Astrai Code Review
AI-powered code review with intelligent model routing.
Complex logic goes to powerful models. Formatting and style goes to fast, cheap ones. You save 40%+ without sacrificing quality.
What it does
- - Smart routing for reviews: Astrai analyzes the diff complexity and routes to the optimal model. A gnarly concurrency bug gets Opus. A missing semicolon gets Haiku. You only pay for the intelligence you need.
- Structured output: Every review returns typed issues with file, line number, severity (critical/warning/info), message, and a concrete suggestion.
- Strictness modes: Standard catches bugs and logic errors. Strict adds style and best-practice checks. Security mode focuses on vulnerabilities, injection, auth, and data exposure.
- BYOK (Bring Your Own Keys): Your provider API keys stay with you. Astrai decides which model to use, then calls the provider using YOUR key. You pay providers directly.
- Cost tracking: Every review response includes the cost and how much you saved vs always using the most expensive model.
- Local-only mode: If you only set
ASTRAI_API_KEY without provider keys, Astrai uses its own hosted models. Still routed intelligently, still cheap.
Setup
- 1. Get a free API key at as-trai.com
- Set
ASTRAI_API_KEY in your environment or skill config - Optionally add provider API keys for BYOK routing (e.g.
ANTHROPIC_API_KEY, OPENAI_API_KEY) - Run
/review on any diff or PR
Usage
CODEBLOCK0
Examples
Basic review of staged changes:
/review
Returns issues found in the current diff with severity levels and suggestions.
Strict review for a PR:
/review --strict
Catches not just bugs but also style violations, naming issues, and missed best practices.
Security audit:
/review --focus security
Focuses on SQL injection, XSS, auth bypass, hardcoded secrets, insecure deserialization, and other vulnerability classes.
Environment Variables
| Variable | Required | Description | Default |
|---|
| INLINECODE5 | Yes | Your API key from as-trai.com | -- |
| INLINECODE6 |
No | Anthropic key for BYOK routing | -- |
|
OPENAI_API_KEY | No | OpenAI key for BYOK routing | -- |
|
GOOGLE_API_KEY | No | Google key for BYOK routing | -- |
|
DEEPSEEK_API_KEY | No | DeepSeek key for BYOK routing | -- |
|
MISTRAL_API_KEY | No | Mistral key for BYOK routing | -- |
|
GROQ_API_KEY | No | Groq key for BYOK routing | -- |
|
TOGETHER_API_KEY | No | Together key for BYOK routing | -- |
|
FIREWORKS_API_KEY | No | Fireworks key for BYOK routing | -- |
|
COHERE_API_KEY | No | Cohere key for BYOK routing | -- |
|
PERPLEXITY_API_KEY | No | Perplexity key for BYOK routing | -- |
|
REVIEW_STRICTNESS | No | standard, strict, or security | standard |
External Endpoints
| Endpoint | Purpose | Data Sent |
|---|
| INLINECODE17 | Code review inference via intelligent routing | Diff content, file context, review instructions |
Security & Privacy
- - All requests authenticated via API key in the Authorization header
- Diffs are sent to the Astrai routing API, which forwards to the selected provider
- In BYOK mode, provider keys are sent via encrypted header (
X-Astrai-Provider-Keys) and never stored - No diffs, code, or review results are retained by Astrai after the request completes
- Source code is fully open: github.com/beee003/astrai-openclaw
Model Invocation
This skill sends code diffs to the Astrai routing API. The router classifies the review complexity and selects the best model:
- - High complexity (concurrency, security, architecture): Routes to Claude Opus, GPT-4o, or Gemini Pro
- Medium complexity (logic errors, missing edge cases): Routes to Claude Sonnet, GPT-4o-mini, or Gemini Flash
- Low complexity (formatting, typos, naming): Routes to Claude Haiku, GPT-4o-mini, or Gemini Flash
Your prompts are processed by third-party LLM providers according to the routing decision. In BYOK mode, calls are made using your own provider API keys.
