> ## Documentation Index
> Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Code Review

> Inline code review with severity levels, suggested fixes, and steps of reproduction

## Overview

CodeAnt AI reviews every pull request by posting inline comments directly on the lines of code that need attention. Each comment is structured to give you everything you need to understand, verify, and fix the issue — without switching context.

## What a Review Comment Looks Like

Every inline comment from CodeAnt AI includes four parts:

### 1. Issue Description

A clear explanation of what the problem is and why it matters. The description categorizes the issue (e.g., `possible bug`, `logic error`, `concurrency bug`) so you can quickly understand the nature of the problem.

> **Example:** *"Markdown fence parsing is done before trimming whitespace, so responses like `\n```json ...` fail JSON parsing and get downgraded to default LOW results. Strip whitespace first, then remove fences."* `[possible bug]`

### 2. Severity Level

Each issue is classified by severity so you can prioritize your fixes:

| Severity     | Meaning                                                                                     |
| ------------ | ------------------------------------------------------------------------------------------- |
| **Critical** | Must fix before merging. Can cause data loss, security vulnerabilities, or system failures. |
| **High**     | Should fix. Impacts functionality or reliability.                                           |
| **Medium**   | Recommended fix. Code quality or maintainability concern.                                   |
| **Low**      | Optional. Style or minor improvement suggestion.                                            |

### 3. Suggested Fix

A ready-to-use code snippet that resolves the issue. You have two ways to apply it:

* **Apply Suggestion** — click **Commit suggestion** directly on the review comment to commit the fix.
* **Prompt for AI Agent** — expand the **Prompt for AI Agent** section on the review comment to get a ready-made prompt with the full context of the issue, the fix, and the steps of reproduction. Copy it and paste it into your AI coding agent (Cursor, Copilot, Claude Code) and let it apply the fix with full awareness of your codebase.

<img src="https://mintcdn.com/codeantai/q1mptv9VxSkpnEvR/images/pull_request/features/code_review/prompt_for_ai_agent.png?fit=max&auto=format&n=q1mptv9VxSkpnEvR&q=85&s=f094d490573784cc74608d1d7a453989" alt="Prompt for AI Agent" width="877" height="696" data-path="images/pull_request/features/code_review/prompt_for_ai_agent.png" />

### 4. Steps of Reproduction

This is the key differentiator. Each review comment includes detailed, numbered steps showing **exactly how to trigger the issue** — with file paths and line numbers.

<Accordion title="Example: Steps of Reproduction">
  For a bug where unscored secrets get incorrectly marked as false positives:

  1. Call `POST /analysis/secrets/run`, which creates `Advanced_Analysis(feature="secrets")` and executes `run()`.
  2. In detection flow, entropy findings are capped by `collect_entropy_secrets(..., max_tasks=500)` so only the first 500 entropy items are AI-scored.
  3. Remaining entropy findings keep `confidence_score=None` because `_process_confidence_scoring(tasks)` only mutates selected tasks, then `mark_false_positives()` converts all `None` to `FALSE_POSITIVE`.
  4. Downstream components explicitly drop `FALSE_POSITIVE`, so unscored secrets disappear from outputs.
</Accordion>

Steps of reproduction allow developers to:

* **Verify the issue exists** by following the exact execution path
* **Understand the root cause** through the chain of function calls
* **Test their fix** by replaying the same scenario
* **Communicate with teammates** using a shared, precise reference

## Impact Analysis

Alongside the steps of reproduction, each critical or high severity comment includes an impact analysis — a bullet list of downstream consequences if the issue is left unfixed.

> **Example impact analysis:**
>
> * Entropy secrets downgraded to `FALSE_POSITIVE` after parse miss.
> * Confidence scoring reliability drops on fenced AI output.
> * CI quality-gate scans may block on one file.

## How to Respond to Reviews

You can interact with any review comment:

| Action                        | How                                                                                                                              |
| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------------- |
| **Accept the suggestion**     | Apply the fix and push a new commit                                                                                              |
| **Dismiss the suggestion**    | Reply to the comment explaining your reasoning (e.g., `@codeant-ai: Do not suggest this as I am fine with the current behavior`) |
| **Ask for clarification**     | Reply with `@codeant-ai: <your question>` to start a [chat](/pull_request/features/chat)                                         |
| **Retrigger the full review** | Comment `@codeant-ai: review` on the PR                                                                                          |

## Quality Gate Integration

Review findings feed into the [Quality Gate](/pull_request/quality_gates/setup) results. After the review, a summary comment is posted with pass/fail status for:

| Quality Gate       | What It Checks                                         |
| ------------------ | ------------------------------------------------------ |
| **Secrets**        | Hardcoded secrets and credentials in your code         |
| **Duplicate Code** | Percentage of duplicated lines                         |
| **SAST**           | Static application security testing issues by severity |
| **Coverage**       | Code coverage on new and total lines                   |