Issues

Issues are at the heart of how Korbit provides feedback inside of your pull requests. You can think of issues as comments that any human would leave on a PR, though Korbit will typically look to find potential problems for you rather than providing a wider array of feedback that you might typically be accustomed to from human reviewers.

Interacting with Issues

Chatting with Korbit

On any given comment that Korbit raises on your PR, you can have a discussion with Korbit by tagging @korbit-ai.

korbit convo screenshot

Training Korbit through your feedback

By resolving or ignoring issues that Korbit posts along with giving a thumbs up or down ( Github only ), Korbit will use this feedback to improve your teams reviews. Learn more about Korbit's adaptive reviews here.

Issue Categories

Korbit will surface issues matching the following categories based off your selected review mode.

CategoryDescription
FunctionalityIssues related to feature functionality, edge case handling, user interaction outcomes, and proper integration of functions, classes, and algorithms.
SecurityIssues intended to protect your software against unauthorized access, data breaches, and other forms of exploitation.
PerformanceIssues related to how efficiently (with respect to memory and processor time) your code responds to user actions, utilizes resources, and processes data.
Database OperationsSuggestions related to accessing, changing, or adding to information in your database(s).
Asynchronous ProcessingSuggestions to avoid potential race conditions, encourage performance optimization for asynchronous processes, etc.
Error HandlingSuggestions for detecting, responding to, and resolving exceptions or errors that occur while an application is running, plus how those errors are explained to users.
NamingClarity and consistency of the names of variables, functions, classes, and files your team uses in your code.
LoggingSuggestions to encourage writing clear, meaningful log messages, and ensuring that logs contain relevant information without exposing sensitive data.
Design PatternsAny issues or best practices related to the consistency and clarity of the choice and application of creational, structural, and behavioral design patterns in your code.
Systems and EnvironmentIssues related to the setup and configuration of your environments.
DocumentationClarity and breadth of inline comments, API documentation, README files, etc., in your code.
Readability and MaintainabilityRelated to the structure of your code and suggestions on how to break it up or simplify it to facilitate re-use, clarity, and easier maintenance.
Third-party LibrariesIssues related to the use of third-party libraries, the way they are imported, and kept up to date in your code.

issue screenshot

Major Issue Detection

Korbit will automatically flag issues it deems potentially major. These can include critical problems that should be addressed before merging a pull request to ensure the quality, security, and performance of the code. Below are examples of what we consider major issues:

Functionality

  • Incorrect Code Behavior: The code does not perform as intended (e.g., wrong Boolean check, incorrect parameter).
  • Critical Failures: The code fails under certain edge cases, leading to crashes or incorrect logic.
  • Concurrency Issues: Presence of race conditions or deadlocks in concurrent code.

Error Handling

  • Lack of Logging: Caught exceptions are not logged, making it difficult to diagnose issues.

Performance

  • Inefficient Operations: Unnecessary database calls or inefficient queries that degrade performance.
  • Memory Leaks: Code that causes memory leaks, leading to increased memory usage over time.

Security

  • Authentication and Authorization: Missing or improper checks for authentication and authorization.
  • Sensitive Data Exposure: Improper handling of sensitive data such as passwords or private keys.
  • Critical Vulnerabilities: Presence of critical security vulnerabilities like SQL injection or Cross-Site Scripting (XSS).
  • Insecure Debug/Logging Settings: Debug or logging settings that expose sensitive information and should not be public.

Code Health

  • Inaccurate Documentation: Documentation that is factually incorrect or misleading.
  • Misleading Variable Names: Variable names that do not accurately describe their purpose.
  • Code Duplication: Large blocks of code are duplicated instead of being refactored.
  • Deep Nesting: Code that is nested 4 or more levels deep, making it hard to read and maintain.
  • Global Variables: Use of global variables that can lead to unexpected behavior and are hard to track.

Tests

  • Incorrect Expected Output: Tests that expect incorrect output.
  • Improper Test Focus: Tests that focus on mocks rather than the actual code.
  • Inconsistent Tests: Tests that are not independent and produce inconsistent results.
  • Flaky Tests: Tests that are unreliable and fail intermittently.