Description:FIELD OF INVENTION
The present invention relates to the system software engineering, and more specifically relates to the system and method for hybrid review and risk assessment of software commit request using generative and deterministic engines with compatibility and policy graphs.

BACKGROUND
Traditional commit review system in which developers submit their code changes (commits) before for review by other team members before merging them into the main codebase, ensuring quality and collaboration. However, it still encounters certain challenges, such as manual processes prone to errors, feedback fatigue, contextual errors, or nuanced logic issues and scaling difficulties as potential leading to slower review and reduce quality. As software development becomes more complex, involving multiple interdependent libraries and evolving architectural standards, there is an increasing need for intelligent review systems. The rise of generative large language models (LLMs) has open up new possibilities for semantic and context-aware code analysis. However, LLMs alone lack the enforcement precision and traceability required by enterprise systems. A robust hybrid solution is necessary to combine the strengths of both approaches.
The present system and method address all issues and reviewing commit requests in software development pipelines. The system and method introduce two key knowledge sources, that enhance the precision of risk assessment and contextual analysis. The system aggregates multiple perspectives on a code commit, classifies risk, and provides actionable insights.

PRIOR ART
US9201646B2 describes system focus on improving code review efficiency. Both automate code review, detect coding issues, and provide feedback. They integrate systematic review mechanisms to improve software quality. Our invention uses AI-driven hybrid models (LLMs + rule engines) for deep semantic analysis, detecting logic errors, compatibility issues, and policy violations. Automatic Code Review and Reviewer Recommendation assigns reviewers based on past involvement and detects basic coding issues using predefined rules. Whereas our invention is more advanced, integrating policy enforcement and risk assessment beyond reviewer recommendations.
US10949338B1 describes that both inventions focus on analysing source code using AI/ML techniques but differ in purpose. Our invention identifies and reviews code changes while the latter detects software bugs. Both use machine learning models trained on historical data, but our invention focuses on recommending improvements based on prior reviews, whereas Automated Software Bug Discovery and Assessment generates unique inputs, logs execution paths, and detects anomalies. While our invention enhances code quality through peer-review automation, Automated software bug discovery and assessment proactively finds hidden software issues, improving security and reliability. Both improve software development efficiency but serve different roles.
Thus, there is a need to introduce a system that combines generative AI models with deterministic rule engines to assess software commit requests, combines human-like reasoning (LLMs) with precision rules and detects nuanced bugs and design flaws missed by conventional tools.

DEFINITIONS:
The expression “system” used hereinafter in this specification refers to an ecosystem comprising, but is not limited to a system with a user, input and output devices, processing unit, plurality of mobile devices, a mobile device-based application to identify dependencies and relationships between diverse businesses, a visualization platform, and output; and is extended to computing systems like mobile, laptops, computers, PCs, etc.
The expression “input unit” used hereinafter in this specification refers to, but is not limited to, mobile, laptops, computers, PCs, keyboards, mouse, pen drives or drives.
The expression “output unit” used hereinafter in this specification refers to, but is not limited to, an onboard output device, a user interface (UI), a display kit, a local display, a screen, a dashboard, or a visualization platform enabling the user to visualize, observe or analyse any data or scores provided by the system.
The expression “processing unit” refers to, but is not limited to, a processor of at least one computing device that optimizes the system.
The expression “large language model (LLM)” used hereinafter in this specification refers to a type of machine learning model designed for natural language processing tasks such as language generation. LLMs are language models with many parameters, and are trained with self-supervised learning on a vast amount of text.
The expression “API” used hereinafter in this specification stands for Application Programming Interface. It is a set of protocols, routines, and tools for building software and applications. An API specifies how software components should interact and allows different software systems to communicate with each other.
The expression “software commit requests” used hereinafter in this specification refer to requests made by a developer to commit (or submit) code changes to a shared codebase, often within a version control system. In version control systems, a commit is: a snapshot of code changes, accompanied by a message describing the changes and recorded in the project’s history.
The expression “Compatibility Graph” used hereinafter in this specification refers to a graph-based data structure used to represent the compatibility relationships between different components, versions, systems, or entities. It's often applied in software engineering, operations research, scheduling, and other domains to visualize and resolve conflicts or compatibility constraints.
The expression “Policy Graph” used hereinafter in this specification refers to a graph-based representation of policies—rules or constraints—used to control behaviour in systems such as networking, access control, security, AI planning, and more. It helps visualize, analyze, and enforce how decisions should be made under various conditions.
The expression “generative AI models” used hereinafter in this specification refer to a type of artificial intelligence designed to create new content that mimics human-like creativity. This content can be in the form of text, images, audio, video, code, or even 3D models. These models learn patterns from existing data and use that knowledge to generate novel outputs.

