Automated code review agent on Civo GPUs

Code review is one of the most effective quality gates in software development, but in most teams, it is also one of the slowest. A 2023 LinearB study found that the average pull requests sit untouched for more than 24 hours before receiving a first response. SmartBear’s State of Code Review report reinforces the problem: reviewers are most effective when they examine fewer than 400 lines at a time, but the median PR in most teams exceeds that threshold, leading reviewers to either slow down or rush through their work. The downstream effect is significant; code review defects account for up to 65% of production bugs that make it past testing.

Manual-only review creates a predictable pattern: junior developers wait days for feedback on obvious mistakes. Reviewers, already stretched thin, skip structural analysis and focus only on surface errors. Issues such as SQL injection, hardcoded credentials, or weak cryptography slip through because nobody had time to look closely. The problem isn’t a lack of standards, it’s a lack of bandwidth.

This tutorial solves the problem. It walks through building a private, GPU-powered code-review agent that runs entirely within a Civo Kubernetes cluster. Upload any source file to a Civo Object Store bucket, and the pipeline automatically produces a structured JSON review: issues found (with severity and line references), an overall complexity rating, and a prioritized list of improvement suggestions. No external SaaS. No code leaving controlled infrastructure. The system operates as a first-pass reviewer; fast, consistent, and always available.

How the pipeline works

The system is built around a simple pattern: an Object Store bucket acts as the trigger, and two lightweight pods handle the work.

Automated code review agent on Civo GPUs

The sequence from file upload to JSON output follows these steps:

A source file: Python, JavaScript, Go, or any plain-text code format, is uploaded to the code-submissions bucket inside Civo Object Store.
The watcher pod polls the bucket every 10 seconds. When it detects a file without a corresponding .review.json output, it downloads the file and forwards it to the reviewer pod.
The reviewer pod sends a structured analysis prompt to relaxAI and receives a JSON object that contains issues, a complexity classification, and suggestions.
The watcher uploads the result to the same bucket as <filename>.review.json. The original file and its review now sit side by side.

Three components make this work. The relaxAI Reviewer Pod is a FastAPI service running on a GPU node. It exposes a /review endpoint, handles the relaxAI call, strips markdown formatting from model output, and validates the response against a Pydantic schema. The Watcher Agent Pod is a standalone Python process that runs the polling loop. It handles file download, forwards files to the reviewer, and uploads results, keeping all orchestration logic separate from the inference logic. The Civo Object Store Bucket is the coordination layer between the two pods and the entry point for developers using the system.

Why this works well on Civo

Most cloud platforms make GPU access complicated, with quota requests, approval queues, and multi-day waits. Civo provisions GPU nodes in minutes with no approval process, so a cluster can be spun up for a batch of reviews and deleted when done. No idle costs, no bureaucracy.

Everything the pipeline needs, compute, Object Store, and networking, lives in the same regional environment and is managed from one dashboard. No cross-account policies, no external storage integrations, no IAM complexity. The watcher pod accesses the Object Store the same way it accesses any internal service: via a Kubernetes Secret containing credentials and a standard S3-compatible call.

The data boundary is the most important advantage for teams handling proprietary or regulated code. Source files travel from Object Store to the reviewer pod and back, entirely within the cluster. Nothing touches a third-party endpoint, which makes the setup defensible to security and compliance teams without any architectural changes.

And once this agent is running, the same setup bucket, watcher, and inference pod works for test generation, documentation drafting, or dependency analysis. Swap the prompt, rebuild the image, and a new tool is live.

Prerequisites

Before we dive in, make sure you have:

A Civo account (sign up at civo.com if you haven't already)
Basic Kubernetes knowledge (what deployments and services are)
Docker installed locally (for building container images)
Python 3.9+ installed
relaxAI API access (get your API key from relaxAI)
kubectl CLI configured and ready

Don’t worry if you’re not a Kubernetes expert; every step is explained in detail.

