$ gitclaw review --pr 482

An AI reviewer that reads your diffs — not your code.

GitClaw is an open-source, self-hosted alternative to CodeRabbit. It runs on your own infrastructure, reviews pull requests on GitHub, GitLab, and Bitbucket, and leaves inline comments on the lines that actually matter — security, performance, maintainability. No code ever leaves your servers.

MIT licensed · see all releases
pull_request #482 · payments-service
14+ await db.query(`SELECT * FROM users WHERE id = ${userId}`)
securityUnescaped userId goes straight into the query string — this is injectable. Use a parameterized query instead.
31+ items.forEach(i => results.push(transform(i)))
performanceThis rebuilds results on every render. items.map(transform) avoids the mutation and reads cleaner too.
58+ @gitclaw why flag this as high severity?
This table holds payment metadata — an injection here reaches billing data, not just user profiles. That's why it's high, not medium.

WHY TEAMS RUN THEIR OWN

Eight things it actually does

Not a feature wishlist — this is what ships in the current release.

01

Reviews on every push

Webhooks fire on open and update. GitClaw diffs only what changed, so a follow-up commit doesn't re-review the whole PR.

02

Security & code quality

Flags injection risks, unsafe patterns, and style violations before they reach main — not after.

03

Performance insights

Catches hot-path inefficiency, redundant work, and regressions that quietly slow a service down over time.

04

Maintainability feedback

Calls out complexity and duplication while it's still cheap to fix — not eighteen months later.

05

Talk back to the review

Reply to @gitclaw directly in a PR comment. It answers follow-up questions in context, no new tab required.

06

Per-repo configuration

Drop a .gitclaw.yaml in any repo to set ignore paths, review tone, and custom instructions.

07

Dashboard & analytics

Track findings across every repo and team in one place. See what gets caught, and what keeps recurring.

08

Bring your own model

Pluggable AI backend — OpenRouter, Anthropic (Claude), Groq, or any OpenAI-compatible endpoint, including a local Ollama instance.


YOUR SERVERS, YOUR CODE

Self-hosted means self-hosted

GitClaw doesn't send your source to a third-party API to get reviewed. It runs wherever you already run things, talks to the model provider you choose, and keeps every diff inside infrastructure you control. The dashboard is yours; the data never leaves.


GET STARTED

Point it at a repo. See what it finds.

Five-minute setup, MIT licensed, no usage limits because there's no meter to hit.