OBJECTS OF THE INVENTION:
The primary object of the present invention is to provide a system and method for hybrid review and risk assessment of software commit request.
Another object of the present invention is to provide a system and method for reviewing commit requests in software development pipelines.
Yet another object of the invention is to provide a system and method that integrates both generative language models and deterministic rule-based engines.
Yet another object of the invention is to provide a system and method with compatibility graphs and policy enforcement to detect bugs, design violation, policy breaches, and licensing conflicts in code changes.
Yet another object of the invention is to provide a system and method that aggregates multiple perspectives on code commits, classifies risks, and provides actionable insights.

SUMMARY
Before the present invention is described, it is to be understood that the present invention is not limited to specific methodologies and materials described, as these may vary as per the person skilled in the art. It is also to be understood that the terminology used in the description is for the purpose of describing the particular embodiments only and is not intended to limit the scope of the present invention.

The present invention describes a system and method for hybrid review and risk assessment of software commit request. The system combines generative AI models with deterministic rule engines to assess software commit requests. The system comprises of an input unit, a processing unit and output unit, wherein the processing unit further comprises of input acquisition and preprocessing module, LLM review engine module, deterministic validation module, compatibility graph module, policy licensing checker module, risk & bug classification engine module and human review and feedback interface module.

According to an aspect of the present invention, the system comprises of a user interface integrated into version control platforms to visualize AI-generated feedback, risk scores, and policy violations. The method for hybrid review and risk assessment of software commit request comprises the steps of preprocessing input data, analysing code via a generative model, validating rules via deterministic engines, querying a compatibility graph, and generating a risk classification.

According to an aspect of the present invention, the system introduces two key knowledge sources, a Compatibility Graph and a Policy Graph, that enhance the precision of risk assessment and contextual analysis. The Compatibility Graph stores relationships between software libraries, their versions, known issues, and compatible APIs. The Policy Graph codifies organizational coding standards and rule hierarchies. The system aggregates multiple perspectives on a code commit, classifies risk, and provides actionable insights.

BRIEF DESCRIPTION OF DRAWINGS
A complete understanding of the present invention may be made by reference to the following detailed description which is to be taken in conjugation with the accompanying drawing. The accompanying drawing, which is incorporated into and constitutes a part of the specification, illustrates one or more embodiments of the present invention and, together with the detailed description, it serves to explain the principles and implementations of the invention.

FIG.1 illustrates a flowchart that depicts the method of the present invention.

DETAILED DESCRIPTION OF INVENTION:
Before the present invention is described, it is to be understood that this invention is not limited to methodologies described, as these may vary as per the person skilled in the art. It is also to be understood that the terminology used in the description is for the purpose of describing the particular embodiments only and is not intended to limit the scope of the present invention. Throughout this specification, the word “comprise”, or variations such as “comprises” or “comprising”, will be understood to imply the inclusion of a stated element, integer or step, or group of elements, integers or steps, but not the exclusion of any other element, integer or step, or group of elements, integers or steps. The use of the expression “at least” or “at least one” suggests the use of one or more elements or ingredients or quantities, as the use may be in the embodiment of the invention to achieve one or more of the desired objects or results. Various embodiments of the present invention are described below. It is, however, noted that the present invention is not limited to these embodiments, but rather the intention is that modifications that are apparent are also included.
The present invention describes a system and method to provide a system and method for hybrid review and risk assessment of software commit request. The system combines generative AI models with deterministic rule engines to assess software commit requests. The system comprises of an input unit, a processing unit and output unit, wherein the processing unit further comprises of Input Acquisition and Preprocessing Module, LLM Review Engine module, Deterministic Validation Module, Compatibility Graph (CG) module, Policy Licensing Checker module, Risk & Bug Classification Engine module and Human Review and Feedback Interface module. The system also comprises of a user interface integrated into version control platforms to visualize AI-generated feedback, risk scores, and policy violations. The function of the modules are described hereunder:
1. Input Acquisition and Preprocessing Module: This module captures commit differences, metadata (user ID, commit message, files modified), and the full codebase snapshot if necessary. It also preprocesses the data in which the module normalises the syntax (syntax defines the structure of valid code for a programming language) for LLM input, tokenizes the code, and creates semantic chunks (semantic chunking refers to grouping words or phrases that have a coherent meaning in a sentence) if the difference is large.
• Example: A commit updates user_service.py with a new method getUserByEmail(), modifies routes.py, and adds a new third-party dependency jwtlib. Preprocessing extracts all changes and flags new dependency for graph lookup.
2. LLM Review Engine module uses a fine-tuned generative LLM to:
• Detect logic bugs (e.g., incorrect loop boundaries)
• Identify bad design patterns (e.g., god object, excessive coupling)
• Highlight architectural violations (e.g., API logic leaking into controller)
The module also assists for custom prompt templates to feed context, code, and expected outputs into the LLM.
Example Prompt:
• Analyze the following code diff. Highlight potential bugs, design flaws, or logic errors. Suggest specific fixes.
• Code Diff:
• --- user_service.py +++ user_service.py
• + def getUserByEmail(email):
• + user = db.query("SELECT * FROM users") # bug: no WHERE clause + return user
The output of this module suggests adding WHERE clause for email and flags possible security risk.
3. Deterministic Validation Module: This module executes standard static code analysis tools that are used to enforce coding standards, detect errors, and improve code quality in different programming languages (e.g., ESLint, Pylint, PMD, SonarQube, Bandit) to:
• Check for security issues (e.g., hardcoded secrets, open endpoints)
• Enforce naming conventions and file structure
• Detect architectural violations via static rule DSLs
• Example: routes.py defines business logic inside a route handler → rule engine flags this as a controller-service separation violation.
4. Compatibility Graph (CG) module: The compatibility graph is a knowledge graph where: Nodes represent libraries, functions, APIs, versions and Edges represent compatible/incompatible relations, CVEs, patches. The module queries new/updated dependencies to identify compatibility risks. Compatibility Graph models interdependencies and compatibility constraints between software libraries, APIs, and versions. The compatibility graph is dynamically updated based on public CVE disclosures (Public CVE disclosures refer to the process of informing the public about specific security vulnerabilities, often accompanied by patches or fixes) and internal regression test data to ensure that new code changes do not negatively impact the existing functionality of the system.
Example:
• Commit introduces jwtlib v2.1.0.
• CG reveals jwtlib v2.1.0 is incompatible with authlib v3.4 (in use) → blocks merge or flags with warning.
[authlib v3.4] [incompatible_with] [jwtlib v2.1.0]
[CVE-2023-12345]

