	In Browser
	StumbleUpon
	del.icio.us
	Google
	Google Buzz
	reddit
	LinkedIn

	Facebook
	Twitter
	Linkedin
	E-Mail

Generative AI > Google Gemini API > Code Review Agent

Code Review Agent

Author: Venkata Sudhakar

Code reviews are essential for maintaining quality in software teams, but they are time-consuming and inconsistent when done manually. A Code Review Agent acts as a senior developer that never gets tired - it checks every function for bugs, security issues, naming conventions, and performance anti-patterns, and delivers a structured review in seconds. For ShopMax India's engineering team, this means faster PR cycles and fewer production bugs.

This tutorial builds a Code Review Agent using Google ADK and Gemini 2.0 Flash. The agent analyses a Python code snippet, checks it against a set of rules, and generates a review report with severity-rated findings and suggested fixes.

The below example shows the Code Review Agent reviewing a Python function that handles customer payment processing.

from google.adk.agents import Agent
from google.adk.tools import FunctionTool
from google.adk.runners import Runner
from google.adk.sessions import InMemorySessionService
from google.genai.types import Content, Part
import ast

def analyse_code_structure(code: str) -> dict:
    """Parse Python code and extract structural metrics."""
    try:
        tree = ast.parse(code)
    except SyntaxError as e:
        return {"error": "Syntax error: " + str(e)}
    functions = [n.name for n in ast.walk(tree) if isinstance(n, ast.FunctionDef)]
    classes = [n.name for n in ast.walk(tree) if isinstance(n, ast.ClassDef)]
    # Count lines excluding blanks and comments
    lines = [l for l in code.split("\n") if l.strip() and not l.strip().startswith("#")]
    # Check for common anti-patterns
    issues = []
    if "except:" in code or "except Exception:" in code:
        issues.append({"severity": "HIGH", "type": "error_handling",
                       "message": "Bare except clause catches all exceptions including KeyboardInterrupt"})
    if "eval(" in code or "exec(" in code:
        issues.append({"severity": "CRITICAL", "type": "security",
                       "message": "Use of eval/exec - potential code injection vulnerability"})
    if "password" in code.lower() and ("=" in code) and ("hash" not in code.lower()):
        issues.append({"severity": "CRITICAL", "type": "security",
                       "message": "Password may be stored or compared in plaintext"})
    if "print(" in code:
        issues.append({"severity": "LOW", "type": "logging",
                       "message": "Use logging module instead of print() in production code"})
    if "time.sleep(" in code:
        issues.append({"severity": "MEDIUM", "type": "performance",
                       "message": "time.sleep() blocks the thread - consider async alternatives"})
    return {
        "functions": functions,
        "classes": classes,
        "line_count": len(lines),
        "static_issues": issues
    }

def check_naming_conventions(code: str) -> dict:
    """Check PEP8 naming conventions."""
    violations = []
    try:
        tree = ast.parse(code)
    except SyntaxError:
        return {"violations": []}
    for node in ast.walk(tree):
        if isinstance(node, ast.FunctionDef):
            if not node.name.islower() and "_" not in node.name and not node.name.startswith("_"):
                violations.append({"name": node.name, "type": "function",
                                   "issue": "Function names should be snake_case"})
        if isinstance(node, ast.ClassDef):
            if not node.name[0].isupper():
                violations.append({"name": node.name, "type": "class",
                                   "issue": "Class names should be PascalCase"})
    return {"violations": violations, "pep8_compliant": len(violations) == 0}

analyse_tool = FunctionTool(func=analyse_code_structure)
naming_tool = FunctionTool(func=check_naming_conventions)

review_agent = Agent(
    model="gemini-2.0-flash",
    name="code_review_agent",
    instruction="""
        You are a senior Code Review Agent for ShopMax India engineering team.
        When given Python code to review:
        1. Analyse the code structure and detect static issues
        2. Check naming conventions
        3. Produce a code review report:
           - Summary (lines, functions, classes)
           - Issues sorted by severity (CRITICAL > HIGH > MEDIUM > LOW)
           - For each issue: location hint, explanation, and suggested fix
           - Naming convention violations
           - Overall verdict: APPROVE / REQUEST CHANGES / REJECT
        Use concise developer language. Be constructive, not critical.
    """,
    tools=[analyse_tool, naming_tool]
)

session_service = InMemorySessionService()
runner = Runner(agent=review_agent, app_name="code_review", session_service=session_service)

code_to_review = """
def processPayment(amount, userPassword, cardNumber):
    if userPassword == "admin123":
        print("Processing payment of Rs " + str(amount))
        try:
            result = chargeCard(cardNumber, amount)
            return result
        except:
            print("Payment failed")
            return None
"""

session = session_service.create_session(app_name="code_review", user_id="dev")
message = Content(role="user", parts=[Part(text="Review this Python code:\n" + code_to_review)])
for event in runner.run(user_id="dev", session_id=session.id, new_message=message):
    if event.is_final_response():
        print(event.content.parts[0].text)

It gives the following output,

CODE REVIEW REPORT
===================
File     : processPayment function
Lines    : 9 | Functions: 1 | Classes: 0
Verdict  : REJECT

Issues Found (3 critical, 2 others)

[CRITICAL] Plaintext Password Comparison
  userPassword == "admin123" compares password in plaintext.
  Fix: Use bcrypt.checkpw(password.encode(), stored_hash) instead.
  Never hardcode credentials in source code.

[CRITICAL] Hardcoded Credential in Source
  "admin123" is a hardcoded password. This will be exposed in
  version control. Use environment variables or a secrets manager.

[HIGH] Bare Except Clause
  except: catches ALL exceptions including system exits.
  Fix: except (ValueError, ConnectionError) as e: log and handle specifically.

[MEDIUM] Naming Convention Violation
  processPayment should be process_payment (PEP8 snake_case).

[LOW] print() in production code
  Replace print() with logging.info() / logging.error().
  Allows log level control and structured log output.

Action Required: Do not merge. Fix CRITICAL issues before re-review.

The Code Review Agent can be integrated into your GitHub Actions CI pipeline to automatically review every pull request and post comments. Extend it to check for SQL injection patterns, insecure dependencies, missing unit tests, and complexity metrics like cyclomatic complexity. Use Gemini to provide natural-language explanations that junior developers can learn from.

Send your comments, suggestions or queries regarding this site to [email protected].