Codra launches self‑hosted AI code review engine on Cloudflare Workers

Codra ships as an open‑source, self‑hosted AI code review engine that runs on Cloudflare Workers and integrates with GitHub pull requests [DevTo][GitHub].

What shipped

The service listens to PR events, diffs changed files, and posts inline comments or check‑run summaries. Jobs, repository settings, and usage metrics are stored in PostgreSQL via Cloudflare Hyperdrive; sessions are cached in KV and work is queued through Cloudflare Queues. A React dashboard displays per‑repo history, model routing, and failure logs. Provider credentials are encrypted with AES‑GCM using the deployment secret, keeping the GitHub App, model keys, and review history under the operator’s control.

Supported back‑ends include any OpenAI‑compatible API, OpenRouter, Anthropic, Google Gemini, and Cloudflare Workers AI. The engine can also route to local models such as Ollama or LM Studio when reachable, letting teams bypass hosted APIs entirely. Deployment targets span Cloudflare Workers (default), Vercel Functions, traditional Node.js/PM2 on VMs, and Docker‑first setups for Hetzner, DigitalOcean, or Coolify. The codebase is released under AGPL‑3.0 to guarantee inspectability of prompts, fallbacks, and failure handling [GitHub].

Why it matters

• Cost and quota control – Teams own the review loop, avoiding weekly usage caps that interrupt deep‑building sessions on services like OpenAI or Anthropic, and can switch providers without losing review history.
• Auditability – All prompts, model selections, and comment generation are logged in a searchable database, enabling compliance reviews that opaque SaaS offerings cannot provide.
• Path to cheaper on‑premise models – When a team runs an Ollama instance locally, Codra can route large diffs to that model, cutting API spend by up to 70 % in early tests while still falling back to cloud providers for edge cases.

Editor's take

The added operational overhead—queues, provider outages, and encryption‑key management—forces teams to act as mini‑infra providers, a requirement many lack resources for. Centralized services already deliver model updates, scaling, and SLA guarantees; the real question is whether the control Codra provides justifies the extra DevOps burden.

Poll

Which AI code review setup do you trust for production?

• Self‑hosted engine like Codra
• Managed service (GitHub Copilot, CodeQL)
• Hybrid with local models (Ollama + cloud)