Mention the bot in any MR or issue comment to start a conversation:
@codeward What does this function do?
@codeward Can you explain the changes in this MR?
The bot maintains conversation context within the same discussion thread.
| Command | Description |
|---|---|
@codeward /review |
Request a code review on the current MR |
@codeward /debug |
Diagnose the latest pipeline failure |
@codeward /security |
Run security triage on the latest scan results |
@codeward /explain |
Explain the current diff or referenced code |
@codeward /summarize |
Summarize the MR changes |
@codeward /help |
Show available commands |
Flows chain multiple agents into automated workflows:
| Command | Description |
|---|---|
@codeward /implement |
Analyze issue, generate code, self-review, open MR |
@codeward /full-review |
Code review + security triage + combined summary |
@codeward /fix-pipeline |
Diagnose pipeline failure and post report |
Flows execute step-by-step via the Redis task queue. Track progress with GET /flows/{flow_id}.
See flows.md for YAML schema and custom flow development.
Some agents run automatically without being mentioned:
| Agent | Trigger | Condition |
|---|---|---|
| Code Reviewer | MR opened or updated | Auto-review enabled, not draft, not WIP |
| Pipeline Debugger | Pipeline failed | Auto-debug enabled |
| Security Triage | Security scan job completes | Auto-triage enabled |
Automatic triggers can be controlled globally in codeward.yml and per-project in .codeward.yml.
When a developer pushes new commits to an MR that was already reviewed:
- Codeward detects the previous review via stored
ReviewState - Only the inter-diff (changes since last review) is sent to the LLM
- Previous bot discussions on modified files are auto-resolved with a note
- New inline comments are posted only on new/changed lines
- The summary note indicates it's an incremental review
If the same SHA was already reviewed, Codeward skips the review entirely.
Place a .codeward.yml file in the root of your GitLab project to customize Codeward behavior per-project:
codeward:
disabled_agents:
- security-triage # Disable specific agents
review_rules:
- "Follow PEP 8 style guidelines"
- "All public functions must have docstrings"
- "No hardcoded secrets or API keys"
skip_paths:
- "*.lock"
- "vendor/**"
- "generated/**"
- "*.min.js"| Option | Type | Description |
|---|---|---|
disabled_agents |
list | Agent names to disable for this project |
enabled_agents |
list | If set, only these agents are allowed |
review_rules |
list | Additional review guidelines for the code reviewer |
skip_paths |
list | Glob patterns for files to exclude from review |