Project Layout

Create this folder structure locally. Keeping the reviewer and watcher in separate directories makes Dockerfile scoping straightforward and keeps each service’s dependencies isolated.

1code-reviewer/
2├── reviewer/
3│   ├── app.py
4│   ├── requirements.txt
5│   └── Dockerfile
6├── watcher/
7│   ├── watcher.py
8│   ├── requirements.txt
9│   └── Dockerfile
10└── kubernetes/
11    ├── namespace.yaml
12    ├── secret.yaml
13    ├── reviewer-deployment.yaml
14    └── watcher-deployment.yaml

Step 1: Provision and connect to the GPU cluster

Civo clusters with GPU nodes are provisioned in a few minutes. This step creates the cluster, downloads the kubeconfig file, and verifies that kubectl can reach the nodes.

Log in to the Civo Dashboard and navigate to Kubernetes → Create Cluster.
Set the name to code-reviewer-cluster, keep the network set to Default, and select a GPU-enabled instance type for the node pool. One node is sufficient for this tutorial.
Click Create Cluster and wait for the status indicator to show Ready (typically 2–5 minutes)
Click Download Kubeconfig once the cluster is ready.

Connect kubectl to the new cluster by setting the KUBECONFIG environment variable to the path of the downloaded file:

1# macOS / Linux
2export KUBECONFIG=/path/to/downloaded/kubeconfig.yaml
3 
4# Windows
5set KUBECONFIG=C:\path\to\downloaded\kubeconfig.yaml

Verify that the node is visible and ready:

1kubectl get nodes

Create a dedicated namespace and set it as the active context so that subsequent kubectl commands do not need a -n flag:

1kubectl create namespace code-reviewer
2kubectl config set-context --current --namespace=code-reviewer

Step 2: Set up the Object Store bucket

The Object Store bucket serves as the shared file system between developers uploading code and the review pipeline. Civo’s Object Store is S3-compatible, so standard boto3 calls work against it without any additional configuration.

Create credentials

In the Civo Dashboard, go to Object Stores → Credentials.
Click Create a new Credential.
Save the Access Key and Secret Key securely; both are needed in Step 5 when configuring the Kubernetes Secret.

Create the store and bucket

Go to Object Stores → Create Object Store.
Name it code-review-store and select the same region as the Kubernetes cluster (for example, lon1).
Click Create.
Open the newly created store and click Create a new folder.
Name the folder code-submissions and click Create folder.

The Object Store endpoint URL follows the format below. Note this value, it becomes the S3_ENDPOINT environment variable in Step 5.

1https://objectstore.<region>.civo.com

Replace <region> with the actual region throughout the remaining steps.

Step 3: Build the reviewer service and watcher agent

Two services power the pipeline. The reviewer is a FastAPI application that handles AI inference. The watcher is a standalone script that handles orchestration. Separating them keeps each piece testable and independently deployable.

Reviewer service (`reviewer/app.py`)

The reviewer exposes a single /review endpoint. When called with a code file and a filename, it constructs a structured analysis prompt, sends it to relaxAI, cleans the model’s response, and returns a validated JSON object. The code is organized into four clearly labeled sections, making each responsibility easy to locate.

Create `reviewer/app.py`

Setup & configuration:

1from fastapi import FastAPI, HTTPException
2from pydantic import BaseModel
3from relaxai import Relaxai
4import os, json
5from typing import List
6 
7app = FastAPI()
8 
9RELAXAI_API_KEY = os.getenv("RELAXAI_API_KEY")
10client = Relaxai(api_key=RELAXAI_API_KEY) if RELAXAI_API_KEY else None

Data models:

1class ReviewRequest(BaseModel):
2    content: str
3    filename: str
4 
5class Issue(BaseModel):
6    severity: str   # high | medium | low
7    line: str       # e.g. 'line 14' or 'general'
8    description: str
9 
10class ReviewResponse(BaseModel):
11    filename: str
12    language: str
13    complexity: str   # low | medium | high
14    issues: List[Issue]
15    suggestions: List[str]
16    summary: str

