CodeRabbit reviews your PR. CodePulse reviews your habits.
Install once on GitHub, pick your repos, and open a pull request. CodePulse reviews the diff inline like a senior engineer would — pinned to exact lines, with severity labels — then stores every finding against the developer who wrote it.
Each Sunday, developers who opt in receive a personalized email digest summarizing their recurring issue categories from the past week.
| 🤖 Automatic PR reviews | Triggered on opened, synchronize, and reopened. Inline comments on exact lines with Critical / High / Medium / Low severity. |
| 🧠 Two-pass AI analysis | File triage first, then chunked deep review. Groq + Llama 3.3 70B with structured tool-calling returns typed JSON per issue. |
| 📊 Per-developer issue tracking | Every finding is stored per developer, repo, and PR in Neon — powers dashboard charts and digests. |
| 📬 Weekly digest emails | Opt-in via the dashboard. Aggregated by category, sent through Resend. Triggered by GitHub Actions every Sunday 09:00 UTC. |
| 📈 Team dashboard | Org-wide metrics: open PRs, critical findings, PR volume vs reviews (all connected repos combined). |
| 📂 Per-repository view | Severity over time, health score, PR list, and top files — one repo at a time with a repo selector when multiple are connected. |
| 🔒 Multi-tenant isolation | Scoped per GitHub App installation — each org's data is fully isolated. |
| 🛡️ Signed webhooks | HMAC-SHA256 verification on every event. Lockfiles, minified assets, and generated files are skipped automatically. |
┌──────────────────────────────┐
│ GitHub PR opened │
└──────────────┬───────────────┘
│
▼
┌──────────────────────────────┐
│ Webhook (HMAC-SHA256 ✓) │
└──────────────┬───────────────┘
│
▼
┌──────────────────────────────┐
│ Express · Fetch diff │
│ Parse unified diff format │
└──────────────┬───────────────┘
│
▼
┌──────────────────────────────┐
│ Groq · Llama 3.3 70B │
│ Structured tool-calling │
│ → typed JSON per issue │
└──────────────┬───────────────┘
│
┌───────────────────┴───────────────────┐
▼ ▼
┌──────────────────────────┐ ┌──────────────────────────┐
│ GitHub REST API │ │ PostgreSQL (Neon) │
│ Inline review comments │ │ Org · repo · dev · PR │
└──────────────────────────┘ └──────────────┬───────────┘
│
▼
┌──────────────────────────┐
│ GitHub Actions (Sunday) │
│ POST /digest/trigger │
└──────────────┬───────────┘
│
▼
┌──────────────────────────┐
│ Aggregate issues (7d) │
│ → HTML email (Resend) │
│ (opt-in users only) │
└──────────────────────────┘
Webhooks hit the API on Azure directly. The Vercel frontend proxies /api/v1/* to the backend so session cookies stay same-origin.
|
Backend
|
Frontend
|
Infrastructure
|
| View | Scope |
|---|---|
Dashboard (/dashboard) |
All repos under your GitHub App installation — combined stats and charts |
Repositories (/repos/{owner}/{repo}) |
Single repo only — use the Repository dropdown to switch between connected repos |
| Developers | Per-developer issue trends across all repos (28-day window) |
Weekly digest (/digest) |
Email preview + Get weekly email opt-in toggle |
- Node.js 18+
- PostgreSQL — Neon free tier works great
- GitHub App + OAuth App — setup docs
- Groq API key — console.groq.com
- Resend API key — resend.com (for weekly digests)
git clone https://github.com/ahmadmustafa02/CodePulse
cd CodePulse
cd server && npm install
cd ../web && npm installcd server
cp .env.example .env
# Fill in your values (see env vars table below)
npx prisma migrate deploy
npm run devAPI runs at
http://localhost:3001
cd web
cp .env.example .env.local
npm run devDashboard runs at
http://localhost:8080
| Local | Production | |
|---|---|---|
| OAuth callback | http://localhost:3001/api/v1/auth/github/callback |
https://getcodepulse.vercel.app/api/v1/auth/github/callback (via Vercel proxy) or your API host |
| Webhook URL | ngrok → /api/v1/webhooks/github |
https://your-api-host/api/v1/webhooks/github |
| Webhook events | Pull request | Pull request |
Minimum GitHub App permissions
| Permission | Access |
|---|---|
| Repository metadata | Read |
| Contents | Read |
| Pull requests | Read & write |
- Sign in with GitHub at
http://localhost:8080 - Install the GitHub App on a test repository
- Confirm repos appear under Connected repositories on the dashboard
- Open a PR with a real code change (not just lockfiles)
- Watch for inline review comments within 1–3 minutes
- Refresh the dashboard — the PR appears under Recent reviews
💡 Debugging: GitHub → App → Advanced → Recent Deliveries — confirm
202responses.
