner wiring
├── requirements.txt ← All dependencies pinned
├── Dockerfile ← linux/amd64 production image
├── deploy.sh ← One-command GCP deployment script
└── README.md
# 1 — Clone and create virtual environment
git clone https://github.com/Aadithyaar22/code-review-agent.git
cd code-review-agent
python -m venv .venv && source .venv/bin/activate
# 2 — Install dependencies
pip install -r requirements.txt
# 3 — Set your Gemini API key → https://aistudio.google.com/app/apikey
export GOOGLE_API_KEY=your-key-here
# 4 — Start the server
python main.pyServer runs at http://localhost:8080 · Swagger UI at http://localhost:8080/docs
# Health check
curl http://localhost:8080/health
# Review a snippet with a classic division-by-zero bug
curl -X POST http://localhost:8080/review \
-H "Content-Type: application/json" \
-d '{
"code": "def divide(a, b):\n return a / b\n\nresult = divide(10, 0)",
"language": "python"
}'What comes back:
{
"session_id": "3f8a1b2c-...",
"review": {
"language": "python",
"overall_score": 3,
"summary": "The function performs division without guarding against division by zero, causing a crash on the very next line.",
"bugs": [
{
"line": "2",
"severity": "critical",
"description": "No guard against b=0 — raises ZeroDivisionError at runtime.",
"fix": "Add `if b == 0: raise ValueError('Divisor cannot be zero')` before the return."
}
],
"security_issues": [],
"suggestions": [
{
"category": "readability",
"description": "Add type hints to parameters and return value.",
"example": "def divide(a: float, b: float) -> float:"
}
],
"positives": ["Function is concise and single-purpose."]
}
}| Tool | How to get it |
|---|---|
gcloud CLI |
cloud.google.com/sdk |
| Docker | docs.docker.com |
| GCP project | gcloud projects create <id> or use existing |
| Gemini API key | aistudio.google.com |
chmod +x deploy.sh
export GCP_PROJECT_ID=your-project-id
export GOOGLE_API_KEY=your-gemini-key
./deploy.shStep 1 → Enables Cloud Run, Artifact Registry, Secret Manager, Cloud Build APIs
Step 2 → Stores Gemini key in Secret Manager (never exposed in logs or env vars)
Step 3 → Grants Cloud Run service account secretAccessor permission
Step 4 → Builds linux/amd64 Docker image + pushes to Artifact Registry
Step 5 → Deploys to Cloud Run (unauthenticated · 0–10 instances · 512 MB RAM)
Step 6 → Prints live URL + ready-to-use curl commands
BASE=https://code-review-agent-xxxx-uc.a.run.app # printed by deploy.sh
# Health
curl $BASE/health
# Review an SQL injection vulnerability
curl -X POST $BASE/review \
-H "Content-Type: application/json" \
-d '{"code": "SELECT * FROM users WHERE id = '\''\" + user_input + \"'\''", "language": "sql"}'
# Interactive Swagger UI
open $BASE/docs{ "status": "ok", "agent": "code_review_agent", "model": "gemini-2.0-flash" }Request body
{
"code": "string (required)",
"language": "string (optional — auto-detected if omitted)"
}Response schema
{
"session_id": "uuid",
"review": {
"language": "string",
"overall_score": "integer 1–10",
"summary": "string",
"bugs": [{
"line": "string",
"severity": "critical | high | medium | low",
"description": "string",
"fix": "string"
}],
"security_issues": [{
"line": "string",
"severity": "string",
"description": "string",
"fix": "string"
}],
"suggestions": [{
"category": "readability | performance | maintainability",
"description": "string",
"example": "string | null"
}],
"positives": ["string"]
}
}Error codes
| Code | When |
|---|---|
400 |
code field is missing or empty |
500 |
Gemini returned empty or malformed response |
| Variable | In production | In local dev | What it does |
|---|---|---|---|
GOOGLE_API_KEY |
Secret Manager | export in terminal |
Authenticates with Gemini API |
PORT |
Set by Cloud Run | Defaults to 8080 |
HTTP port the server listens on |
AI Agent Framework Google ADK (Agent Development Kit)
LLM Gemini 2.0 Flash
API Server FastAPI + Uvicorn
Containerisation Docker (linux/amd64)
Cloud Hosting Google Cloud Run (serverless)
Image Registry Google Artifact Registry
Secret Management Google Secret Manager
| Current limitation | Planned improvement |
|---|---|
| Single-agent, single-turn | Multi-turn conversation for iterative review |
| No file upload support | Accept .py, .js, .ts files directly |
| Unauthenticated endpoint | Add API key auth or Google OAuth |
| No persistent history | Store reviews in Firestore per user |
| English output only | Multi-language review responses |
Built by Aadithya — CSE (AI & ML) undergrad who likes building things that actually work in production.
This project demonstrates end-to-end cloud-native AI engineering: agent design with Google ADK, structured LLM output, containerised deployment, and secrets management on GCP — the full stack, not just a notebook.
If this was useful, drop a ⭐ — it takes 2 seconds and means a lot
Deployed on Google Cloud Run · Powered by Gemini 2.0 Flash · Built by a human