Endpoints:

1@app.get("/health")
2async def health():
3    return {"status": "healthy", "relaxai_configured": client is not None}
4 
5@app.post("/review", response_model=ReviewResponse)
6async def review(request: ReviewRequest):
7    if not client:
8        raise HTTPException(500, "RelaxAI API key not configured")
9 
10    content_preview = request.content[:8000]
11 
12    prompt = f"""
13    Analyze the following code file and return a structured code review.
14 
15    File: {request.filename}
16    Content:
17    {content_preview}
18 
19    Respond ONLY with valid JSON in this exact format:
20    {{
21        "language": "detected language",
22        "complexity": "low | medium | high",
23        "issues": [
24            {{"severity": "high|medium|low",
25              "line": "line X or general",
26              "description": "clear description"}}
27        ],
28        "suggestions": ["actionable improvement"],
29        "summary": "2-sentence overall assessment"
30    }}
31    Return ONLY the JSON. No explanation.
32    """

relaxAI call & response parsing:

1    try:
2        completion = client.chat.create_completion(
3            messages=[
4                {"role": "system",
5                 "content": "You are an expert code reviewer. Return valid JSON only."},
6                {"role": "user", "content": prompt}
7            ],
8            model="Llama-4-Maverick-17B-128E",
9            temperature=0.2,
10            max_tokens=800
11        )
12        resp = completion.choices[0].message.content.strip()
13 
14        # Strip markdown fences if present
15        if resp.startswith("```json"): resp = resp[7:]
16        if resp.startswith("```"):     resp = resp[3:]
17        if resp.endswith("```"):        resp = resp[:-3]
18        resp = resp.strip()
19 
20        data = json.loads(resp)
21        data["filename"] = request.filename
22        return ReviewResponse(**data)
23 
24    except json.JSONDecodeError as e:
25        raise HTTPException(500, f"Failed to parse AI response: {e}")
26    except Exception as e:
27        raise HTTPException(500, f"Review failed: {e}")
28 
29if __name__ == "__main__":
30    import uvicorn
31    uvicorn.run(app, host="0.0.0.0", port=8000)

Create reviewer/requirements.txt:

1fastapi==0.104.1
2uvicorn==0.24.0
3relaxai
4pydantic==2.5.0

Create reviewer/Dockerfile:

1FROM python:3.11-slim
2WORKDIR /app
3COPY requirements.txt .
4RUN pip install --no-cache-dir -r requirements.txt
5COPY app.py .
6EXPOSE 8000
7CMD ["python", "app.py"]

Watcher Agent (watcher/watcher.py)

The watcher runs a continuous polling loop. Every 10 seconds, it lists the bucket contents, identifies files that are missing a corresponding .review.json, and processes each one by downloading it, calling the reviewer, and uploading the result. Keeping this logic separate from the reviewer means each service has a single responsibility and can be debugged independently.

Create `watcher/watcher.py`

Setup & S3 client:

1import boto3, httpx, json, time, os
2from botocore.client import Config
3 
4S3_ENDPOINT   = os.getenv("S3_ENDPOINT")
5S3_ACCESS_KEY = os.getenv("S3_ACCESS_KEY")
6S3_SECRET_KEY = os.getenv("S3_SECRET_KEY")
7S3_BUCKET     = os.getenv("S3_BUCKET", "code-submissions")
8REVIEWER_URL  = os.getenv("REVIEWER_URL", "http://reviewer-service:8000")
9POLL_INTERVAL = int(os.getenv("POLL_INTERVAL", "10"))
10 
11s3 = boto3.client(
12    's3',
13    endpoint_url=S3_ENDPOINT,
14    aws_access_key_id=S3_ACCESS_KEY,
15    aws_secret_access_key=S3_SECRET_KEY,
16    config=Config(signature_version='s3v4')
17)

Helper functions:

