TutorialGetting StartedGitHub Actions
Merlin AI Code Review

Ship Better Code in 5 Minutes with Merlin AI Code Review

January 29, 2025·6 min read·Merlin AI Code Review Team

Getting started with Merlin AI Code Review is intentionally frictionless. No servers to provision, no accounts to create, no per-seat pricing to negotiate. Add one workflow file, set one secret, and your next pull request gets AI-powered inline review. Here's exactly how.

What you need

A GitHub or GitLab repository and an API key for one AI provider (Anthropic, OpenAI, Gemini, or any other supported provider). That's it.

Step 1 — Add the GitHub Actions workflow

Create the file below in your repository. Merlin AI Code Review will trigger automatically on every pull request — opened or updated.

.github/workflows/merlin-review.yml
yaml
on:
  pull_request:
    types: [opened, synchronize]
jobs:
  merlin-review:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - run: |
          curl -L https://github.com/Arunachalamkalimuthu/merlin-ai-code-review/releases/latest/download/merlin-linux-amd64 -o merlin
          chmod +x merlin && ./merlin review
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}

Step 2 — Set your API key secret

Navigate to your repository → Settings → Secrets and variables → Actions and add your AI provider key:

Secret nameValue
ANTHROPIC_API_KEYYour Claude API key (starts with sk-ant-...)

The GITHUB_TOKEN is provided automatically by GitHub Actions — no setup required.

Step 3 — Open a pull request

Push a branch and open a PR. Merlin AI Code Review triggers automatically and posts inline comments within seconds. You'll see comments like:

Step 4 — Use slash commands

Once the review runs, you can trigger additional analysis by commenting on the PR:

text
@merlin /review          # full re-review
@merlin /security        # dedicated security scan
@merlin /describe        # generate PR title and description
@merlin /ask Is this change thread-safe?
@merlin /test            # generate unit tests for changed code
@merlin /docs readme     # update README based on changes

Optional: Add merlin.toml for custom configuration

Drop a merlin.toml in your repo root to customize the AI provider, focus areas, and review depth. Without it, Merlin AI Code Review uses sensible defaults.

merlin.toml
toml
[ai]
provider    = "anthropic"
model       = "claude-sonnet-4-6"
max_tokens  = 4096
temperature = 0.2
[review]
focus        = ["bugs", "security", "style", "performance"]
max_comments = 30
reflect      = true   # second-pass refinement for higher quality

Optional: Enable RAG for codebase-aware reviews

Merlin AI Code Review's RAG pipeline indexes your codebase so the AI understands your project's specific conventions, not just generic best practices. Enable it with two extra lines:

merlin.toml
toml
[rag]
enabled     = true
store       = "local"          # zero infrastructure required
embed_model = "nomic-embed-text"
shell
$ ollama pull nomic-embed-text
$ merlin rag index .

What happens next

From this point, every PR in your repository receives instant AI review. Merlin AI Code Review posts inline comments with severity ratings, suggests specific code changes, and surfaces issues before your human reviewers even open the PR.

As a next step, explore the configuration reference to tune Merlin AI Code Review to your team's coding standards, or read about the autonomous agent for Slack and Discord integration.

Full quickstart docs →← Back to Blog

Related articles

GitHub ActionsCI/CD

Complete Guide to AI Code Review in GitHub Actions

February 20, 202510 min read
CommandsTutorial

Deep Dive: Merlin AI Code Review's 19 Slash Commands and When to Use Each

March 14, 202510 min read