> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cloudthinker.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Code Review Setup

> Connect your GitHub, GitLab, Bitbucket, or Azure DevOps repositories for automated AI-powered code reviews

Connect a Git provider once and every new pull request in your selected repositories gets an AI review automatically. New to Code Review? Read the [overview](/guide/code-review/overview) first.

## Prerequisites

* A GitHub, GitLab, Bitbucket, or Azure DevOps account with repository access
* Permission to install apps or create access tokens for your organization
* A CloudThinker workspace

## Connect a repository

<Steps>
  <Step title="Open Code Review">
    Go to **Code Review** from the navigation menu.

    <Frame>
      <img src="https://mintcdn.com/cloudthinker/qPO13J0Sg_1q5VB1/images/code-review/setup_step_1_onboarding.png?fit=max&auto=format&n=qPO13J0Sg_1q5VB1&q=85&s=83c99952b3e1487b3fd17bbfa020a6c0" alt="Code Review Onboarding" width="2516" height="1714" data-path="images/code-review/setup_step_1_onboarding.png" />
    </Frame>
  </Step>

  <Step title="Start setup">
    Click **Get Started with Code Review** to open the setup wizard.

    <Frame>
      <img src="https://mintcdn.com/cloudthinker/eiDPB1agMNoCjinj/images/code-review/setup_step_1_setuprovider.png?fit=max&auto=format&n=eiDPB1agMNoCjinj&q=85&s=aa3386c115e30a917d25184c0bca137e" alt="Code Review Setup - Select Provider" width="1914" height="952" data-path="images/code-review/setup_step_1_setuprovider.png" />
    </Frame>
  </Step>

  <Step title="Choose provider">
    Select **GitHub**, **GitLab**, **Bitbucket**, or **Azure DevOps** as your Git provider.

    <Frame>
      <img src="https://mintcdn.com/cloudthinker/qPO13J0Sg_1q5VB1/images/code-review/setup_step_1_connectprovider.png?fit=max&auto=format&n=qPO13J0Sg_1q5VB1&q=85&s=80d3229aa3254ac1d2a3aaf70b44cb1c" alt="Select Git Provider" width="3024" height="1714" data-path="images/code-review/setup_step_1_connectprovider.png" />
    </Frame>
  </Step>

  <Step title="Authenticate">
    <Tabs>
      <Tab title="GitHub">
        Click **Install GitHub App** to begin the GitHub App installation.

        GitHub redirects you to select an organization and grant repository access. After you authorize, the wizard resumes automatically. Webhooks are registered by the GitHub App — no manual webhook configuration is needed.

        <Warning>
          Installing CloudThinker to a GitHub organization requires **Organization Owner** permissions. If you are not an owner, ask an owner to install the app.
        </Warning>
      </Tab>

      <Tab title="GitLab (OAuth)">
        Click **Connect to GitLab** to authenticate via OAuth. This is the simplest option for GitLab.com users.

        After connecting, [configure a webhook manually](#configure-webhooks).
      </Tab>

      <Tab title="GitLab (Access Token)">
        Use a **Project Access Token** or **Group Access Token** for self-hosted GitLab instances or if you prefer manual token management. Comments then appear from a bot user, tokens stay scoped to specific projects or groups, and access is easy to revoke. CloudThinker supports self-hosted GitLab **version 12.0 and above**.

