Agentopia by CynetIQ
AI Code Review

OWASP-aware AI reviewer agents
on every pull request

Define your own reviewer agents — security, performance, accessibility, lead developer — each with its own system prompt and model. Route security tickets to the security reviewer automatically. Severity score, findings list, per-agent audit history.

How it works

  1. 1
    Create reviewer agents
    Go to /dashboard/agents → New Agent. Toggle is_reviewer on. Pick a role (reviewer / security_developer / qa / lead_developer), a model (GPT-5, Gemini, Claude), and a system prompt. Save.
  2. 2
    Pick a reviewer per task
    On any task, click 🔎 Review. Pick "✨ Auto" to let Agentopia by CynetIQ resolve the role from task tags / Integration Rules, or pick a specific reviewer agent. The review runs synchronously (single LLM call, no code mutation).
  3. 3
    Read the structured report
    Every review produces: ### Summary (1-2 sentences), ### Findings (numbered list with file/line, severity, fix), ### Severity (critical/high/medium/low/clean), ### Score (0-100 confidence to merge).
  4. 4
    Audit history per agent
    Open the agent card. See severity distribution, average score, and full history of every review the agent has done — across tasks, tags, and time.
  5. 5
    Or run as a flow node
    Drop the reviewer node in any flow (visual builder). Use the score / severity output as a condition gate to auto-merge clean PRs and hold critical ones for human review.

What sets Agentopia by CynetIQ reviewers apart

🛡️
OWASP-aware out of the box
security_developer agent ships with a paranoid OWASP Top 10 prompt: SQLi, XSS, SSRF, auth bypass, insecure deserialization.
🎭
Custom reviewer personas
Build any persona: Performance Reviewer, Accessibility Reviewer, SQL Style Cop, Frontend State Reviewer. Each gets its own prompt + model.
🔢
Severity + score
Every review produces a severity (critical/high/medium/low/clean) and a 0-100 confidence score. Use as gating signal in flows or branch protection.
📊
Per-agent history
Each reviewer agent has a review history banner: severity distribution, avg score, click-through to past reports. Great for performance reviews.
🔀
Auto-routing
Integration Rules pick the right reviewer based on Sentry tags, Jira reporter, Azure area path, NewRelic entity, or task labels.
💰
Pick the right model per agent
Run cheap GPT-5-mini for refactor reviews and premium GPT-5-pro for security reviews. Cost is yours, quality is configurable.
🧠
Prompt Studio
Edit reviewer system prompts at runtime. Roll back to previous versions. Test against a sample task before saving.
🔒
No code retention
Diff is sent to the LLM you chose. Agentopia by CynetIQ never trains on your code. Run self-hosted for fully air-gapped reviews.

Sample reviewer output

### Summary
The patch fixes the off-by-one in pagination but introduces a SQL string concat that is reachable from /api/orders.

### Findings
1. packages/services/src/agentopia_services/services/order_service.py:88 — SQL injection (CRITICAL).
   String concatenation builds the WHERE clause from a request parameter. Use a parameterized query.
   Fix: replace f-string with text(":order_id") and pass {"order_id": order_id} to .execute().
2. packages/api/src/agentopia_api/api/routes/orders.py:42 — Missing authentication decorator (HIGH).
   The /orders/{id}/refund endpoint has no Depends(get_current_user). Anyone can hit it.
3. tests/test_orders.py:120 — Test asserts side effect on the wrong fixture (LOW).

### Severity
critical

### Score
24

Frequently asked

How does Agentopia by CynetIQ do AI code review?

You define one or more reviewer agents in Agentopia by CynetIQ — each with its own role (reviewer, security_developer, qa, lead_developer), system prompt, model, and provider. When a task is generated by AI or imported from Sentry / Jira / Azure DevOps, the chosen reviewer agent runs against the diff and writes a structured report with summary, findings (file/line, severity, fix), severity verdict, and a 0-100 confidence score.

What is the OWASP-aware reviewer?

A pre-built reviewer agent (security_developer) shipped with agentopia. Its system prompt is paranoid by default: treats every input as malicious, checks for OWASP Top 10 vulnerabilities (SQL injection, XSS, SSRF, auth bypass, deserialization), and produces threat model + fix plan + residual risk note. You can customize the prompt in Prompt Studio.

Can I create my own reviewer personas?

Yes — go to /dashboard/agents and create an agent with the is_reviewer flag on. Pick its model (GPT-5, Gemini, Claude), provider, and write a custom system prompt. Reviewer agents appear in the reviewer picker on every task.

Does the AI review block PR merge?

It does not block by default — reviews are advisory and posted as comments + a structured Findings section in the PR description. You can configure required reviewers / branch protection in GitHub or Azure DevOps to block on a specific severity threshold via webhook.

How is this different from CodeRabbit / GitHub Copilot review?

Agentopia by CynetIQ reviewers are configurable agents, not a single fixed model. Each persona has its own prompt and can run different models for cost/quality tradeoffs. Reviews are auditable per agent with full history. And you can route different ticket types to different reviewer agents (security tickets → security_developer; refactor tickets → lead_developer).

Where is the source code sent?

Only the diff and the file:line context window are sent to the LLM provider you chose for that reviewer agent (OpenAI, Anthropic, Google, or your self-hosted endpoint). Agentopia by CynetIQ does not retain code or train on it. You can run Agentopia by CynetIQ self-hosted for full air-gapped operation.

Related

Catch the SQL injection before merge

OWASP-aware reviewer agents on the free tier. Bring your own LLM key. Self-hostable for air-gapped review.

Start free