Framer — Launch websites with enterprise needs at startup speeds.
Launch websites with enterprise needs at startup speeds.
Promoted
Maker
📌
The Story Behind GitFlow54
Inspiration
Every engineering team uses GitHub. But most organizations are flying blind when it comes to understanding what's actually happening inside their repositories.
You can see commits. You can count pull requests. But you can't answer the questions that actually matter:
Who is consistently writing high-quality code — and who is quietly accumulating technical debt?
Which file is being touched the most, and is every change to it being properly reviewed?
Did that PR from last Tuesday actually improve the codebase, or did it quietly introduce a regression?
Is contributor Alice on track to hit her Q1 goals, and what does the evidence say?
We built GitPulse because existing tools treat GitHub data as a vanity metric dashboard — commit counts, PR velocity, green squares. None of them answer the quality question. None of them close the loop between activity and impact. And none of them give organizations the structured, AI-powered lens they need to grow their engineers and protect their codebases at the same time.
The inspiration came from a real pain: watching teams onboard new contributors, set vague goals like "contribute more", and then scramble at performance review time to reconstruct what anyone actually did — manually scrolling through GitHub history, copy-pasting commit messages into spreadsheets.
There had to be a better way.
What We Built
GitPulse is an AI-powered GitHub intelligence platform for organizations. At its core, it does four things:
1. Contributor Intelligence
Organizations register contributors by GitHub username and email. GitPulse then ingests their entire GitHub history across all org repositories — every commit, pull request, code review, branch push, comment, and merge — and builds a rich, queryable profile for each person.
2. Deep Diff & Impact Analysis
Every file change is stored, diffed, and analyzed. Not just what changed, but what it means. Each PR gets a structured impact record:
Where:
$Q$ = AI-assessed code quality score
$\Delta C$ = cyclomatic complexity delta
$\Delta T$ = test coverage delta
$R$ = review participation score
$w_1, w_2, w_3, w_4$ = configurable weights per organization
This gives every contribution a single, explainable number that reflects its real effect on the project.
3. AI Code Review (CodeRabbit-feature-complete)
Every PR gets automatically reviewed by our AI engine before a human reviewer opens the diff. The system posts inline comments on specific lines, flags security vulnerabilities, detects missing tests, and generates a plain-English walkthrough of the entire PR — written back to GitHub so it lives where developers already work.
4. Goals, Assessments & Target File Monitoring
Org admins can set structured goals for contributors — not vague ones, but measurable ones tied directly to GitHub activity. They can mark specific files or glob patterns as target files that require deep tracking and mandatory review. And they can run AI-powered assessments that evaluate a contributor's work over any time period against a configurable rubric.
How We Built It
The architecture is built around a dual-ingestion pipeline: GitHub Webhooks for real-time events, and a scheduled polling service for gap-filling and historical backfill. Every event flows through a normalized event queue (Kafka + Redis) into a set of specialized processing workers.
The AI layer runs parallel analysis on every PR:
PR Opened
├── LLM Agent → summary, issues, suggestions
├── Security Scanner → secrets, OWASP, dependency CVEs
├── Static Analyzer → complexity, coverage, linting
└── Embedding Service → vector store for semantic search
Results are merged into a structured ai_review record stored in PostgreSQL (as JSONB), with metrics flowing into TimescaleDB for time-series analytics. Raw diffs are archived in object storage (S3/R2) with references, keeping the primary database lean.
The frontend is built in Next.js 14 with real-time updates via WebSockets — so when a PR is reviewed by the AI, the dashboard updates live without a page refresh.
GitHub integration is implemented as a GitHub App (not a simple OAuth integration), which gives us fine-grained permission scopes, webhook delivery guarantees, and the ability to post review comments and labels back to repositories on behalf of the organization.
Challenges We Faced
GitHub API Rate Limits at Scale
GitHub's REST API has a 5,000 request/hour ceiling per token, and a GraphQL API with a node cost budget. At scale — an org with 50 contributors across 20 repositories — historical backfill alone can exhaust this in minutes.
We solved this with a combination of:
GitHub App installation tokens (15,000 req/hr per installation, scales per-org)
Conditional requests using ETag and If-Modified-Since headers to skip unchanged resources
GraphQL batching to fetch multiple resources in a single query
A priority queue that deprioritizes backfill jobs when real-time webhook processing is pending
Making AI Reviews Actually Useful
Early versions of the AI review were too verbose — walls of text that reviewers would ignore. The breakthrough was structuring output into three strict tiers: must-fix (blocks merge), should-fix (inline suggestions), and consider (non-blocking ideas). This made the AI a useful first pass, not noise.
Diff Context Windows
LLMs have finite context windows, and large PRs with hundreds of changed files can exceed them. We built a diff chunking strategy that prioritizes:
Critical files (high complexity, marked as targets) are always included in the primary context window. Lower-priority files are summarized via a secondary pass.
Contributor Identity Resolution
GitHub commits can reference multiple email addresses, and contributors sometimes push with personal vs. work emails. We built an identity resolution layer that matches GitHub user IDs, commit author emails, and org-registered emails into a single contributor record — preventing split activity histories.
What We Learned
Webhooks lie — GitHub webhook delivery is not guaranteed and can arrive out of order. A robust polling fallback is non-negotiable, not optional.
AI review needs guardrails — An LLM without structured output schemas will hallucinate line numbers and reference code that doesn't exist. Enforcing strict JSON output with validation eliminated this entirely.
Organizations care about trends more than snapshots — The most-used feature in testing wasn't individual PR scores, it was the trend line — is this contributor's code quality improving or declining over time?
Target file monitoring is underrated — The ability to say "every change to src/auth/** must be deeply reviewed and tracked" turned out to be one of the most immediately valuable features for security-conscious teams.
What's Next
IDE Plugin — Surface AI insights directly in VS Code as developers write code, before they even open a PR
Dependency Graph Visualization — Map how each PR's file changes propagate through the codebase's dependency graph
Natural Language Querying — Ask questions like "show me all PRs that touched the payment module in the last 90 days and had a security flag" in plain English
Custom AI Personas — Let organizations define their own code review standards and have the AI enforce them consistently across every PR
Report
No reviews yetBe the first to leave a review for GitFlow54