1SUPPORTED = ('.py', '.js', '.ts', '.java', '.go', '.rb',
2             '.php', '.c', '.cpp', '.cs', '.rs', '.sh')
3 
4def get_file_content(key):
5    try:
6        body = s3.get_object(Bucket=S3_BUCKET, Key=key)['Body'].read()
7        try:    return body.decode('utf-8')
8        except: return body.decode('latin-1')
9    except Exception as e:
10        print(f"Error downloading {key}: {e}")
11        return None
12 
13def upload_json(key, data):
14    try:
15        s3.put_object(Bucket=S3_BUCKET, Key=key,
16                      Body=json.dumps(data, indent=2),
17                      ContentType='application/json')
18        print(f"✓ Uploaded {key}")
19    except Exception as e:
20        print(f"Error uploading {key}: {e}")
21 
22def needs_review(filename, existing):
23    if filename.endswith('.json'): return False
24    if not filename.lower().endswith(SUPPORTED): return False
25    return f"{filename}.review.json" not in existing

File processing:

1def process_file(filename):
2    print(f"Processing {filename}...")
3    content = get_file_content(filename)
4    if not content:
5        print(f"✗ Could not read {filename}")
6        return
7    try:
8        with httpx.Client(timeout=120.0) as c:
9            r = c.post(f"{REVIEWER_URL}/review",
10                       json={"content": content, "filename": filename})
11            r.raise_for_status()
12        review = r.json()
13        upload_json(f"{filename}.review.json", review)
14        print(f"✓ Done -- {len(review.get('issues', []))} issue(s) found")
15    except httpx.TimeoutException:
16        print(f"✗ Timeout processing {filename}")
17    except Exception as e:
18        print(f"✗ Failed: {e}")

Poll loop:

1def watch_bucket():
2    print("=" * 60)
3    print("CODE REVIEWER WATCHER STARTED")
4    print(f"Bucket: {S3_BUCKET} | Interval: {POLL_INTERVAL}s")
5    print("=" * 60)
6    while True:
7        try:
8            resp = s3.list_objects_v2(Bucket=S3_BUCKET)
9            if 'Contents' not in resp:
10                print("Bucket empty, waiting...")
11                time.sleep(POLL_INTERVAL)
12                continue
13            existing = {o['Key'] for o in resp['Contents']}
14            to_review = [f for f in existing if needs_review(f, existing)]
15            if to_review:
16                print(f"\nFound {len(to_review)} file(s) to review")
17                for f in to_review: process_file(f)
18            else:
19                print(".", end="", flush=True)
20        except Exception as e:
21            print(f"\n✗ Watch loop error: {e}")
22        time.sleep(POLL_INTERVAL)
23 
24if __name__ == "__main__":
25    watch_bucket()

Create watcher/requirements.txt:

1boto3==1.29.7
2httpx==0.25.1

Create watcher/Dockerfile:

1FROM python:3.11-slim
2WORKDIR /app
3COPY requirements.txt .
4RUN pip install --no-cache-dir -r requirements.txt
5COPY watcher.py .
6CMD ["python", "watcher.py"]

Step 4: Containerize both services

Both services need to be packaged as container images and pushed to a registry so Kubernetes can pull them during deployment. Docker Hub works well for this tutorial. Run the following commands from the root of the project directory:

1# Log in to Docker Hub
2docker login
3 
4# Build and push the reviewer image
5cd reviewer
6docker build -t yourusername/civo-code-reviewer:latest .
7docker push yourusername/civo-code-reviewer:latest
8 
9# Build and push the watcher image
10cd ../watcher
11docker build -t yourusername/civo-code-watcher:latest .
12docker push yourusername/civo-code-watcher:latest
13 
14cd ..

Step 5: Deploy to the cluster

Four Kubernetes manifests bring the pipeline to life: a namespace, a secret, a reviewer deployment with its ClusterIP service, and a watcher deployment. They are applied in that order so that the secret exists before the pods start.

