Codebot can automatically respond to PR review comments by making code changes or answering questions.
Codebot can receive PR review comments via two methods:
- Webhooks (default): GitHub sends events directly to the server
- Polling: Server periodically checks PRs for new comments (for GitHub Enterprise environments where webhooks cannot reach the server)
Both methods:
- Receive PR review comments
- Classify them as queries or change requests
- Respond with answers or code changes
- Update PR descriptions after changes
Note: Webhooks and polling are mutually exclusive - use one or the other, not both.
export GITHUB_APP_ID="123456"
export GITHUB_APP_PRIVATE_KEY_PATH="./codebot-private-key.pem"
export GITHUB_APP_INSTALLATION_ID="789012"
export GITHUB_WEBHOOK_SECRET="your_webhook_secret"
codebot serve --port 5000For local testing, use a tool like ngrok:
ngrok http 5000This gives you a public URL like https://abc123.ngrok.io.
- Go to your repository Settings → Webhooks
- Click Add webhook
- Configure:
- Payload URL:
https://your-server.com/webhook - Content type:
application/json - Secret: Same as
GITHUB_WEBHOOK_SECRET - Events: Select individual events:
- ✅ Issue comments
- ✅ Pull request reviews
- ✅ Pull request review comments
- Payload URL:
- Click Add webhook
Check the health endpoint:
curl http://localhost:5000/healthResponse:
{
"status": "healthy",
"review_queue_size": 0
}When webhooks cannot reach your server (e.g., GitHub Enterprise behind firewall), use polling mode:
export GITHUB_APP_ID="123456"
export GITHUB_APP_PRIVATE_KEY_PATH="./codebot-private-key.pem"
export GITHUB_APP_INSTALLATION_ID="789012"
export CODEBOT_POLL_INTERVAL="300" # Optional: poll interval in seconds (default: 300)
codebot serve --port 5000 --enable-pollingNote: Do NOT set GITHUB_WEBHOOK_SECRET when using polling mode.
Set poll interval via environment variable or CLI option:
# Via environment variable
export CODEBOT_POLL_INTERVAL="600" # Poll every 10 minutes
# Via CLI option
codebot serve --enable-polling --poll-interval 600Default: 300 seconds (5 minutes)
- Polls PRs for tasks with
pending_reviewstatus - Only fetches comments created since last poll (uses GitHub API
sinceparameter) - Tracks processed comments to avoid duplicates
- Updates task status when PR is merged (
completed) or closed (rejected)
Important: Polling only checks PRs for tasks that are in pending_review status. Tasks transition to this status automatically after PR creation.
Tasks progress through these statuses:
pending→ Task queued, waiting to startrunning→ Task is being executedpending_review→ PR created, waiting for review/approvalcompleted→ PR merged successfullyrejected→ PR closed without mergefailed→ Task execution failed
Codebot handles three types of PR comments:
-
Inline code comments (
pull_request_review_comment)- Comments on specific lines of code
- Includes file, line, and diff context
-
Review summaries (
pull_request_review)- Overall review with approval/changes requested
- May include general feedback
-
General PR comments (
issue_comment)- Comments on the PR conversation
- Not tied to specific code
When a reviewer leaves a comment:
- Webhook Receives Event - GitHub sends webhook payload
- Signature Verification - Validates request authenticity
- Queue Comment - Adds to FIFO queue for processing
- Classify Comment - Uses Claude AI to determine intent:
- Query: Asking a question → Answer without code changes
- Change Request: Requesting changes → Make changes and commit
- Ambiguous: Unclear intent → Ask for clarification
- Process with Claude - Provides full context:
- PR title and description
- Files changed
- Comment location (file, line, diff)
- Previous comment thread
- Respond - Posts reply to GitHub
- Update PR (if changes made) - Refreshes PR description
Codebot uses Claude AI to intelligently classify comments:
Query/Question Examples:
- "Why did you choose this approach?"
- "What does this parameter do?"
- "How does this function work?"
Change Request Examples:
- "Please add error handling here"
- "This should use async/await"
- "Remove this console.log"
Ambiguous Examples:
- "This could be better"
- "Not sure about this"
- "Hmm..."
For ambiguous comments, codebot asks for clarification:
🤔 Could you clarify what you'd like me to do?
Please clarify if you'd like me to:
- Answer a question about the code
- Make specific changes to the code
When processing comments, Claude receives:
-
PR Information
- Title and description
- List of files changed
-
Comment Location (for inline comments)
- File path
- Line number
- Diff hunk (surrounding code)
-
Comment Thread
- Previous comments in the thread
- Full conversation history
-
Repository Context
- CLAUDE.md file (if present)
- Project conventions
This rich context allows Claude to provide accurate, contextual responses.
Codebot reuses workspaces for efficiency:
- First comment on a PR → Clone repository
- Subsequent comments → Reuse existing workspace
- Pull latest changes before processing
- Workspace identified by UUID in branch name
After making changes, codebot automatically updates the PR description:
- Uses Claude to analyze the full diff
- Generates a unified, cohesive description
- Focuses on what was built, not individual commits
- Simplifies file list (only shows names, omits if >5 files)
Example updated PR:
## 📋 Task Description
Add dark mode support to the application
## 🔨 Changes Made
Implemented a comprehensive dark mode feature with automatic theme detection...
## 📁 Files Changed
- `src/theme.ts`
- `src/components/ThemeToggle.tsx`
- `src/styles/dark.css`
---
*This PR was automatically generated by codebot 🤖*Codebot ignores its own comments to avoid infinite loops:
- Checks for signature:
Reply generated by codebot 🤖 - Filters out before processing
- Works with both PATs and GitHub Apps
Multiple review comments are processed sequentially:
- First In, First Out order
- Prevents conflicts between concurrent changes
- Ensures predictable processing
- Maintains stable workspace state
The GitHub token needs these permissions:
Classic Token:
- ✅
repo(full repository access)
Fine-Grained Token:
- ✅ Pull requests: Read and Write
- ✅ Contents: Read and Write
- ✅ Metadata: Read (automatic)
See Configuration Guide for details.
Enable auto-reload for development:
codebot serve --port 5000 --debugFeatures:
- Auto-restart on code changes
- Detailed error pages
- Verbose logging
Note: Never use --debug in production.
For webhook issues, signature verification problems, and comment processing errors, see the Troubleshooting Guide.
- Use webhook secrets - Always set
GITHUB_WEBHOOK_SECRET - Monitor queue size - Check
/healthendpoint regularly - Test locally first - Use ngrok for development
- Review logs - Monitor server output for issues
- Set up alerts - Monitor for failed webhook deliveries
See Codebot in action with these example pull requests:
- PR #3: Confetti Feature - Demonstrates how Codebot handles review comments, makes code changes, and updates PR descriptions based on feedback
- PR #4: Calculator Enhancement - Shows Codebot responding to questions about code implementation and providing detailed explanations
These PRs showcase:
- Initial task execution and PR creation
- Responding to review comments with code changes
- Answering questions about implementation details
- Automatic PR description updates after changes
- Comment thread management
- Configuration Guide - Environment variables and settings
- HTTP API Guide - Programmatic task submission
- Architecture - How codebot works internally