⌂ Home
Gemini Code Assist: AI Pair Programming in Your IDE
Code Assist Track
⏰ 45-55 min Module 10 of 12 🔧 Hands-on lab
👀
Gemini Code Assist Track — G09: AI Code Reviews on GitHub Install the Gemini Code Assist GitHub app, get every pull request summarized and reviewed automatically, and tune it with config.yaml and your own styleguide.md.

AI Code Reviews on GitHub

Until now, Gemini helped you write code. This module flips the lens: Gemini reviews code arriving in your repository — yours, your teammates', and (after G06–G07) your agents'.

AI in the Pull Request

Analogy First

Every busy restaurant kitchen has an expeditor: the person who checks each plate before it leaves the pass — right dish? right temperature? anything missing? Without one, mistakes reach customers and the chef burns time on remakes. Most engineering teams use senior developers as expeditors, and it's the role they resent most: the bottleneck is real (PRs queueing for days), and humans are weakest at exactly the mechanical checks — spotting the unparameterized query on line 412 of a 600-line diff at 4:45pm. The Gemini Code Assist GitHub app is a tireless expeditor at the pass: it inspects every plate within minutes, flags the mechanical problems with severity labels, and frees your human reviewers for what humans are actually good at — judgment, architecture, "should we even build this?"

Technical Definition

Gemini Code Assist on GitHub is a GitHub app (install from github.com/apps/gemini-code-assist) that activates on pull requests. On PR open it posts a summary of the change and a review: line-anchored comments, each tagged with a severity (Critical, High, Medium, Low), often including a committable suggested fix. It maintains persistent memory of prior interactions on the repo to reduce repeated nitpicks. GitLab and Bitbucket integrations exist on the Enterprise edition; an Enterprise-grade version with org-level controls is also available. The app is configured per-repo via files in a .gemini/ folder — covered below.

Why It Matters

Review latency is a tax on every change a team ships: a PR that waits two days for review delays its feature by two days, every time. An AI first-pass arrives in minutes and clears the mechanical findings before the human looks, so human review time concentrates on design. And after G06: if agents write more of your code, automated review of agent output isn't a luxury — it's the control that keeps speed from outrunning safety.

How the GitHub App Works

The flow on every pull request:

  1. PR opened → the app posts a help message (optional), a summary of what the change does, and a full code review.
  2. Review comments appear inline on the exact lines, severity-labeled, with suggested fixes you can commit in one click where offered.
  3. You respond — commit fixes, reply to comments (tag @gemini-code-assist or use /gemini commands), push updates.
  4. Re-review on demand/gemini review runs a fresh pass over the updated diff.
github.com — pull request #2 timeline
You:opened PR #2 "Add CSV export endpoint"
gemini-code-assist bot— 90 seconds later
Summary: adds GET /recipes/export returning CSV; touches app.py, storage.py
⚠ [High] app.py:61 — csv built via f-strings; fields containing commas/quotes will corrupt output. Use the csv module.
⚠ [Medium] app.py:58 — export loads all recipes unbounded; consider pagination or streaming.
💡 [Low] storage.py:88 — docstring missing for export helper (per styleguide)
You:push fix → comment: /gemini review
✓ Re-review: previous High resolved. No new findings above threshold.
Press ▶ to watch a PR get reviewed

The /gemini Commands

Type these as PR comments to drive the bot on demand:

CommandEffect
/gemini summary(Re)generate the PR summary
/gemini reviewRun a fresh code review on the current diff
/gemini <question>Ask anything in the context of this PR ("is this backwards compatible?")
/gemini helpList available commands

You can also reply directly under any bot comment to debate a finding — the bot answers with the PR as context, and the exchange feeds its persistent memory for future reviews.

Tuning It: config.yaml & styleguide.md

Technical Definition

Two files in a .gemini/ folder at the repo root customize the bot per-repository: config.yaml controls behavior (when it runs, how noisy it is), and styleguide.md controls judgment (your team's rules, in natural language — the PR-review equivalent of GEMINI.md).

WHAT: the key config.yaml options with team-sensible values. WHY comment_severity_threshold: MEDIUM: Low-severity nitpicks are where AI reviewers lose teams' trust — start at MEDIUM and lower it only if you find yourself wanting more. GOTCHA: the file must be on the repository's default branch to take effect.
.gemini/config.yaml
have_fun: false                      # no poems in PR summaries, thanks
code_review:
  disable: false
  comment_severity_threshold: MEDIUM # only Medium and above get comments
  max_review_comments: -1            # -1 = unlimited
  pull_request_opened:
    help: false                      # skip the onboarding help comment
    summary: true                    # post a summary on every new PR
    code_review: true                # review automatically on open
ignore_patterns:                     # paths the reviewer should skip
  - "*.lock"
  - "dist/**"
WHAT: a styleguide the reviewer enforces. WHY natural language works: the reviewer is a language model — your rules become review criteria verbatim. Reuse your GEMINI.md rules here so IDE generation and PR review enforce the same standards.
.gemini/styleguide.md
# Recipe Box Review Standards

