devin-bugs
v0.6.0
Published
CLI to extract unresolved bugs from Devin AI code reviews
Maintainers
xcatalityReadme
devin-review-cli
CLI to extract unresolved bugs from Devin AI code reviews. Pulls flagged bugs from any PR that Devin has reviewed and outputs them in your terminal or as JSON.
$ devin-bugs owner/repo#46
1 bug in owner/repo#46
BUG lib/apply/assist.ts:124-136 WARNING
Reverting packet to 'ready' after credits charged creates an unrecoverable retry loop
In prepareApplyAssist, when createApplication fails with a non-P2002 error,
the packet is reverted to 'ready' but credits have already been charged...Install
Requires Bun (v1.0+).
git clone https://github.com/xCatalitY/devin-review-cli.git
cd devin-review-cli
bun installUsage
# GitHub PR URL
devin-bugs https://github.com/owner/repo/pull/123
# Shorthand
devin-bugs owner/repo#123
# Devin review URL
devin-bugs https://app.devin.ai/review/owner/repo/pull/123Options
--json Output as JSON (for piping)
--all Include analysis/suggestions, not just bugs
--watch Poll until Devin review completes, show progress
--raw Dump raw API response (debug)
--no-cache Force re-authentication
--login Just authenticate, don't fetch anything
--logout Clear stored credentials
--help, -h Show helpExamples
# Get bugs as JSON for scripting
devin-bugs owner/repo#46 --json | jq '.bugs[].title'
# Include all flags (bugs + analysis suggestions)
devin-bugs owner/repo#46 --all
# Pipe to another tool
devin-bugs owner/repo#46 --json | jq '.bugs[] | select(.severity == "severe")'
# Skip browser, use token directly
DEVIN_TOKEN=eyJ... devin-bugs owner/repo#46Authentication
On first run, the CLI opens your browser to a local page with instructions:
- Log in to app.devin.ai with GitHub
- Paste a one-liner in the browser console (auto-copied from the instruction page)
- The token is sent back to the CLI and cached
Subsequent runs use the cached token automatically. Tokens are stored at ~/.config/devin-bugs/token.json.
For CI or headless environments, set DEVIN_TOKEN as an environment variable.
Exit codes
| Code | Meaning |
|------|---------|
| 0 | Success |
| 1 | Error (API failure, network error, etc.) |
| 10 | Authentication required (non-interactive context) |
How it works
The CLI reverse-engineers Devin's internal PR review API:
- Authenticates via Devin's Auth0-based auth system
- Fetches the review digest from
GET /api/pr-review/digest - Parses review threads for Devin's "lifeguard" bug flags
- Filters to unresolved, non-outdated items
- Outputs formatted results
API endpoints used
| Endpoint | Purpose |
|----------|---------|
| GET pr-review/digest?pr_path=... | Full review data with flags, threads, checks |
| GET pr-review/info?pr_path=... | PR metadata |
| GET pr-review/jobs?pr_path=... | Review job status |
JSON output schema
interface Output {
status: {
status: "completed" | "running" | "no_review" | "failed";
message: string;
stages?: { completed: string[]; total: string[] };
};
bugs: Bug[];
}
interface Bug {
filePath: string; // "lib/apply/assist.ts"
startLine: number; // 124
endLine: number; // 136
side: "LEFT" | "RIGHT";
title: string; // Short description
description: string; // Full explanation
severity: string; // "severe" | "warning" | "info"
recommendation: string; // Suggested fix
type: "lifeguard-bug" | "lifeguard-analysis";
isResolved: boolean;
isOutdated: boolean;
htmlUrl: string | null; // Link to GitHub comment
}Project structure
src/
cli.ts Entry point, arg parsing, orchestration
auth.ts Browser-based auth + token caching
api.ts Devin API client with retry on 401
filter.ts Bug extraction from digest response
format.ts Terminal (ANSI) and JSON formatters
parse-pr.ts PR URL/shorthand parser
types.ts TypeScript interfaces
config.ts Paths and constantsDisclaimer
This tool uses Devin's internal API, which is not officially documented or supported. It may break if Devin changes their API. Use at your own risk.
License
MIT