Issues

Issues are at the heart of how Korbit provides feedback inside of your pull requests. You can think of issues as comments that any human would leave on a PR, though Korbit will typically look to find potential problems for you rather than providing a wider array of feedback that you might typically be accustomed to from human reviewers.

Issue types

On any given issue you will see a category to give you context on the type of issues that are found. For issues that Korbit identifies as a potential major issue, you will see a red Major badge beside the category. If you want to change the types of issues you see in your PRs, you can make adjustments in the settings page and find documentation on how to do that here

issue screenshot

Interacting with Issues

On any given comment that Korbit raises on your PR, you can have a discussion with Korbit by tagging @korbit-ai.

korbit convo screenshot

Major Issue Detection

Korbit will automatically flag issues it deems potentially major. These can include critical problems that should be addressed before merging a pull request to ensure the quality, security, and performance of the code. Below are examples of what we consider major issues:

Functionality

  • Incorrect Code Behavior: The code does not perform as intended (e.g., wrong Boolean check, incorrect parameter).
  • Critical Failures: The code fails under certain edge cases, leading to crashes or incorrect logic.
  • Concurrency Issues: Presence of race conditions or deadlocks in concurrent code.

Error Handling

  • Lack of Logging: Caught exceptions are not logged, making it difficult to diagnose issues.

Performance

  • Inefficient Operations: Unnecessary database calls or inefficient queries that degrade performance.
  • Memory Leaks: Code that causes memory leaks, leading to increased memory usage over time.

Security

  • Authentication and Authorization: Missing or improper checks for authentication and authorization.
  • Sensitive Data Exposure: Improper handling of sensitive data such as passwords or private keys.
  • Critical Vulnerabilities: Presence of critical security vulnerabilities like SQL injection or Cross-Site Scripting (XSS).
  • Insecure Debug/Logging Settings: Debug or logging settings that expose sensitive information and should not be public.

Code Health

  • Inaccurate Documentation: Documentation that is factually incorrect or misleading.
  • Misleading Variable Names: Variable names that do not accurately describe their purpose.
  • Code Duplication: Large blocks of code are duplicated instead of being refactored.
  • Deep Nesting: Code that is nested 4 or more levels deep, making it hard to read and maintain.
  • Global Variables: Use of global variables that can lead to unexpected behavior and are hard to track.

Tests

  • Incorrect Expected Output: Tests that expect incorrect output.
  • Improper Test Focus: Tests that focus on mocks rather than the actual code.
  • Inconsistent Tests: Tests that are not independent and produce inconsistent results.
  • Flaky Tests: Tests that are unreliable and fail intermittently.