Flow Code Reviewer

Description

Unleash the power of AI in your development lifecycle! This extension integrates the Flow Code Reviewer directly into your Azure DevOps pipelines, transforming your pull request reviews with intelligent, CI&T Flow-driven insights.

Features

• AI-Powered Code Review: Leverages CI&T Flow to provide insightful code review comments.
• Azure DevOps Integration: Seamlessly integrates into Azure DevOps pull request workflows.
• Customizable Prompts: Allows for custom prompts to tailor the AI's review focus.
• Flexible Model Selection: Supports various AI models (GPT-o3 mini, GPT-4o, Gemini 1.5 Flash, Gemini 2.5 Pro, Claude 3.7 Sonnet).
• File Exclusion: Ability to ignore specific files or patterns from the review process.

Installation

1. Install the extension from the Azure DevOps Marketplace.
2. Add the FlowCodeReviewerTask (version 0.x) to your Azure DevOps pipelines.
3. Configure the task with your Flow API credentials (Client ID, Client Secret, Tenant).
4. Ensure the Build Service user has the necessary permissions on the repositories:
   • Contribute
   • Contribute to pull requests

How to Get Flow API Credentials

1. Access the Flow platform.
2. Log in with your credentials.
3. Click on your username at the bottom left of the screen.
4. Go to Settings.
5. Navigate to Your Profile > API Keys.
6. Enter a name for the API key, select the llm-api under apps, and click Create.
7. Copy the Client ID, Client Secret, and Tenant values.

Pipeline Task Definition

steps:
  - task: FlowCodeReviewerTask@0
    inputs:
      clientId: 'YOUR_CLIENT_ID'
      clientSecret: 'YOUR_CLIENT_SECRET'
      tenant: 'YOUR_TENANT'
      model: 'gpt-5' # Or your preferred model
      ignoreFiles: '**/package-lock.json,**/dist/**' # Optional: files to ignore
      customPrompt: 'Your custom review instructions here' # Optional: custom prompt
      useAdr: 'true' # Enable ADR context

The FlowCodeReviewerTask accepts the following inputs:

• clientId (required): The Client ID of the Flow application.
• clientSecret (required): The Client Secret of the Flow application.
• tenant (required): The Tenant of the Flow application.
• model (optional, default: gpt-5): AI Model to be used for completions.
  • Supported values: gemini-2.5-pro, gemini-1.5-flash, gpt-4o-mini, gpt-4o, gpt-5, o3-mini, anthropic.claude-35-sonnet, anthropic.claude-37-sonnet, anthropic.claude-4-sonnet.
• ignoreFiles (optional): Comma-separated glob expressions for files to be ignored (e.g., **/package-lock.json,**/dist/**).
• customPrompt (optional): Custom prompt to be used for AI review. This adds to the default prompt.
• useAdr (optional, default: 'false'): Controls whether ADRs are loaded and used as review context.
  • 'true': The task searches the repository for ADRs and passes their content to the AI reviewer.
  • 'false': ADR retrieval is skipped; the reviewer does not use ADRs and will not comment based on ADR rules.

How ADRs are discovered:

The task looks for a top-level directory named docs, doc, or documentation (lowercase). Inside it, it looks for a subfolder named adr (lowercase). Expected path: /docs/adr (or /doc/adr, /documentation/adr). Only ADRs in this path are considered. Other locations will not be detected. Recommended ADR structure and content:

Place ADR files under /docs/adr, for example: /docs/adr/0001-node-version.md /docs/adr/0002-security-scripting.md Write clear, actionable rules (e.g., “Must use Node 18+,” “Forbidden to execute curl|bash from unverified domains”). The clearer the ADR, the better the AI can leverage it.