## Must flag (treat as High)
- SQL built with f-strings or string concatenation (require parameterized queries)
- Routes that bypass storage.py and touch sqlite3 directly
- Endpoints returning non-JSON errors or wrong status codes
  (created=201, deleted=204, bad input=400, missing=404)
- New code without corresponding pytest coverage

## Style preferences (Medium/Low)
- Type hints on all function signatures
- Google-style docstrings on public functions
- Tags and other user-supplied strings normalized to lowercase on write

## Do not flag
- Line length up to 100 characters
- Use of f-strings outside SQL contexts

Lab: Get a Real PR Reviewed

Prerequisites: the recipe-box GitHub repo from G07. You'll install the app, configure it, then open a PR containing a planted flaw and watch it get caught.

Install the app on your repo

Visit github.com/apps/gemini-code-assistInstall → choose your account → Only select repositoriesrecipe-box. (Free for public and private repos on the individual plan; org installs may need admin approval. Enterprise links the install to your Google Cloud subscription.)

Commit the configuration first

Create .gemini/config.yaml and .gemini/styleguide.md with the contents from the previous section, then:

terminal
git add .gemini/
git commit -m "Configure Gemini Code Assist PR reviews"
git push   # must land on the default branch to take effect

Open a PR with a planted flaw

Create a branch with a CSV export endpoint written the wrong way on purpose:

terminal
git checkout -b csv-export
app.py — add this route (flaws intentional)
@app.route("/recipes/export", methods=["GET"])
def export_recipes():
    rows = storage.list_recipes()
    csv_text = "id,name,ingredients,minutes\n"
    for r in rows:
        csv_text += f"{r['id']},{r['name']},{';'.join(r['ingredients'])},{r['minutes']}\n"
    return csv_text, 200, {"Content-Type": "text/csv"}
terminal
git add app.py
git commit -m "Add CSV export endpoint"
git push -u origin csv-export
gh pr create --title "Add CSV export endpoint" --body "Exports all recipes as CSV"
The planted flaws: recipe names containing commas or quotes will corrupt the CSV (no escaping — should use the csv module); no test was added (your styleguide says High); and string concatenation in a loop. Let's see what the reviewer catches.

Read the review like a teammate, not a defendant

Within a few minutes the bot posts its summary and review. For each finding, do one of three things — this discipline is the actual skill:

  • Agree → fix. The CSV-escaping finding is correct: rewrite with csv.writer + io.StringIO (ask your IDE Gemini to do it — full circle), commit, push.
  • Disagree → reply with reasoning. If it flags something your team intentionally does, reply under the comment explaining; persistent memory means it nags less next time.
  • Unclear → interrogate. Comment /gemini why is f-string CSV generation a problem? show a failing example and watch it answer with the PR as context.

After pushing fixes, comment /gemini review for a fresh pass.

Merge when clean

terminal
gh pr merge --squash
git checkout main; git pull
Success criteria The review caught the CSV-escaping flaw at High (your config let it through the MEDIUM threshold); the missing-test finding referenced your styleguide language; the re-review after your fix came back clean; and the merged main branch contains the corrected, csv-module version with a test.
What Just Happened?

You closed the quality loop: the same standards you wrote for generation (GEMINI.md, G05) are now enforced at review (styleguide.md) — one set of rules guarding both the front door and the back. And you practiced the three-way response discipline (fix / push back / interrogate) that separates teams that benefit from AI review from teams that rubber-stamp it.

Knowledge Check

1. What happens automatically when a PR opens (default config)?

The PR is auto-merged if no issues are found
The app posts a summary and a severity-labeled, line-anchored code review
All committers get an email quiz
Nothing until you type /gemini start

2. comment_severity_threshold: MEDIUM means…

All findings are reported as Medium
Only findings rated Medium or higher become comments — Low-severity nitpicks are suppressed
The bot reviews at medium speed
Reviews only run on medium-sized PRs

3. The relationship between styleguide.md and GEMINI.md is best described as…

Same idea, different gate: GEMINI.md steers code generation in the IDE; styleguide.md steers review judgment on GitHub — ideally encoding the same standards
They're interchangeable files — either location works
styleguide.md is only for CSS rules
GEMINI.md replaces styleguide.md on Enterprise

4. The bot flags something your team does intentionally. Best response?

Uninstall the app
Silently ignore it forever
Reply with your reasoning (memory reduces repeats) and codify the exception in styleguide.md's "Do not flag" section
Rewrite the code to match the bot even though it's wrong for your team

5. Why does AI PR review become MORE important once teams use agent mode?

It doesn't — agents write perfect code
Agents raise code volume; an automated, always-on first-pass review is the scalable control that keeps quality checks from becoming the bottleneck
GitHub requires it for agent-authored commits
Because human reviewers are deprecated

Quiz Complete!

Ready for G10: Google Cloud Integrations →