        **Connection details:**

        1. **GitLab URL**: Enter `https://gitlab.com` for GitLab.com, or your self-hosted instance URL (e.g., `https://gitlab.example.com`)
        2. **Token Type**: Select **Project Access Token** (single project) or **Group Access Token** (all projects in a group)
        3. **Access Token**: Paste your generated token

        <Accordion title="How to create a Project Access Token">
          1) Go to your project → **Settings** → **Access Tokens**
          2) Click **Add new token**
          3) Set role to `Developer` or higher
          4) Select scope: `api`
          5) Set an expiration date (recommended)
          6) Copy the generated token
        </Accordion>

        <Accordion title="How to create a Group Access Token">
          1. Go to your group → **Settings** → **Access Tokens**
          2. Click **Add new token**
          3. Set role to `Developer` or higher
          4. Select scope: `api`
          5. Set an expiration date (recommended)
          6. Copy the generated token
        </Accordion>

        <Warning>
          The token must have **Developer** role or higher to post code review comments. Guest and Reporter roles cannot comment on merge requests.
        </Warning>

        After connecting, [configure a webhook manually](#configure-webhooks).
      </Tab>

      <Tab title="Bitbucket (OAuth)">
        Click **Connect to Bitbucket** to authenticate via OAuth. Bitbucket redirects you to authorize workspace access.

        Webhooks are registered automatically — no manual webhook configuration is needed.
      </Tab>

      <Tab title="Bitbucket (Access Token)">
        Connect using a Bitbucket access token. Choose the token type that matches your access level:

        | Token Type                  | Scope                           | Plan Required |
        | --------------------------- | ------------------------------- | ------------- |
        | **Workspace Access Token**  | All repositories in a workspace | Premium       |
        | **Project Access Token**    | All repositories in a project   | Premium       |
        | **Repository Access Token** | Single repository only          | Free          |

        **Connection details:**

        1. **Token Type**: Select the token scope from the dropdown
        2. **Bitbucket Workspace**: Enter your workspace slug (from the URL: `bitbucket.org/<workspace>/repo`)
        3. **Repository Slug** (Repository tokens only): Enter the repository slug
        4. **Access Token**: Paste your generated token

        Click **Validate Token** first to verify access, then click **Connect** to complete.

        **Required token permissions:**

        * Account: Read
        * Repositories: Read, Write
        * Pull requests: Read, Write
        * Webhooks: Read and write
        * Pipelines: Read, Write

        <Accordion title="How to create a Workspace Access Token">
          1. Go to **Workspace** → **Settings** → **Access tokens**
          2. Click **Create workspace access token**
          3. Enable the required permissions listed above
          4. Set an expiration date (recommended)
          5. Copy the generated token
        </Accordion>

        <Accordion title="How to create a Project Access Token">
          1. Go to **Project** → **Project settings** → **Access tokens**
          2. Click **Create project access token**
          3. Enable the required permissions listed above
          4. Set an expiration date (recommended)
          5. Copy the generated token
        </Accordion>

        <Accordion title="How to create a Repository Access Token">
          1. Go to **Repository** → **Repository settings** → **Access tokens**
          2. Click **Create Repository Access Token**
          3. Enable the required permissions listed above
          4. Set an expiration date (recommended)
          5. Copy the generated token
        </Accordion>

        Webhooks are registered automatically — no manual webhook configuration is needed.
      </Tab>

      <Tab title="Azure DevOps">
        Azure DevOps uses a **Personal Access Token (PAT)** for authentication.

        **Connection details:**

        1. **Organization URL**: Enter your Azure DevOps organization URL (e.g., `https://dev.azure.com/your-org` or `https://your-org.visualstudio.com`)
        2. **Project**: Enter the project name containing your repositories
        3. **Personal Access Token**: Paste your generated PAT

        Click **Validate PAT** first to verify access, then click **Connect** to complete.

        **Required PAT scopes:**

        * `Build` — Read
        * `Code` — Read & Write
        * `Pull Request Threads` — Read & Write

        <Accordion title="How to create a PAT">
          1. Go to **Azure DevOps** → **User Settings** (top-right) → **Personal Access Tokens**
          2. Click **New Token**
          3. Set the organization and expiration date
          4. Select the scopes listed above
          5. Click **Create** and copy the generated token
        </Accordion>

        PATs expire on the date you set during creation. Rotate your PAT before it expires to avoid disrupting reviews.

