Sentry

SYSTEM OVERVIEW

How Sentry works

Sentry is an AI pull request reviewer. Users sign in, connect GitHub repositories as projects, trigger reviews on open PRs, and optionally post structured merge-readiness comments back to GitHub through a GitHub App bot identity.

End-to-end review flow

flowchart TB subgraph ui [Browser] authPage["/auth Sign in"] projectsPage["/projects Hub"] projectPage["/project Open PRs"] reportPage["/report Report"] end subgraph api [Express API] authApi["/api/auth"] projectsApi["/api/projects"] reportsApi["/api/reports"] end subgraph pipeline [Analyze pipeline] ghFetch[GitHub PR fetch] chunk[Diff chunker] prompt[Prompt builder] llm[OpenRouter LLM] parse[JSON parse + retry] end authPage --> authApi projectsPage --> projectsApi projectPage --> projectsApi reportPage --> reportsApi projectsApi -->|"POST /:id/analyze"| ghFetch ghFetch --> chunk --> prompt --> llm --> parse parse --> mongo[(MongoDB Reports)] parse --> reportPage
  1. Sign in — JWT session via POST /api/auth/login.
  2. Add a project — verify repo access, optionally store an encrypted PAT for private repos.
  3. List open PRsGET /api/projects/:id/pulls.
  4. Trigger reviewPOST /api/projects/:id/analyze with a pull number.
  5. GitHub fetch — metadata, diffs, commits, reviews, and comments.
  6. Diff chunker — prioritizes non-test files and truncates huge patches.
  7. LLM call — OpenRouter with strict JSON schema; one retry on parse failure.
  8. Save report — scoped to userId + projectId; private by default.
  9. View report — full merge-readiness UI at /report?id=….

GitHub App comment flow

flowchart LR click[Post Comment to PR] --> api["POST /api/reports/:id/comment"] api --> resolve[resolveCommentPostingToken] resolve --> appToken[GitHub App install token] resolve --> botToken[GITHUB_BOT_TOKEN] resolve --> pat[Project PAT fallback] appToken --> post[postPullRequestComment] botToken --> post pat --> post post --> ghComment[GitHub PR comment]
  1. User installs sentry-pr-review on their GitHub account (one-time per account/org).
  2. Sentry checks install status via GET /api/projects/:id/github-app.
  3. On post, the server resolves a token: App installation → bot token → project/env PAT.
  4. comment-formatter.js builds branded markdown; github.js posts it.
  5. Report is marked with githubCommentUrl so it cannot be posted twice.

Pages

  • / — home + public recent reports
  • /auth — sign in / register
  • /projects — project hub
  • /project — open PRs + reviews
  • /report — merge-readiness report

Data model

  • Users — username + hashed password
  • Projects — owner/repo, optional encrypted PAT
  • Reports — PR snapshot, AI report, visibility, project scope

API — Auth

  • POST /api/auth/register
  • POST /api/auth/login
  • GET /api/auth/me

API — Projects

  • GET /api/projects — list / search
  • POST /api/projects/verify
  • POST /api/projects — add repo
  • GET /api/projects/:id/pulls
  • POST /api/projects/:id/analyze
  • GET /api/projects/:id/github-app
  • DELETE /api/projects/:id
  • DELETE /api/projects/:id/reports/:reportId

API — Reports

  • GET /api/reports — public feed
  • GET /api/reports/:id
  • POST /api/reports/:id/comment
  • POST /api/analyze — legacy URL analyze
  • GET /api/health

Core modules

  • lib/analyze-pr.js — shared analyze pipeline
  • lib/auth.js — JWT middleware
  • lib/project-store.js — projects + encrypted tokens
  • lib/report-store.js — scoped report CRUD
  • lib/github-app.js — App JWT + install status
  • lib/comment-poster.js — post bot comments
  • lib/github.js — GitHub REST client
  • lib/openrouter.js — LLM client

Environment & security