- Set server env:
RESEND_API_KEY,DIGEST_FROM_EMAIL,DIGEST_CRON_SECRET - Add GitHub repo secrets:
CODEPULSE_API_URL— Azure API base URL, no trailing slash (e.g.https://thecodepulse.azurewebsites.net)DIGEST_CRON_SECRET— same value as server
- Workflow
.github/workflows/weekly-digest.ymlruns Sundays 09:00 UTC (manual trigger available) - Users enable email on Weekly digest page (
/digest) — must be signed in so CodePulse has their GitHub email
Manual trigger (local or debug):
curl -X POST https://your-api-host/api/v1/digest/trigger \
-H "Content-Type: application/json" \
-H "x-digest-secret: YOUR_DIGEST_CRON_SECRET" \
-d "{}"Server · server/.env
| Variable | Description |
|---|---|
DATABASE_URL |
Neon / PostgreSQL connection string |
GITHUB_APP_ID |
GitHub App ID |
GITHUB_PRIVATE_KEY |
App private key (PEM, \n escaped) |
GITHUB_WEBHOOK_SECRET |
Webhook secret (min 20 chars) |
GITHUB_OAUTH_CLIENT_ID |
OAuth App client ID |
GITHUB_OAUTH_CLIENT_SECRET |
OAuth App client secret |
GITHUB_OAUTH_CALLBACK_URL |
Must match OAuth app settings exactly |
GROQ_API_KEY |
Groq API key |
AUTH_SECRET |
Session JWT signing secret (min 32 chars) |
WEB_APP_URL |
Frontend origin for CORS and redirects (http://localhost:8080 locally) |
RESEND_API_KEY |
Resend API key |
DIGEST_FROM_EMAIL |
Sender address for digest emails |
DIGEST_CRON_SECRET |
Protects POST /api/v1/digest/trigger (min 20 chars) |
Web · web/.env.local
| Variable | Description |
|---|---|
VITE_API_URL |
API base URL locally (http://localhost:3001/api/v1). Leave unset in production — app uses same-origin /api/v1 via Vercel rewrites. |
GitHub Actions · repository secrets
| Secret | Description |
|---|---|
CODEPULSE_API_URL |
Production API host (no trailing slash) |
DIGEST_CRON_SECRET |
Same as server DIGEST_CRON_SECRET |
# ── Server ────────────────────────────────
npm run dev # nodemon + ts-node
npm run build # compile TypeScript
npm run start # node dist/index.js
npm run lint
npm run typecheck
# ── Web ───────────────────────────────────
npm run dev # Vite dev server (port 8080)
npm run build # production build
npm run lint| Layer | Host |
|---|---|
| Frontend | Vercel |
| API | Azure App Service |
| Database | Neon PostgreSQL |
| Weekly digest cron | GitHub Actions (weekly-digest.yml) |
⚠️ Webhooks must point to the API host directly — never the Vercel frontend URL.
Not another noisy bot.
⭐ If CodePulse is useful to you, star the repo — it helps a lot.