GitLab MR Code Review

Polling-based automated code review for GitLab MRs.

Architecture

Cron (*/2 * * * *) → gitlab-api.js list-mrs → skip reviewed → fetch diff → AI review → post comments/note

• No webhook server — pure polling
• Reviewed MRs tracked in {baseDir}/mr-reviewed.json

Setup

1. Create {baseDir}/.env with your GitLab credentials:

```

GITLAB_URL=https://gitlab.example.com

GITLAB_TOKEN=glpat-xxxxxxxxxxxxxxxxxxxx

```

The script auto-loads this file. Environment variables take precedence (won't be overwritten if already set).

1. Test: node {baseDir}/scripts/gitlab-api.js get-version
2. Install cron worker — see references/cron-setup.md for the full command

API Script Reference

node {baseDir}/scripts/gitlab-api.js get-version                              # Test connection
node {baseDir}/scripts/gitlab-api.js list-mrs                                 # List open MRs
node {baseDir}/scripts/gitlab-api.js list-mrs --project <project_path>        # Filter by project
node {baseDir}/scripts/gitlab-api.js get-changes <project_id> <mr_iid>        # Fetch MR diff
node {baseDir}/scripts/gitlab-api.js get-file <project_id> <branch> <path>    # Fetch file content
node {baseDir}/scripts/gitlab-api.js post-comment --file <json> <pid> <iid>   # Inline comment (use --file!)
node {baseDir}/scripts/gitlab-api.js post-note <project_id> <mr_iid> '<text>' # Summary note

post-comment JSON format

{
  "body": "**[Critical]** sql_injection\n\nRaw query with user input.",
  "position": {
    "base_sha": "abc123",
    "start_sha": "def456",
    "head_sha": "ghi789",
    "new_path": "src/db.js",
    "new_line": 42
  }
}

base_sha/start_sha/head_sha come from get-changes output's diff_refs.

Review Rules

• Default: references/review-guidelines.md — severity levels, output format, what to skip
• Per-project: Place .gitlab-review-prompt.md in the repo root; the worker auto-fetches it via get-file

Troubleshooting