5. Policy and Licensing Checker module: Policy Graph encodes organizational coding standards and architectural constraints. Licensing Checker module checks imported third-party code against an open-source licensing database using both deterministic scanning and semantic similarity via language models. This module verifies the commit against:
• Organization-specific rules (e.g., test coverage, file placement)
• Licensing policies via SPDX DB and internal whitelist
• Uses LLM-based vector search to detect pasted GPL code snippets
Example:
• Developer adds base64-encoded utility code copied from a GPL-licensed repo.
• LLM detects semantic match with gpl_util.py from public GitHub → license violation flagged.
6. Risk & Bug Classification Engine module: Risk & Bug Classification Engine generates a comprehensive risk profile for each commit, including actionable insights and remediation recommendations. This module aggregates all findings, assigns severity scores (Severity scores are numerical or categorical rankings used to measure the impact or seriousness of issues, vulnerabilities, or code quality defects in software development and security analysis). This score is based on logic bug score, security risk level, licensing risk, design pattern risk and compatibility confidence. The module generates a structured summary with suggested actions.
• Example Risk Summary:
High Risk:
- SQL injection possibility in getUserByEmail() [LLM]
- GPL license violation from utils.py [License Checker]
Medium Risk:
- Controller handling service logic [Rule Engine]
Low Risk:
- Method name does not follow camelCase [Static Analysis]
-
7. Human Review and Feedback Interface module: This module is integrated into repository hosting services that allow developers to store, manage, collaborate, and deploy code efficiently. They are used for version control, collaboration, CI/CD automation, and project management in software development. (E.g. GitHub/GitLab/Bitbucket). This module displays:
• Commit-level risk summary
• Inline comments from LLM and rule engines
• Compatibility and licensing flags
• Accept/reject interface
• Example Screenshot:
Commit Review Dashboard
Commit: #abc123 Author: dev@ncorp.com
Files Changed: user_service.py, routes.py
Risk Summary:
• SQL Bug (LLM): Missing WHERE clause in SELECT query
• Licence Issue: utils.py matches GPL repo
• Design Smell: Business logic in controller
• Style Issue: camelCase violation in function name
[Approve] [Reject] [Request Changes]
According to the embodiment of the present invention, the system can optionally contain Feedback Learning Loop module that tracks human decisions (approve/reject LLM outputs) and retrains LLM/fine-tunes prompt weightage to improve future accuracy. It can also optionally accommodate CI/CD Integration that automatically runs pipeline on PR submission and blocks the merge if risk exceeds threshold.
According to an embodiment of the present invention, the method for hybrid review and risk assessment of software commit request, as illustrated in FIG. 1, comprises the steps of:
• preprocessing input data,
• analysing code via a generative model,
• validating rules via deterministic engines,
• querying a compatibility graph, and
• generating a risk classification.

