IIC Reviews - Serverless AI Code Review & Repository Analytics
Built as an internal tool to evaluate git repos in a coding competition. A centralized backend creates a shared IP bottleneck for GitHub API rate limits. Moving all processing to the client eliminates this by distributing API calls across each user's own IP and token. A client-side key vault with automatic 429 rotation handles heavy repo parsing without any interruptions and without any server.
Handling chunked LLM streams via `generateContentStream` while managing recursive GitHub API calls requires careful state management and solid error boundaries. The BYOK static SPA pattern is ideal for internal developer tools where you can't risk sending proprietary code to an external server.
Built a purely client-side React 19 SPA that audits GitHub repositories and streams AI-generated code reviews. Moved all processing to the browser and implemented an in-browser key vault with automatic API key rotation to handle aggressive rate limits without any backend.
§1. The Domain & The Problem
Automated code reviews typically need heavy CI/CD integrations, webhooks, or dedicated backend servers to process Git trees and manage LLM API calls.
A centralized backend creates a shared IP bottleneck. Multiple users hitting the GitHub API from the same server IP get throttled immediately. Unauthenticated limits cap at 60 requests/hour, with search limits as low as 30.
§2. The Mental Model & Trade-offs
The entire processing pipeline was moved to the client. The user's browser fetches repository metadata directly from GitHub, builds the file context tree, and calls the Gemini LLM. No database, no centralized backend, zero server costs.
Rate-Limit Problem: Moving to the client solves the shared IP problem, but large repositories require hundreds of sequential API calls to fetch file trees, commits, and PRs, which exhausts individual tokens and Gemini limits quickly.
Client-Side Key Vault: A custom useKeyManager hook and HTTP client wrapper stores multiple API keys in the browser's localStorage. When the client hits a 429, the system automatically rotates to the next key and retries without disrupting the user.
§3. The Architecture
Client-Side Git Parser: A custom GitHub API client (api/github/client.ts) that traverses branches, fetches commits, and builds a visual file tree entirely in-browser.
Streaming AI Engine: Uses the Google GenAI SDK's generateContentStream method to yield chunks as they are generated, keeping the UI responsive while processing large repository contexts.
State Management: Custom hooks (useReview, useRepository) handle the async state of fetching code, piping it to Gemini, and mapping the resulting scores (Security, Reliability) to dynamic UI gauges.