`namespace.yaml`

A namespace keeps the review agent’s resources isolated from anything else running on the cluster, making cleanup and access control straightforward.

1apiVersion: v1
2kind: Namespace
3metadata:
4  name: code-reviewer

`secret.yaml`

A Kubernetes Secret stores sensitive values, API keys, and Object Store credentials, separately from the container image. The pods read these values at startup through environment variable references. Replace all placeholder values with the actual credentials from Steps 2 and 3.

1apiVersion: v1
2kind: Secret
3metadata:
4  name: reviewer-secrets
5  namespace: code-reviewer
6type: Opaque
7stringData:
8  S3_ENDPOINT:     "https://objectstore.lon1.civo.com"  # update region
9  S3_ACCESS_KEY:   "your-civo-access-key"
10  S3_SECRET_KEY:   "your-civo-secret-key"
11  S3_BUCKET:       "code-submissions"
12  RELAXAI_API_KEY: "your-relaxai-api-key"

`reviewer-deployment.yaml`

The reviewer pod runs on a GPU node and exposes port 8000 through a ClusterIP service. A ClusterIP service makes the reviewer accessible only from other pods within the cluster, intentionally preventing external access to the source code. Liveness and readiness probes hit the /health endpoint to keep Kubernetes informed of the pod’s state.

1apiVersion: apps/v1
2kind: Deployment
3metadata:
4  name: reviewer
5  namespace: code-reviewer
6spec:
7  replicas: 1
8  selector:
9    matchLabels:
10      app: reviewer
11  template:
12    metadata:
13      labels:
14        app: reviewer
15    spec:
16      containers:
17      - name: reviewer
18        image: yourusername/civo-code-reviewer:latest
19        ports:
20        - containerPort: 8000
21        env:
22        - name: RELAXAI_API_KEY
23          valueFrom:
24            secretKeyRef:
25              name: reviewer-secrets
26              key: RELAXAI_API_KEY
27        resources:
28          requests:
29            memory: "2Gi"
30            cpu: "1000m"
31            nvidia.com/gpu: "1"
32          limits:
33            memory: "4Gi"
34            cpu: "2000m"
35            nvidia.com/gpu: "1"
36        livenessProbe:
37          httpGet:
38            path: /health
39            port: 8000
40          initialDelaySeconds: 30
41          periodSeconds: 10
42        readinessProbe:
43          httpGet:
44            path: /health
45            port: 8000
46          initialDelaySeconds: 10
47          periodSeconds: 5
48        nodeSelector:
49          node.kubernetes.io/instance-type: g4-g.4xlarge.kube.cluster
50---
51apiVersion: v1
52kind: Service
53metadata:
54  name: reviewer-service
55  namespace: code-reviewer
56spec:
57  selector:
58    app: reviewer
59  ports:
60  - protocol: TCP
61    port: 8000
62    targetPort: 8000
63  type: ClusterIP

`watcher-deployment.yaml`

The watcher pod reads all five secrets through environment variable references and sets REVIEWER_URL to the internal DNS name of the reviewer service. No GPU resources are needed here; the watcher is doing file I/O and HTTP calls, not inference.

1apiVersion: apps/v1
2kind: Deployment
3metadata:
4  name: watcher
5  namespace: code-reviewer
6spec:
7  replicas: 1
8  selector:
9    matchLabels:
10      app: watcher
11  template:
12    metadata:
13      labels:
14        app: watcher
15    spec:
16      containers:
17      - name: watcher
18        image: yourusername/civo-code-watcher:latest
19        env:
20        - name: S3_ENDPOINT
21          valueFrom:
22            secretKeyRef:
23              name: reviewer-secrets
24              key: S3_ENDPOINT
25        - name: S3_ACCESS_KEY
26          valueFrom:
27            secretKeyRef:
28              name: reviewer-secrets
29              key: S3_ACCESS_KEY
30        - name: S3_SECRET_KEY
31          valueFrom:
32            secretKeyRef:
33              name: reviewer-secrets
34              key: S3_SECRET_KEY
35        - name: S3_BUCKET
36          valueFrom:
37            secretKeyRef:
38              name: reviewer-secrets
39              key: S3_BUCKET
40        - name: REVIEWER_URL
41          value: "http://reviewer-service:8000"
42        - name: POLL_INTERVAL
43          value: "10"
44        resources:
45          requests:
46            memory: "256Mi"
47            cpu: "100m"
48          limits:
49            memory: "512Mi"
50            cpu: "500m"

