devin-bugs
v0.7.0
Published
CLI to extract unresolved bugs and flags from Devin AI code reviews
Maintainers
xcatalityReadme
devin-review-cli
CLI to extract unresolved bugs and flags from Devin AI code reviews. Pulls the full set of Lifeguard findings — bugs, flagged analyses, and the orange "Investigate" items — from any PR that Devin has reviewed and outputs them in your terminal or as JSON.
$ devin-bugs owner/repo#46
1 bug, 2 to investigate, 5 flags in owner/repo#46
BUG lib/apply/assist.ts:124-136
Reverting packet to 'ready' after credits charged creates an unrecoverable retry loop
In prepareApplyAssist, when createApplication fails with a non-P2002 error,
the packet is reverted to 'ready' but credits have already been charged...
INVESTIGATE components/pricing.tsx:112
Color token swap deviates from naming convention but improves WCAG contrast
...
FLAG lib/search/query.ts:286-296
Skills filter parameter numbering alignment verified correct
...Install
npm install -g devin-bugsRequires Node.js 18+. No other dependencies.
Development
git clone https://github.com/xCatalitY/devin-review-cli.git
cd devin-review-cli
bun installUsage
# GitHub PR URL
devin-bugs https://github.com/owner/repo/pull/123
# Shorthand
devin-bugs owner/repo#123
# Devin review URL
devin-bugs https://app.devin.ai/review/owner/repo/pull/123Options
--json Output as JSON (for piping)
--bugs-only Only surface bugs (hide flags / analyses)
--flags-only Only surface flags / analyses (hide bugs)
--include-resolved Include bugs Devin self-resolved in a later commit
--watch Poll until Devin review completes, show progress
--raw Dump raw job-result API response (debug)
--no-cache Force re-authentication
--login Just authenticate, don't fetch anything
--logout Clear stored credentials
--help, -h Show helpDefault output is unresolved bugs + all flags — matches what you see in Devin's web UI on a live review.
Examples
# Get findings as JSON for scripting
devin-bugs owner/repo#46 --json | jq '.bugs[].title'
# Only the items Devin marked as needing investigation
devin-bugs owner/repo#46 --json | jq '.analyses[] | select(.needsInvestigation)'
# Filter to severe bugs only
devin-bugs owner/repo#46 --json | jq '.bugs[] | select(.severity == "severe")'
# Skip browser, use token directly
DEVIN_TOKEN=eyJ... devin-bugs owner/repo#46Authentication
On first run, the CLI opens your browser to a local page with instructions:
- Log in to app.devin.ai with GitHub
- Paste a one-liner in the browser console (auto-copied from the instruction page)
- The token is sent back to the CLI and cached
Subsequent runs use the cached token automatically. Tokens are stored at ~/.config/devin-bugs/token.json.
For CI or headless environments, set DEVIN_TOKEN as an environment variable.
Exit codes
| Code | Meaning |
|------|---------|
| 0 | Success |
| 1 | Error (API failure, network error, etc.) |
| 10 | Authentication required (non-interactive context) |
How it works
The CLI reverse-engineers Devin's internal PR review API:
- Authenticates via Devin's Auth0-based auth system
- Fetches
GET /api/pr-review/jobsto find the latest completed review job + version - Fetches
GET /api/pr-review/job-result/{jobId}/{versionId}for the full Lifeguard output - Splits
lifeguard_result.bugs[](the red "Bug" badges) fromlifeguard_result.analyses[](the blue "Flag" / orange "Investigate" badges) - Filters out bugs Devin self-resolved (unless
--include-resolved) and outputs the rest
API endpoints used
| Endpoint | Purpose |
|----------|---------|
| GET pr-review/jobs?pr_path=... | Review job + version index |
| GET pr-review/job-result/{jobId}/{versionId}?pr_path=... | Full Lifeguard output: bugs + analyses |
JSON output schema
interface Output {
status: {
status: "completed" | "running" | "no_review" | "failed";
message: string;
stages?: { completed: string[]; total: string[] };
};
bugs: Finding[]; // Lifeguard bugs (red "Bug" badge in the UI)
analyses: Finding[]; // Lifeguard analyses (blue "Flag" / orange "Investigate")
}
interface Finding {
id: string;
filePath: string;
startLine: number | null;
endLine: number | null;
side: "LEFT" | "RIGHT";
title: string;
description: string;
/** Bugs: "severe" | "non-severe". Analyses: "investigate" | "info". */
severity: string;
recommendation: string; // Suggested fix (bugs only)
needsInvestigation: boolean; // true iff analysis has the orange "Investigate" badge
type: "lifeguard-bug" | "lifeguard-analysis";
isResolved: boolean; // true iff Devin self-resolved this bug in a later commit
htmlUrl: string | null;
}Project structure
src/
cli.ts Entry point, arg parsing, orchestration
auth.ts Browser-based auth + token caching
api.ts Devin API client with retry on 401
watch.ts --watch poll loop with stage progress
filter.ts Bug extraction from digest response
format.ts Terminal (ANSI) and JSON formatters
parse-pr.ts PR URL/shorthand parser
types.ts TypeScript interfaces
config.ts Paths and constantsAgent setup
To set up devin-bugs as a tool for Claude Code (or similar AI coding agents):
1. Install the CLI globally:
npm install -g devin-bugs2. Install the Claude Code skill:
mkdir -p ~/.claude/skills/devin-bugs
curl -fsSL https://raw.githubusercontent.com/xCatalitY/devin-review-cli/main/.claude/skills/devin-bugs/SKILL.md \
-o ~/.claude/skills/devin-bugs/SKILL.mdAfter installation, the /devin-bugs slash command is available in Claude Code. The skill teaches the agent to:
- Set
DEVIN_BUGS_NONINTERACTIVE=1on every invocation (prevents browser hang) - Handle exit code 10 (auth required) by prompting the user to run
! devin-bugs --login - Parse the
{ status, bugs, analyses }JSON envelope - Interpret review status (running, completed, no_review, failed)
- Cross-reference findings with local code files
Disclaimer
This tool uses Devin's internal API, which is not officially documented or supported. It may break if Devin changes their API. Use at your own risk.
License
MIT