Postil

Install

One engine. Start with the CLI.

The CLI is the product. It runs locally, in CI, and behind the hosted app — the same pinned binary every time. Install it in one line and review your next diff before you push.

01

CLI

Local reviews before you push. Apache-2.0. Works today.

install — one line
# install script (verifies the published SHA-256 over HTTPS)
$ curl -fsSL https://postil.dev/install.sh | sh

The script detects your OS and architecture, downloads the matching prebuilt binary from the GitHub release, verifies it against the SHA-256 checksum published alongside the release, and installs it to ~/.local/bin (no sudo required). Inspect it first if you prefer: curl -fsSL https://postil.dev/install.sh | less.

Release artifacts are signed with Sigstore keyless signing (cosign) via GitHub OIDC in release CI, alongside SHA-256 checksums. If cosign is installed, the script additionally verifies the keyless signature against the release workflow's certificate identity — there is no long-lived published key to manage. Without cosign it falls back to checksum verification only. Cross-check the published SHA-256 on the releases page if you want a second source.

install — build from source
# Rust toolchain, build from the repository
$ cargo install --git https://github.com/postil-dev/postil-cli --locked

Prebuilt targets: Linux x86_64 and aarch64, macOS arm64 and x86_64.

first run
$ export OPENROUTER_API_KEY=sk-or-...
$ postil doctor

Always run postil doctor before your first review. It checks the resolved config, the git work tree, your API key, a live probe of the model endpoint, and any forge tokens, and tells you exactly what is wrong if anything is:

postil doctor
$ postil doctor
[ok  ] config           loaded from .postil.yaml (model: deepseek/deepseek-v4-pro, gate failOn: error, minConfidence: 0.6)
[ok  ] git              inside a git work tree
[ok  ] api key          POSTIL_API_KEY or OPENROUTER_API_KEY is set (value not shown)
[ok  ] model endpoint   https://openrouter.ai/api/v1 answered for model deepseek/deepseek-v4-pro
[ok  ] forge tokens     GITHUB_TOKEN set, GITLAB_TOKEN unset (only needed for remote review)

postil doctor: ready.

Then review your staged changes with postil review --staged. See the quickstart and the full command reference.

02

GitHub Action

CI reviews with a SHA-pinned CLI.

.github/workflows/review.yml
on:
  pull_request:
    types: [opened, synchronize, reopened, ready_for_review]

jobs:
  postil:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
      checks: write
    steps:
      - uses: actions/checkout@v4
      # the @v1 tag will exist after the first tagged release of the action
      - uses: postil-dev/postil-action@v1
        with:
          cli-ref: 6b9d2db621e12bd558f72ba3e7bd8ecc092cd93a
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}

The action refuses anything but a full 40-character commit SHA for cli-ref — tags move, SHAs do not. The SHA above is current as of June 2026; check the postil-cli repository for the latest blessed SHA.

03

GitLab

Same gate semantics on GitLab.com and self-managed.

The CLI speaks GitLab through --forge gitlab, including self-managed instances via a custom base URL. It posts inline discussion notes on the merge request and reports the gate verdict through its exit code, which a CI job can fail on.

.gitlab-ci.yml
postil:
  image: debian:bookworm-slim
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
  before_script:
    - apt-get update && apt-get install -y curl ca-certificates
    - curl -fsSL https://postil.dev/install.sh | sh
    - export PATH="$HOME/.local/bin:$PATH"
  script:
    - postil review
        --forge gitlab
        --repo $CI_PROJECT_PATH
        --pr $CI_MERGE_REQUEST_IID
  variables:
    GITLAB_TOKEN: $GITLAB_TOKEN   # project access token
    OPENROUTER_API_KEY: $OPENROUTER_API_KEY

For a self-managed instance, set GITLAB_API_URL=https://gitlab.example.com/api/v4. Full walkthrough: GitLab guide.

04

Hosted GitHub App

Zero-config reviews on every PR. Free during beta.

Once published, the App installs in a click: pick repositories, open a pull request, and two check-runs appear; require postil/gate in branch protection when you are ready to make it binding. No keys leave your control: configure your own inference key per organization. The App also answers @postil mentions on PRs and issues — review and answer only, it never opens PRs or pushes commits.

The hosted App is not published yet. The CLI and the GitHub Action work today, and you can run the full review service yourself in the meantime. This page will link to the App once it ships.

Run it yourselfGitHub App: coming soon

Permissions requested: contents (read), pull requests (write), checks (write), metadata (read). Never write access to your code — see the security page.