TypeScript

import { getSandbox , proxyToSandbox , type Sandbox } from '@cloudflare/sandbox' ; import { Octokit } from '@octokit/rest' ; import Anthropic from '@anthropic-ai/sdk' ; export { Sandbox } from '@cloudflare/sandbox' ; interface Env { Sandbox : DurableObjectNamespace < Sandbox >; GITHUB_TOKEN : string ; ANTHROPIC_API_KEY : string ; WEBHOOK_SECRET : string ; } export default { async fetch ( request : Request , env : Env ) : Promise < Response > { const proxyResponse = await proxyToSandbox ( request , env ) ; if ( proxyResponse ) return proxyResponse ; const url = new URL ( request . url ) ; if ( url . pathname === '/webhook' && request . method === 'POST' ) { const signature = request . headers . get ( 'x-hub-signature-256' ) ; const body = await request . text () ; // Verify webhook signature if ( ! signature || ! ( await verifySignature ( body , signature , env . WEBHOOK_SECRET ))) { return Response . json ( { error : 'Invalid signature' }, { status : 401 } ) ; } const event = request . headers . get ( 'x-github-event' ) ; const payload = JSON . parse ( body ) ; // Only handle opened PRs if ( event === 'pull_request' && payload . action === 'opened' ) { reviewPullRequest ( payload , env ) . catch ( console . error ) ; return Response . json ( { message : 'Review started' } ) ; } return Response . json ( { message : 'Event ignored' } ) ; } return new Response ( 'Code Review Bot



Configure GitHub webhook to POST /webhook' ) ; }, }; async function verifySignature ( payload : string , signature : string , secret : string ) : Promise < boolean > { const encoder = new TextEncoder () ; const key = await crypto . subtle . importKey ( 'raw' , encoder . encode ( secret ) , { name : 'HMAC' , hash : 'SHA-256' }, false , [ 'sign' ] ) ; const signatureBytes = await crypto . subtle . sign ( 'HMAC' , key , encoder . encode ( payload )) ; const expected = 'sha256=' + Array . from ( new Uint8Array ( signatureBytes )) . map ( b => b . toString ( 16 ) . padStart ( 2 , '0' )) . join ( '' ) ; return signature === expected ; } async function reviewPullRequest ( payload : any , env : Env ) : Promise < void > { const pr = payload . pull_request ; const repo = payload . repository ; const octokit = new Octokit ( { auth : env . GITHUB_TOKEN } ) ; // Post initial comment await octokit . issues . createComment ( { owner : repo . owner . login , repo : repo . name , issue_number : pr . number , body : 'Code review in progress...' } ) ; const sandbox = getSandbox ( env . Sandbox , `review- ${ pr . number } ` ) ; try { // Clone repository const cloneUrl = `https:// ${ env . GITHUB_TOKEN } @github.com/ ${ repo . owner . login } / ${ repo . name } .git` ; await sandbox . exec ( `git clone --depth=1 --branch= ${ pr . head . ref } ${ cloneUrl } /workspace/repo` ) ; // Get changed files const comparison = await octokit . repos . compareCommits ( { owner : repo . owner . login , repo : repo . name , base : pr . base . sha , head : pr . head . sha } ) ; const files = [] ; for ( const file of ( comparison . data . files || []) . slice ( 0 , 5 )) { if ( file . status !== 'removed' ) { const content = await sandbox . readFile ( `/workspace/repo/ ${ file . filename } ` ) ; files . push ( { path : file . filename , patch : file . patch || '' , content : content . content } ) ; } } // Generate review with Claude const anthropic = new Anthropic ( { apiKey : env . ANTHROPIC_API_KEY } ) ; const response = await anthropic . messages . create ( { model : 'claude-sonnet-4-5' , max_tokens : 2048 , messages : [ { role : 'user' , content : `Review this PR: Title: ${ pr . title } Changed files: ${ files . map ( f => `File: ${ f . path }

Diff:

${ f . patch }



Content:

${ f . content . substring ( 0 , 1000 ) } ` ) . join ( '



' ) } Provide a brief code review focusing on bugs, security, and best practices.` } ] } ) ; const review = response . content [ 0 ] ?. type === 'text' ? response . content [ 0 ] . text : 'No review generated' ; // Post review comment await octokit . issues . createComment ( { owner : repo . owner . login , repo : repo . name , issue_number : pr . number , body : `## Code Review



${ review }



---

*Generated by Claude*` } ) ; } catch ( error : any ) { await octokit . issues . createComment ( { owner : repo . owner . login , repo : repo . name , issue_number : pr . number , body : `Review failed: ${ error . message } ` } ) ; } finally { await sandbox . destroy () ; } }