Open-source · Apache-2.0

A reviewer that reads
every pull request,
skips the nits.

Postil spins up on every new PR, reads the diff in context, and leaves inline comments only on the things that actually matter. Correctness. Security. The obvious bug. No drive-by style gripes.

Install on GitHub See a review

Free while in beta · Hosted at postil.dev · source

postil-dev/postil-sandbox · PR #42reviewed

  src/auth/session.ts                              +8 −3

-  const user = await db.query.users.findFirst({
-    where: eq(users.email, email),
-  });
+  const user = await db.query.users.findFirst({
+    where: eq(users.email, email.toLowerCase()),
+  });

Postil · correctness

Emails were indexed case-insensitively but compared case-sensitively.

What a review looks like

Inline, on the lines that matter.

Postil doesn't dump a wall-of-text summary on your PR. It leaves targeted comments at the exact line, grouped by severity, with a short reason and a suggested patch where it has one.

Threads resolve themselves as soon as the next push addresses them.
Reviews are idempotent, deduped on webhook delivery id, and debounced on rapid force-pushes.
Every finding links back to the diff hunk it was produced from.

src/server/handler.tsmain ← feat/retry

- return await fetch(url).then(r => r.json());+ const r = await fetch(url);+ if (!r.ok) throw new ResponseError(r.status);+ return await r.json();

● Postil · security

The previous code silently returned a parsed 500-response. The replacement surfaces the HTTP failure before parsing. Also consider a retry budget for idempotent GETs.

Signal over noise

What Postil actually catches.

correctness

Off-by-one, silent catches, case mismatches.

Postil reads the diff in context of the surrounding code and flags the obvious bug before a human has to.

security

Missing auth checks, PII in logs, raw SQL.

Security patterns get opinionated treatment with direct suggestions and the reason a reviewer might object.

scope

Scope creep and accidental API changes.

When a PR widens beyond its stated purpose or touches a public interface, Postil points it out so you can split or annotate.

config

Your config, your rules.

Postil honours .coderabbit.yaml, .kodo.yaml, and its own .postil.yaml. Team conventions override defaults.

noise

No drive-by style gripes.

Linting, formatting, and import ordering belong in your CI — not in the reviewer. Postil stays out of their way.

budget

Predictable cost.

One review per opened or ready-for-review PR, one per synchronize batch, capped tokens. No surprise bills.

Flow

Three steps from install to first review.

01
Install
Add the Postil GitHub App to a repo or org. Takes a minute.
02
Open a PR
Postil receives the webhook, reads the diff and the surrounding context, and works in a sandboxed worker.
03
Review lands
Inline comments on the hunks that matter. Threads resolve as you address them.

Privacy

Your code is read once, then forgotten.

Postil reviews code. It doesn't collect it, store it, or train on it.

Your code stays yours

Diffs are sent to the model provider only for the duration of a single review. No training, no retention on Postil servers, no resale.

Short-lived credentials

Reviews run with a per-installation GitHub token that expires in an hour. Sandboxes use fresh creds per run and are torn down after.

EU-resident by default

Database and analytics run in eu-central-1. You can pick the model region on OpenRouter to keep inference on-continent.

Bring your own key

Point Postil at your own OpenRouter, Anthropic, or OpenAI key and the diff never leaves your vendor relationship.

Pricing

Pick the one that fits.

Hobby

Free

While in beta.

Unlimited public repos
Up to 3 private repos
Managed at postil.dev
Community support

Install on GitHub

most teams

Team

$19

per contributor / month

Unlimited private repos
Org-wide install
Priority review queue
Email support within one business day