Apply and verify

Apply the manifests in order. The secret must exist before the pods start, or they will fail to read environment variables at launch.

1kubectl apply -f kubernetes/namespace.yaml
2kubectl config set-context --current --namespace=code-reviewer
3 
4# Secret must be applied before the pods start
5kubectl apply -f kubernetes/secret.yaml
6 
7kubectl apply -f kubernetes/reviewer-deployment.yaml
8kubectl apply -f kubernetes/watcher-deployment.yaml
9kubectl get pods -n code-reviewer -w

Once both pods show Running, check the watcher logs to confirm the polling loop has started:

1kubectl logs -f deployment/watcher -n code-reviewer

Step 6: Test the pipeline end-to-end

With both pods running, it’s time to put the pipeline through a real test. Rather than using a minimal toy example, this step uses a publicly available Flask application that contains several well-documented vulnerability classes. This gives the reviewer enough material to generate a meaningful, production-grade analysis, the kind of output that would actually be useful on a real team.

The test file

The code below is adapted from OWASP’s publicly documented insecure application examples. It’s a short Flask app, but it contains five distinct issues spanning injection, authentication, and information disclosure. Exactly the kind of problems a first-pass reviewer should catch before a human ever opens the PR.

Save this as vulnerable_api.py:

1# Source: adapted from OWASP WebGoat Python examples (public domain)
2from flask import Flask, request, render_template_string
3import sqlite3
4import subprocess
5import hashlib
6import os
7
8app = Flask(__name__)
9SECRET_KEY = "hardcoded_secret_abc123"
10DB_PATH = "users.db"
11
12@app.route('/login', methods=['POST'])
13def login():
14username = request.form['username']
15password = request.form['password']
16conn = sqlite3.connect(DB_PATH)
17cursor = conn.cursor()
18query = f"SELECT * FROM users WHERE username='{username}' AND password='{password}'"
19cursor.execute(query)
20user = cursor.fetchone()
21if user:
22return render_template_string(f"<h1>Welcome {username}</h1>")
23return "Login failed"
24@app.route('/ping', methods=['GET'])
25def ping():
26host = request.args.get('host')
27result = subprocess.check_output(f"ping -c 1 {host}", shell=True)
28return result
29
30@app.route('/hash', methods=['GET'])
31def get_hash():
32pwd = request.args.get('pwd')
33return hashlib.md5(pwd.encode()).hexdigest()
34
35@app.route('/debug', methods=['GET'])
36def debug():
37return str(os.environ)

Five issues are present in this file: a SQL injection vulnerability in the login route, a server-side template injection risk due to rendering unsanitised user input, a command injection vulnerability in the ping route, the use of MD5 for password-related hashing, and an exposed debug endpoint that leaks environment variables. The agent should surface all of them.

Upload the file

Open the Civo Dashboard and navigate to Object Stores → code-review-store → code-submissions.
Click Upload File, select vulnerable_api.py, and click Upload.

Watch the processing ogs

Switch to a terminal and watch the watcher logs. Within 10 seconds of the upload, the watcher should detect the file and forward it to the reviewer pod:

1kubectl logs -f deployment/watcher -n code-reviewer

The review output

Refresh the Object Store bucket in the Civo Dashboard. Both files should now appear side by side: the original source file and the generated review.