Advantages of the present system and method for hybrid review and risk assessment of software commit request using generative and deterministic engines with compatibility and policy graphs include:
• Combines human-like reasoning (LLMs) with precision (rules).
• Detects nuanced bugs and design flaws missed by conventional tools.
• Introduces a Compatibility Graph as a structured, query able knowledge source.
• Enforces compliance through a configurable Policy Graph.
• Performs semantic license validation even on obfuscated/copied code.
• Offers real-time risk summaries with actionable suggestions.
• Continuously improves using human-in-the-loop feedback.

Therefore, the present invention provides a comprehensive, intelligent framework for commit review, enabling high-quality, policy-compliant, and secure code submissions through a unique blend of AI-driven insights, graph intelligence, and deterministic precision. It is ideally suited for use in enterprise environments, CI/CD pipelines, and regulated software systems.
While considerable emphasis has been placed herein on the specific elements of the preferred embodiment, it will be appreciated that many alterations can be made and that many modifications can be made in preferred embodiment without departing from the principles of the invention. These and other changes in the preferred embodiments of the invention will be apparent to those skilled in the art from the disclosure herein, whereby it is to be distinctly understood that the foregoing descriptive matter is to be interpreted merely as illustrative of the invention and not as a limitation.
, Claims:We claim,

1. A system and method for hybrid review and risk assessment of software commit request
characterised in that
the system combines generative AI models with deterministic rule engines to assess software commit requests;
the system comprises of an input unit, a processing unit and output unit, wherein the processing unit further comprises of input acquisition and preprocessing module, LLM review engine module, deterministic validation module, compatibility graph module, policy licensing checker module, risk & bug classification engine module and human review and feedback interface module;
the system comprises of a user interface integrated into version control platforms to visualize AI-generated feedback, risk scores, and policy violations;
the method for hybrid review and risk assessment of software commit request comprises the steps of preprocessing input data, analysing code via a generative model, validating rules via deterministic engines, querying a compatibility graph, and generating a risk classification.
2. The system and method as claimed in claim 1, wherein input acquisition and preprocessing module captures commit differences, metadata like user ID, commit message, files modified and the full codebase snapshot if necessary and also preprocesses the data in which the module normalises the syntax for LLM input, tokenizes the code, and creates semantic chunks if the difference is large.

3. The system and method as claimed in claim 1, wherein LLM review engine module uses a fine-tuned generative LLM to detect logic bugs such as incorrect loop boundaries; identify bad design patterns such as god object, excessive coupling and highlight architectural violations such as API logic leaking into controller.

4. The system and method as claimed in claim 1, wherein deterministic validation module executes standard static code analysis tools to check for security issues such as hardcoded secrets, open endpoints; enforce naming conventions and file structure and detect architectural violations via static rule DSLs.

5. The system and method as claimed in claim 1, wherein compatibility graph is a knowledge graph where nodes represent libraries, functions, APIs, versions and edges represent compatible/incompatible relations, CVEs, patches and this module models interdependencies and compatibility constraints between software libraries, APIs, and versions and is dynamically updated based on public CVE disclosures and internal regression test data.

6. The system and method as claimed in claim 1, wherein policy graph encodes organizational coding standards and architectural constraints and the licensing checker module checks imported third-party code against an open-source licensing database using both deterministic scanning and semantic similarity via language models and verifies the commit against organization-specific rules such as test coverage, file placement and licensing policies via SPDX DB and internal whitelist and uses LLM-based vector search to detect pasted GPL code snippets.

7. The system and method as claimed in claim 1, wherein risk & bug classification engine module generates a comprehensive risk profile for each commit, including actionable insights and remediation recommendations and it aggregates all findings, assigns severity scores and generates a structured summary with suggested actions

8. The system and method as claimed in claim 1, wherein severity score is based on logic bug score, security risk level, licensing risk, design pattern risk and compatibility confidence.

9. The system and method as claimed in claim 1, wherein human review and feedback interface module is integrated into repository hosting services and displays commit-level risk summary, inline comments from LLM and rule engines, compatibility and licensing flags and accept/reject interface.

10. The system and method as claimed in claim 1, wherein the system contains feedback learning loop module that tracks human decisions and retrains LLM/fine-tunes prompt weightage to improve future accuracy and can also accommodate CI/CD Integration that automatically runs pipeline on PR submission and blocks the merge if risk exceeds threshold.