Pricing
Same as Astrai platform pricing:
- - Free: 1,000 requests/day, smart routing, all strictness modes
- Pro ($49/mo): Unlimited requests, priority routing, analytics dashboard
- Business ($199/mo): Team dashboards, compliance exports, SLA guarantee
Astrai 代码审查
基于AI的代码审查,配备智能模型路由。复杂逻辑交给强大模型,格式和风格问题交给快速廉价模型。在不牺牲质量的前提下节省40%以上成本。
功能特性
- - 智能审查路由:Astrai分析差异复杂度并路由至最优模型。复杂的并发问题交给Opus,遗漏的分号交给Haiku。只为所需智能付费。
- 结构化输出:每次审查返回带类型的问题,包含文件、行号、严重级别(严重/警告/提示)、消息和具体建议。
- 严格模式:标准模式捕获错误和逻辑问题。严格模式增加风格和最佳实践检查。安全模式聚焦漏洞、注入、认证和数据泄露。
- 自带密钥(BYOK):你的提供商API密钥由你保管。Astrai决定使用哪个模型,然后用你的密钥调用提供商。你直接向提供商付费。
- 成本追踪:每次审查响应包含成本信息,以及相比始终使用最贵模型节省的费用。
- 纯本地模式:如果仅设置ASTRAIAPIKEY而不提供提供商密钥,Astrai使用自托管模型。同样智能路由,同样廉价。
设置
- 1. 在as-trai.com获取免费API密钥
- 在环境变量或技能配置中设置ASTRAIAPIKEY
- 可选添加提供商API密钥用于BYOK路由(例如ANTHROPICAPIKEY、OPENAIAPI_KEY)
- 在任何差异或PR上运行/review
使用方法
/review 审查当前差异(暂存更改)
/review --strict 严格模式:错误+风格+最佳实践
/review --focus security 安全审查(漏洞、注入、认证)
/review --file src/auth.py 审查特定文件
示例
基本审查暂存更改:
/review
返回当前差异中发现的问题,包含严重级别和建议。
PR严格审查:
/review --strict
不仅捕获错误,还捕获风格违规、命名问题和遗漏的最佳实践。
安全审计:
/review --focus security
聚焦SQL注入、XSS、认证绕过、硬编码密钥、不安全反序列化及其他漏洞类别。
环境变量
| 变量 | 必需 | 描述 | 默认值 |
|---|
| ASTRAIAPIKEY | 是 | 来自as-trai.com的API密钥 | -- |
| ANTHROPICAPIKEY |
否 | BYOK路由的Anthropic密钥 | -- |
| OPENAI
APIKEY | 否 | BYOK路由的OpenAI密钥 | -- |
| GOOGLE
APIKEY | 否 | BYOK路由的Google密钥 | -- |
| DEEPSEEK
APIKEY | 否 | BYOK路由的DeepSeek密钥 | -- |
| MISTRAL
APIKEY | 否 | BYOK路由的Mistral密钥 | -- |
| GROQ
APIKEY | 否 | BYOK路由的Groq密钥 | -- |
| TOGETHER
APIKEY | 否 | BYOK路由的Together密钥 | -- |
| FIREWORKS
APIKEY | 否 | BYOK路由的Fireworks密钥 | -- |
| COHERE
APIKEY | 否 | BYOK路由的Cohere密钥 | -- |
| PERPLEXITY
APIKEY | 否 | BYOK路由的Perplexity密钥 | -- |
| REVIEW_STRICTNESS | 否 | standard、strict或security | standard |
外部端点
| 端点 | 用途 | 发送数据 |
|---|
| https://as-trai.com/v1/chat/completions | 通过智能路由进行代码审查推理 | 差异内容、文件上下文、审查指令 |
安全与隐私
- - 所有请求通过Authorization头中的API密钥进行身份验证
- 差异发送至Astrai路由API,再由其转发至选定提供商
- BYOK模式下,提供商密钥通过加密头(X-Astrai-Provider-Keys)发送,永不存储
- 请求完成后,Astrai不保留任何差异、代码或审查结果
- 源代码完全开源:github.com/beee003/astrai-openclaw
模型调用
本技能将代码差异发送至Astrai路由API。路由器分类审查复杂度并选择最佳模型:
- - 高复杂度(并发、安全、架构):路由至Claude Opus、GPT-4o或Gemini Pro
- 中复杂度(逻辑错误、遗漏边界情况):路由至Claude Sonnet、GPT-4o-mini或Gemini Flash
- 低复杂度(格式、拼写、命名):路由至Claude Haiku、GPT-4o-mini或Gemini Flash
你的提示词根据路由决策由第三方LLM提供商处理。BYOK模式下,使用你自己的提供商API密钥进行调用。
定价
与Astrai平台定价相同:
- - 免费版:每天1000次请求,智能路由,所有严格模式
- 专业版($49/月):无限请求,优先路由,分析仪表板
- 企业版($199/月):团队仪表板,合规导出,SLA保障