Download vulnerable_api.py.review.json and open it. The full output from the agent should look similar to this:

1{
2  "filename": "vulnerable_api.py",
3  "language": "Python",
4  "complexity": "medium",
5  "issues": [
6    {
7      "severity": "high",
8      "line": "line 17",
9      "description": "SQL injection: user input is concatenated directly into
10                       the query string. Use parameterized queries instead."
11    },
12    {
13      "severity": "high",
14      "line": "line 21",
15      "description": "Server-side template injection: unsanitised username is
16                       rendered via render_template_string. An attacker can
17                       inject Jinja2 expressions and execute arbitrary code."
18    },
19    {
20      "severity": "high",
21      "line": "line 26",
22      "description": "Command injection: user-supplied host is passed to
23                       subprocess with shell=True. Use a list argument instead."
24    },
25    {
26      "severity": "medium",
27      "line": "line 31",
28      "description": "MD5 is cryptographically broken. Replace with
29                       hashlib.sha256 for any security-sensitive hashing."
30    },
31    {
32      "severity": "high",
33      "line": "line 35",
34      "description": "Debug endpoint exposes os.environ, leaking secrets,
35                       API keys and infrastructure details. Remove before deploy."
36    }
37  ],
38  "suggestions": [
39    "Replace string-formatted SQL with parameterized queries: cursor.execute(query, (username, password)).",
40    "Use render_template with a proper template file instead of render_template_string.",
41    "Rewrite the ping route to accept only validated input and call subprocess with a list, not a string.",
42    "Replace hashlib.md5 with hashlib.sha256 or hashlib.sha3_256.",
43    "Remove the /debug route entirely, or restrict it to authenticated internal users only.",
44    "Move SECRET_KEY to an environment variable loaded via os.getenv()."
45  ],
46  "summary": "This file contains four high-severity vulnerabilities that would
47               allow remote code execution, data exfiltration, and authentication
48               bypass on any exposed deployment. None of these routes should be
49               reachable in production without significant remediation."
50}

Troubleshooting

If the review JSON does not appear after 60 seconds, use the following commands to isolate the problem. The most common causes are incorrect Object Store credentials, a mismatched region in the S3 endpoint URL, or the reviewer pod still completing its startup health checks.

1# Check pod status
2kubectl get pods -n code-reviewer
3 
4# Check the reviewer health endpoint directly
5kubectl port-forward deployment/reviewer 8000:8000 -n code-reviewer
6curl http://localhost:8000/health
7 
8# Check watcher for errors
9kubectl logs deployment/watcher -n code-reviewer | grep -i error
10 
11# Check reviewer logs
12kubectl logs deployment/reviewer -n code-reviewer

Summary

A GPU-backed code review agent does not require enterprise infrastructure, a dedicated DevOps team, or an expensive SaaS subscription. The pattern built here, Object Store as the trigger, a watcher pod as the orchestrator, and an inference pod as the reviewer, is composable, lightweight, and entirely private.

A few observations worth carrying forward:

The polling pattern is a low-friction alternative to webhooks and event queues. It adds a maximum 10-second delay, which is acceptable for internal tooling, and requires no additional infrastructure beyond what is already deployed.
Separating the reviewer and watcher into independent services means each can be updated, debugged, or scaled without touching the other. Replacing the RelaxAI model or changing the prompt template requires only rebuilding the reviewer image.
The same architecture works for adjacent tasks. Swap the review prompt for a test-generation prompt, and the system produces unit test stubs. Swap it for a documentation prompt, and it generates inline comments. The watcher, secrets, and Object Store setup stay identical.
Because the cluster is already GPU-enabled, scaling from small files to large codebases or to batch processing requires no architectural changes — only adjustments to the replica count.

A natural next step for teams that find value in this tool is connecting the JSON output to a Civo Managed Database, building a searchable history of reviews that can surface recurring issues across a codebase over time.

Additional resources

The following links provide deeper context for the tools and concepts used in this tutorial.

• Civo Kubernetes Documentation

• Civo Object Store Guide

• relaxAI API Documentation

• Build an Auto-Summarise Folder Agent on Civo