        After connecting, [configure webhooks manually](#configure-webhooks).
      </Tab>
    </Tabs>
  </Step>

  <Step title="Select repositories">
    Select the repositories you want to enable for code review and click **Complete** to finish setup.

    <Frame>
      <img src="https://mintcdn.com/cloudthinker/qPO13J0Sg_1q5VB1/images/code-review/setup_step_1_select_repo.png?fit=max&auto=format&n=qPO13J0Sg_1q5VB1&q=85&s=d92652e03344c67c9bddf81b2a039a88" alt="Select Repositories" width="3024" height="1714" data-path="images/code-review/setup_step_1_select_repo.png" />
    </Frame>

    After setup, open repository settings to adjust auto-review, [review mode](#review-modes), [pipeline monitoring](#pipeline-monitoring), and [filters](#filter-configuration) per repository.

    **Success state:** Your repositories appear in the Code Review dashboard — CloudThinker is now monitoring their pull requests and merge requests.

    <Frame>
      <img src="https://mintcdn.com/cloudthinker/qPO13J0Sg_1q5VB1/images/code-review/setup_step_1_complete_setup.png?fit=max&auto=format&n=qPO13J0Sg_1q5VB1&q=85&s=af497e327fc84660e2878e419ab251a3" alt="Setup Successful" width="3024" height="1714" data-path="images/code-review/setup_step_1_complete_setup.png" />
    </Frame>
  </Step>
</Steps>

## Configure webhooks

GitHub and Bitbucket register webhooks automatically — no action is needed. GitLab and Azure DevOps require manual webhook configuration:

<Tabs>
  <Tab title="GitLab">
    After connecting your GitLab account, configure a webhook in your GitLab project or group:

    1. Go to your project/group → **Settings** → **Webhooks**
    2. Paste the webhook URL shown in the setup wizard
    3. Enter the secret token provided
    4. Enable these triggers:
       * **Merge request events**
       * **Comments**
       * **Pipeline events**
    5. Click **Add webhook**
  </Tab>

  <Tab title="Azure DevOps">
    After connecting your Azure DevOps project, create **4 separate service hooks** in Azure DevOps:

    1. Go to **Project Settings** → **Service hooks**
    2. Click **Create subscription** and select **Web Hooks**
    3. Create one hook for each of these events:
       * **Pull request created**
       * **Pull request updated**
       * **Pull request commented on**
       * **Build completed**
    4. For each hook, paste the webhook URL shown in the setup wizard
    5. Use **Basic authentication** with the secret token as the password (leave username empty)
  </Tab>
</Tabs>

## Create a pull request

<Steps>
  <Step title="Open your repository">
    Navigate to your connected repository on GitHub, GitLab, Bitbucket, or Azure DevOps.
  </Step>

  <Step title="Create a pull request">
    Create a new pull request with your code changes. CloudThinker detects the PR, analyzes the diff, and posts a summary comment plus inline comments — typically within 1–2 minutes, no manual trigger needed.

    <Frame>
      <img src="https://mintcdn.com/cloudthinker/qPO13J0Sg_1q5VB1/images/code-review/setup_step_2_create_pr.png?fit=max&auto=format&n=qPO13J0Sg_1q5VB1&q=85&s=db576aa427acdff338394404cb24ae4a" alt="Create Pull Request" width="3024" height="1714" data-path="images/code-review/setup_step_2_create_pr.png" />
    </Frame>

    Findings cover bug detection (logic errors, null references, race conditions), security vulnerabilities (injection risks, hardcoded secrets), code quality (naming, complexity, duplication), and performance (inefficient queries, N+1 patterns).
  </Step>
</Steps>

## Review the findings

<Steps>
  <Step title="Check status in CloudThinker">
    View the review status for all your pull requests in the CloudThinker dashboard.

