astrai-code-review

# Astrai Code Review

AI-powered code review with intelligent model routing.
Complex logic goes to powerful models. Formatting and style goes to fast, cheap ones. You save 40%+ without sacrificing quality.

## What it does

- **Smart routing for reviews**: Astrai analyzes the diff complexity and routes to the optimal model. A gnarly concurrency bug gets Opus. A missing semicolon gets Haiku. You only pay for the intelligence you need.
- **Structured output**: Every review returns typed issues with file, line number, severity (critical/warning/info), message, and a concrete suggestion.
- **Strictness modes**: Standard catches bugs and logic errors. Strict adds style and best-practice checks. Security mode focuses on vulnerabilities, injection, auth, and data exposure.
- **BYOK (Bring Your Own Keys)**: Your provider API keys stay with you. Astrai decides which model to use, then calls the provider using YOUR key. You pay providers directly.
- **Cost tracking**: Every review response includes the cost and how much you saved vs always using the most expensive model.
- **Local-only mode**: If you only set `ASTRAI_API_KEY` without provider keys, Astrai uses its own hosted models. Still routed intelligently, still cheap.

## Setup

1. Get a free API key at [as-trai.com](https://as-trai.com)
2. Set `ASTRAI_API_KEY` in your environment or skill config
3. Optionally add provider API keys for BYOK routing (e.g. `ANTHROPIC_API_KEY`, `OPENAI_API_KEY`)
4. Run `/review` on any diff or PR

## Usage

```
/review                     Review the current diff (staged changes)
/review --strict            Strict mode: bugs + style + best practices
/review --focus security    Security-focused review (vulns, injection, auth)
/review --file src/auth.py  Review a specific file
```

### Examples

**Basic review of staged changes:**
```
/review
```
Returns issues found in the current diff with severity levels and suggestions.

**Strict review for a PR:**
```
/review --strict
```
Catches not just bugs but also style violations, naming issues, and missed best practices.

**Security audit:**
```
/review --focus security
```
Focuses on SQL injection, XSS, auth bypass, hardcoded secrets, insecure deserialization, and other vulnerability classes.

## Environment Variables

| Variable | Required | Description | Default |
|---|---|---|---|
| `ASTRAI_API_KEY` | Yes | Your API key from as-trai.com | -- |
| `ANTHROPIC_API_KEY` | No | Anthropic key for BYOK routing | -- |
| `OPENAI_API_KEY` | No | OpenAI key for BYOK routing | -- |
| `GOOGLE_API_KEY` | No | Google key for BYOK routing | -- |
| `DEEPSEEK_API_KEY` | No | DeepSeek key for BYOK routing | -- |
| `MISTRAL_API_KEY` | No | Mistral key for BYOK routing | -- |
| `GROQ_API_KEY` | No | Groq key for BYOK routing | -- |
| `TOGETHER_API_KEY` | No | Together key for BYOK routing | -- |
| `FIREWORKS_API_KEY` | No | Fireworks key for BYOK routing | -- |
| `COHERE_API_KEY` | No | Cohere key for BYOK routing | -- |
| `PERPLEXITY_API_KEY` | No | Perplexity key for BYOK routing | -- |
| `REVIEW_STRICTNESS` | No | standard, strict, or security | standard |

## External Endpoints

| Endpoint | Purpose | Data Sent |
|---|---|---|
| `https://as-trai.com/v1/chat/completions` | Code review inference via intelligent routing | Diff content, file context, review instructions |

## Security & Privacy

- All requests authenticated via API key in the Authorization header
- Diffs are sent to the Astrai routing API, which forwards to the selected provider
- In BYOK mode, provider keys are sent via encrypted header (`X-Astrai-Provider-Keys`) and never stored
- No diffs, code, or review results are retained by Astrai after the request completes
- Source code is fully open: [github.com/beee003/astrai-openclaw](https://github.com/beee003/astrai-openclaw)

## Model Invocation

This skill sends code diffs to the Astrai routing API. The router classifies the review complexity and selects the best model:

- **High complexity** (concurrency, security, architecture): Routes to Claude Opus, GPT-4o, or Gemini Pro
- **Medium complexity** (logic errors, missing edge cases): Routes to Claude Sonnet, GPT-4o-mini, or Gemini Flash
- **Low complexity** (formatting, typos, naming): Routes to Claude Haiku, GPT-4o-mini, or Gemini Flash

Your prompts are processed by third-party LLM providers according to the routing decision. In BYOK mode, calls are made using your own provider API keys.

## Pricing

Same as Astrai platform pricing:

- **Free**: 1,000 requests/day, smart routing, all strictness modes
- **Pro** ($49/mo): Unlimited requests, priority routing, analytics dashboard
- **Business** ($199/mo): Team dashboards, compliance exports, SLA guarantee