Feature Proposal: AI-Powered Code Review for GitLab CLI

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Summary

Add a new command to the GitLab CLI (glab) that uses GitLab Duo to provide AI-powered code review feedback on local changes before opening a merge request. This feature will help developers catch issues early in their development workflow by analyzing their code changes and providing suggestions similar to the existing Duo Code Review feature in merge requests.

Problem Statement

Currently, developers can only access AI-powered code review feedback after opening a merge request by assigning @GitLabDuo as a reviewer. This means potential issues, bugs, or improvements are only discovered later in the development process. Having the ability to get AI feedback on local changes would allow developers to:

• Catch issues earlier in the development cycle
• Improve code quality before creating merge requests
• Reduce review cycles and merge request iterations
• Get immediate feedback during development

Proposed Solution

Introduce a new command that leverages GitLab Duo to analyze local code changes and provide review feedback:

• glab duo review - Generate review feedback based on current changes

The command would support flags for different review scopes:

• --staged / -s - Review only staged changes (git diff --cached)
• Default behavior: Review all current changes (git diff)

How It Works

1. User makes changes to their code
2. User runs glab duo review
3. The CLI:
   • Verifies the user has GitLab Duo access
   • Captures the current diff (git diff or git diff --cached if --staged flag is used)
   • Filters files according to .gitignore rules
   • Sends the diff to the Rails API
   • Rails API communicates with the AI Gateway (reusing existing Duo Code Review prompts)
   • Receives the review feedback
   • Displays the feedback in the terminal
4. User can review suggestions and make changes accordingly

Technical Implementation

Architecture

sequenceDiagram
    participant User
    participant glab CLI
    participant Rails API
    participant AI Gateway
    participant LLM Provider

    User->>glab CLI: glab duo review
    glab CLI->>glab CLI: Check git repository
    glab CLI->>glab CLI: Get current diff
    glab CLI->>glab CLI: Filter files (.gitignore)
    glab CLI->>Rails API: Send diff for review
    Rails API->>Rails API: Verify GitLab Duo access
    Rails API->>AI Gateway: Forward request
    AI Gateway->>AI Gateway: Use existing Code Review prompt
    AI Gateway->>LLM Provider: Generate review feedback
    LLM Provider->>AI Gateway: Return feedback
    AI Gateway->>Rails API: Return processed feedback
    Rails API->>glab CLI: Return review suggestions
    glab CLI->>glab CLI: Display feedback to user

Note: All AI-related logic (prompt selection, model version, provider choice) is handled by the AI Gateway, reusing the existing Duo Code Review prompts to maintain consistency with the MR review experience.

Authentication

• Uses existing glab authentication mechanism
• Rails API validates user's GitLab Duo access permissions

API Contract

Request:

{
  "diff": "<output of git diff or git diff --cached>",
  "project_id": 12345,
  "context": "local_review"
}

Response:

{
  "review_feedback": [
    {
      "file_path": "src/auth.go",
      "line_start": 42,
      "line_end": 45,
      "suggestion": "Consider using a more secure hashing algorithm",
      "severity": "medium",
      "category": "security"
    },
    {
      "file_path": "src/handlers.go",
      "line_start": 15,
      "line_end": 15,
      "suggestion": "This function could benefit from error handling",
      "severity": "low",
      "category": "best_practices"
    }
  ]
}

Or use a similar GraphQL endpoint that accepts the same input parameters and returns the generated review feedback.

Minimum Viable Change (MVC)

For the initial implementation, we should focus on:

1. Single command: glab duo review
2. Basic functionality:
   • Verify git repository presence
   • Check GitLab Duo access
   • Get current changes (all modified files)
   • Filter files using .gitignore rules
   • Send diff to API and receive response
   • Display feedback in terminal with clear formatting
3. Essential flag: --staged / -s for reviewing only staged changes
4. Error handling:
   • No changes to review
   • No GitLab Duo access
   • API errors/timeouts
   • Not in a git repository
   • Files too large for review

User Experience

# Review all current changes
$ glab duo review
Analyzing your code changes...

📁 src/auth.go
  Lines 42-45: Consider using a more secure hashing algorithm (Security)
  Line 67: Add input validation for user parameters (Best Practices)

📁 src/handlers.go
  Line 15: This function could benefit from error handling (Code Quality)
  Lines 28-32: Consider extracting this logic into a separate function (Maintainability)

✅ Review complete! Found 4 suggestions across 2 files.

# Review only staged changes
$ git add src/auth.go
$ glab duo review --staged
Analyzing your staged changes...

📁 src/auth.go
  Lines 42-45: Consider using a more secure hashing algorithm (Security)
  Line 67: Add input validation for user parameters (Best Practices)

✅ Review complete! Found 2 suggestions in staged files.

Success Criteria

• Users can get AI-powered code review feedback on local changes
• Generated feedback is similar in quality to Duo Code Review in merge requests
• Users can choose between reviewing all changes or only staged changes
• The feature respects GitLab Duo access permissions
• Clear error messages for common failure scenarios
• Feedback is presented in a readable, actionable format

Future Enhancements (Out of scope for MVC)

1. Interactive TUI: Using Go's Bubble Tea library to create an interactive terminal interface where users can:

   • Navigate through suggestions
   • Apply suggested changes directly
   • Accept/reject individual suggestions
   • Similar to tools like Claude Code or Gemini CLI

2. File-specific review: glab duo review <file_path> to review specific files

Implementation Considerations

• The CLI should not need to know about the LLM provider, prompts, or model versions
• All AI-related logic is handled by the AI Gateway service
• Reuse existing Duo Code Review prompts for consistency
• The feature should gracefully handle large diffs (consider size limits)
• Response time expectations should be set (AI generation may take a few seconds)
• File filtering should respect .gitignore rules to avoid reviewing files that won't be committed
• Consider rate limiting to prevent abuse

References

• GitLab CLI
• GitLab Duo Code Review
• GitLab AI Gateway
• Bubble Tea
• Claude Code
• Gemini CLI