    <Frame>
      <img src="https://mintcdn.com/cloudthinker/qPO13J0Sg_1q5VB1/images/code-review/setup_step_3_code_review_status.png?fit=max&auto=format&n=qPO13J0Sg_1q5VB1&q=85&s=18d31bb9489ef5419dc34e93f08c85cc" alt="Code Review Status" width="3024" height="1714" data-path="images/code-review/setup_step_3_code_review_status.png" />
    </Frame>
  </Step>

  <Step title="View findings on your Git provider">
    Open your pull request to see the AI-generated summary and inline code comments. Each comment includes a severity level (Critical, High, Medium, Low), an explanation of the issue, and a suggested fix.

    <Frame>
      <img src="https://mintcdn.com/cloudthinker/qPO13J0Sg_1q5VB1/images/code-review/setup_step_3_view_summary.png?fit=max&auto=format&n=qPO13J0Sg_1q5VB1&q=85&s=578f0dd82456c64c68c8785c04403f14" alt="View Summary" width="3024" height="1714" data-path="images/code-review/setup_step_3_view_summary.png" />
    </Frame>

    <Frame>
      <img src="https://mintcdn.com/cloudthinker/qPO13J0Sg_1q5VB1/images/code-review/setup_step_3_view_findings.png?fit=max&auto=format&n=qPO13J0Sg_1q5VB1&q=85&s=b11c30f154836e21ec5523361a36f786" alt="View Findings" width="3024" height="1714" data-path="images/code-review/setup_step_3_view_findings.png" />
    </Frame>

    Reply to `@cloudthinker-ai` on the PR to ask questions, request a re-review, or skip a review — see [mention commands](/guide/code-review/mention-commands).
  </Step>
</Steps>

## Review modes

Configure the review mode per repository and switch at any time in repository settings:

| Mode         | Description                                                                                                                        |
| ------------ | ---------------------------------------------------------------------------------------------------------------------------------- |
| **Fast**     | Quick analysis, lower cost. Ideal for small PRs and rapid feedback.                                                                |
| **Advanced** | Deep analysis split across specialist agents for security, performance, correctness, and patterns. Best for critical repositories. |

## Pipeline monitoring

CloudThinker monitors your CI/CD pipelines for failures. When a pipeline fails, CloudThinker:

1. Detects the failed pipeline run
2. Fetches and analyzes the failed job logs
3. Posts findings and suggested fixes directly on the PR

Pipeline monitoring can be toggled on or off per workspace and is **enabled by default**. For Azure DevOps, CloudThinker monitors `build.complete` events alongside pull request events (`git.pullrequest.created`, `git.pullrequest.updated`).

## Filter configuration

Control which PRs and MRs CloudThinker reviews using per-repository filters:

* **Label filters**: Include or exclude PRs with specific labels
* **Author filters**: Include or exclude specific authors (useful for excluding bot authors)
* **Branch filters**: Include or exclude branches matching specific patterns (filters by target branch — the branch being merged into)

**Exclude** filters are checked first. **Include** filters must all pass. PRs that match an exclude filter are marked as **FILTERED** and skipped entirely.

## Incremental reviews

When you push new commits to an open PR, CloudThinker performs an **incremental review** — only the new changes are analyzed, not the entire PR. This keeps reviews fast and focused on what actually changed.

## Next steps

<CardGroup cols={2}>
  <Card title="Mention commands" icon="at" href="/guide/code-review/mention-commands">
    Interact with the review bot from PR comments — re-review, ask questions, or skip a review
  </Card>

  <Card title="Leaderboard" icon="trophy" href="/guide/code-review/leaderboard">
    Track team review activity and measure code quality improvements over time
  </Card>

  <Card title="Convention rules" icon="list-check" href="/guide/code-review/convention-rules">
    Teach reviews your team's coding conventions using files already in your repository
  </Card>

  <Card title="Notifications" icon="bell" href="/guide/notifications">
    Configure where code review findings are delivered
  </Card>
</CardGroup>
