If GitHub themselves have a native code review bot, why not just use it?

Alex Ellis

Alex Ellis built a self-hosted AI code review bot as an alternative to GitHub Copilot's native PR review feature. The bot uses Firecracker microVMs (via SlicerVM) to safely isolate code execution, clones the PR code into a short-lived VM, runs the opencode CLI against an LLM (e.g., Grok Coder Fast 1), and posts the review as a PR comment. Key design decisions include security hardening against prompt injection and RCE, an ACL system for controlling which repos and contributors trigger reviews, and customizable prompts tuned per project. The author found GitHub Copilot's reviews superficial compared to opencode-powered alternatives. The self-hosted approach avoids SaaS constraints like timeouts and repo size limits, and can work across GitHub, GitLab, and Bitbucket. A Go SDK for SlicerVM's REST API is planned.

I wrote a replacement for GitHub's code review bot