This guide walks contributors through setting up BugViper on their local machine.
- Python 3.13+
- Node.js 20+
- Docker
- uv — fast Python package manager
- Neo4j (local or Aura)
- ngrok — for local webhook testing
- A code editor (VS Code recommended)
git clone https://github.com/MabudAlam/BugViper.git
cd BugViperuv synccd apps/frontend
npm install
cd ../..cp .env.example .envOpen .env and set each variable:
NEO4J_URI=bolt://localhost:7687
NEO4J_USERNAME=neo4j
NEO4J_PASSWORD=your_neo4j_password
NEO4J_DATABASE=neo4jFor local Neo4j: Install via Neo4j Desktop or Docker:
docker run -d \
--name neo4j \
-p 7474:7474 -p 7687:7687 \
-e NEO4J_AUTH=neo4j/your_password \
neo4j:5For Neo4j Aura (cloud): Use the connection string from your Aura dashboard.
- Go to Firebase Console
- Select your project → Project Settings → Service Accounts
- Click Generate new private key → save as
service-account.json - Set the path in
.env:
SERVICE_FILE_LOC=/path/to/your/service-account.json- Sign up at openrouter.ai
- Get your API key from the dashboard
- Set in
.env:
OPENROUTER_API_KEY=sk-or-v1-xxxxxxxxxxxxxxxxxxxxxxxxxxxx
REVIEW_MODEL=anthropic/claude-sonnet-4-5
SYNTHESIS_MODEL=openai/gpt-4o-miniYou need a GitHub App to:
- Receive webhook events (PR comments, issue triggers)
- Clone repositories
- Post review comments
Step 1: Create a GitHub App
- Go to your GitHub organization settings → Developer settings → GitHub Apps
- Click New GitHub App
- Fill in:
- GitHub App name:
bugviper-dev(must be unique) - Homepage URL:
http://localhost:3000 - Webhook URL:
https://your-ngrok-url.ngrok.io(add this later after ngrok setup) - Webhook secret: Generate a random string, e.g.,
openssl rand -hex 20 - Permissions (set under Permissions & events):
- Repository permissions:
- Contents: Read
- Issues: Read & Write
- Pull requests: Read & Write
- Metadata: Read
- Commit comments: Read & Write
- GitHub Actions: Read
- Repository permissions:
- GitHub App name:
- Click Create GitHub App
- Generate and download the private key (
.pemfile)
Step 2: Install the App
- In your GitHub App settings, click Install App
- Install it on your GitHub account or organization
- Grant access to repositories you want to test with
Step 3: Get the App ID
- In your GitHub App settings, find App ID (shown at the top)
- Set in
.env:
GITHUB_APP_ID=123456
GITHUB_PRIVATE_KEY_PATH=/path/to/your-app.private-key.pem
GITHUB_WEBHOOK_SECRET=your_webhook_secret_here- Go to Firebase Console
- Select your project → Authentication → Sign-in method
- Click GitHub
- Fill in:
- Client ID: From your GitHub OAuth App (see below)
- Client Secret: From your GitHub OAuth App
- Click Save
Creating a GitHub OAuth App:
- Go to your GitHub account → Settings → Developer settings → OAuth Apps
- Click New OAuth App
- Fill in:
- Application name:
BugViper Dev - Homepage URL:
http://localhost:3000 - Authorization callback URL:
https://localhost:3000/api/auth/callback/github
- Application name:
- Click Register application
- Copy the Client ID and generate a Client Secret
Required for: Receiving GitHub webhooks on your local machine
-
Sign up at ngrok.com (free tier works)
-
Download and install ngrok
-
Authenticate:
ngrok config add-authtoken YOUR_TOKEN -
Start ngrok for port 3000:
ngrok http 3000 --domain=your-reserved-domain.ngrok-free.app
(Reserve a domain in ngrok dashboard for stable webhooks)
-
Copy the HTTPS URL (e.g.,
https://abc123.ngrok.io) -
Update your GitHub App webhook URL with this ngrok URL
-
Set in
.env(optional):
NGROK_DOMAIN=your-reserved-domain.ngrok-free.appFor production-like async ingestion and review queue:
CLOUD_TASKS_QUEUE=ingestion-queue
CLOUD_TASKS_REVIEW_QUEUE=codeReview
INGESTION_SERVICE_URL=http://localhost:8080
REVIEW_SERVICE_URL=http://localhost:8100
GCP_PROJECT_ID=your-gcp-project-id
GCP_LOCATION=us-central1
CLOUD_TASKS_SA_EMAIL=your-sa@your-project.iam.gserviceaccount.comLeave unset for local dev (services call each other directly via HTTP).
python -c "from dotenv import load_dotenv; load_dotenv(); import os; print('NEO4J_URI:', os.getenv('NEO4J_URI'))"docker compose builddocker compose upVisit:
- Frontend: http://localhost:3000
- API: http://localhost:8000
- API docs: http://localhost:8000/docs
- Ingestion: http://localhost:8080
- Review: http://localhost:8100
- Lint: http://localhost:8090
The SERVICE_FILE_LOC points to a Firebase service account JSON file. This enables:
- User management (Firestore)
- PR review storage
- Repository metadata storage
Never commit this file — it's already in .gitignore.
Ensure SERVICE_FILE_LOC points to a valid service account JSON.
Make sure Neo4j is running:
docker ps | grep neo4j- Check ngrok is running:
curl https://your-ngrok-url.ngrok.io/health - Verify GitHub App webhook URL matches ngrok URL
- Check GitHub App has correct permissions
uv syncBugViper/
├── apps/frontend/ # Next.js frontend
├── src/
│ ├── api/ # FastAPI backend
│ ├── common/ # Shared utilities
│ ├── db/ # Neo4j client
│ ├── code_review_agent/ # LangGraph review agent
│ ├── ingestion_service/ # Repository ingestion
│ └── lint_service/ # Multi-language linting
├── infra/
│ ├── docker/ # Dockerfiles
│ └── cloudbuild/ # Cloud Build configs
├── docker-compose.yml
├── cloudbuild.yaml
├── .env.example
└── SETUP.md
| Service | Port | URL |
|---|---|---|
| Frontend | 3000 | http://localhost:3000 |
| API | 8000 | http://localhost:8000 |
| Ingestion | 8080 | http://localhost:8080 |
| Review | 8100 | http://localhost:8100 |
| Lint | 8090 | http://localhost:8090 |
| Neo4j Browser | 7474 | http://localhost:7474 |
| Environment Variable | Description |
|---|---|
OPENROUTER_API_KEY |
LLM API key |
GITHUB_APP_ID |
GitHub App ID |
GITHUB_PRIVATE_KEY_PATH |
Path to .pem file |
GITHUB_WEBHOOK_SECRET |
Webhook verification secret |
SERVICE_FILE_LOC |
Firebase service account JSON |
NEO4J_* |
Neo4j connection settings |
LINT_SERVICE_URL |
URL of lint service |
INGESTION_SERVICE_URL |
URL of ingestion service |
REVIEW_SERVICE_URL |
URL of review service |