Human code review is slow. PRs sit for hours or days waiting for a reviewer. AI code review catches the obvious issues in seconds — security vulnerabilities, missing error handling, style violations — so human reviewers can focus on architecture and design decisions.

Option 1: GitHub Actions + OpenRouter (cheapest cloud)

# .github/workflows/ai-review.yml
name: AI Code Review
on:
  pull_request:
    types: [opened, synchronize]

jobs:
  ai-review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Get diff
        id: diff
        run: |
          DIFF=$(git diff origin/${{ github.base_ref }}...HEAD -- '*.ts' '*.js' '*.py' '*.go' | head -3000)
          echo "diff<<EOF" >> $GITHUB_OUTPUT
          echo "$DIFF" >> $GITHUB_OUTPUT
          echo "EOF" >> $GITHUB_OUTPUT

      - name: AI Review
        uses: actions/github-script@v7
        env:
          OPENROUTER_KEY: ${{ secrets.OPENROUTER_KEY }}
        with:
          script: |
            const diff = `${{ steps.diff.outputs.diff }}`;
            if (!diff.trim()) return;
            
            const response = await fetch('https://openrouter.ai/api/v1/chat/completions', {
              method: 'POST',
              headers: {
                'Authorization': `Bearer ${process.env.OPENROUTER_KEY}`,
                'Content-Type': 'application/json',
              },
              body: JSON.stringify({
                model: 'openai/gpt-5.4-mini',
                messages: [{
                  role: 'user',
                  content: `Review this code diff. Focus on:\n1. Security vulnerabilities\n2. Bugs and logic errors\n3. Performance issues\n4. Missing error handling\n\nBe specific. Reference line numbers. Skip style nitpicks.\n\nDiff:\n${diff}`
                }],
              }),
            });
            
            const data = await response.json();
            const review = data.choices[0].message.content;
            
            await github.rest.issues.createComment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: context.issue.number,
              body: `## 🤖 AI Code Review\n\n${review}\n\n---\n*Automated review by GPT-5.4 Mini via [OpenRouter](https://www.aimadetools.com/blog/openrouter-complete-guide/)*`,
            });

Cost: ~$0.01-0.05 per PR. At 20 PRs/day, that’s $0.20-1.00/day.

Option 2: Claude Code Routine (best quality)

Set up a Claude Code Routine triggered by GitHub PR events:

Trigger: GitHub PR opened
Repository: your-org/your-repo

Prompt:
Review this pull request for:
1. Security vulnerabilities (SQL injection, XSS, auth bypass, hardcoded secrets)
2. Bugs (null pointer, race conditions, off-by-one, unhandled errors)
3. Performance (N+1 queries, missing indexes, unnecessary re-renders)
4. Missing tests for new functionality

For each issue found:
- Quote the specific code
- Explain the risk
- Suggest a fix

If the PR looks good, say so briefly. Don't invent problems.
Post your review as a PR comment.

Claude Sonnet gives the best code review quality but costs more per review (~$0.05-0.20).

Option 3: Local model (free, private)

For teams that can’t send code to cloud APIs:

#!/bin/bash
# .git/hooks/pre-push (runs before every push)

DIFF=$(git diff origin/main...HEAD -- '*.ts' '*.js' '*.py')
if [ -z "$DIFF" ]; then exit 0; fi

echo "🤖 Running AI code review..."
REVIEW=$(echo "$DIFF" | ollama run qwen3:8b "Review this diff for security issues and bugs. Be brief:")

echo "$REVIEW"
echo ""
read -p "Push anyway? (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
    exit 1
fi

Free, private, runs on every push. Quality is lower than cloud models but catches obvious issues.

What AI catches vs what it misses

AI catches well	AI misses
SQL injection	Business logic errors
Missing null checks	Architectural problems
Hardcoded secrets	Performance at scale
Unused variables	UX implications
Missing error handling	Team convention violations
Type mismatches	Integration issues

AI code review is a first pass, not a replacement for human review. It catches the mechanical issues so humans can focus on the important stuff.

Combining AI + human review

The best workflow:

PR opened
  → AI review (instant, catches mechanical issues)
  → Human review (focuses on architecture, design, business logic)
  → AI re-review after changes (verifies fixes)
  → Merge

This cuts human review time by 30-50% because reviewers don’t waste time on obvious issues.

Cost comparison

Approach	Cost/PR	Quality	Privacy
GitHub Actions + GPT-5.4 Mini	$0.02	Good	❌ Cloud
Claude Code Routine	$0.10	Best	❌ Cloud
Local Ollama (pre-push hook)	$0	Decent	✅ Private
Codex CLI in CI	$0.05	Good	❌ Cloud

Related: AI for CI/CD Pipelines · Claude Code Routines · LLM Regression Testing · OpenRouter Complete Guide · Ollama Complete Guide · Test AI Agents Before Production