GitClaw is an open-source, self-hosted alternative to CodeRabbit. It runs on your own infrastructure, reviews pull requests on GitHub, GitLab, and Bitbucket, and leaves inline comments on the lines that actually matter — security, performance, maintainability. No code ever leaves your servers.
userId goes straight into the query string — this is injectable. Use a parameterized query instead.results on every render. items.map(transform) avoids the mutation and reads cleaner too.Not a feature wishlist — this is what ships in the current release.
Webhooks fire on open and update. GitClaw diffs only what changed, so a follow-up commit doesn't re-review the whole PR.
Flags injection risks, unsafe patterns, and style violations before they reach main — not after.
Catches hot-path inefficiency, redundant work, and regressions that quietly slow a service down over time.
Calls out complexity and duplication while it's still cheap to fix — not eighteen months later.
Reply to @gitclaw directly in a PR comment. It answers follow-up questions in context, no new tab required.
Drop a .gitclaw.yaml in any repo to set ignore paths, review tone, and custom instructions.
Track findings across every repo and team in one place. See what gets caught, and what keeps recurring.
Pluggable AI backend — OpenRouter, Anthropic (Claude), Groq, or any OpenAI-compatible endpoint, including a local Ollama instance.
GitClaw doesn't send your source to a third-party API to get reviewed. It runs wherever you already run things, talks to the model provider you choose, and keeps every diff inside infrastructure you control. The dashboard is yours; the data never leaves.
Five-minute setup, MIT licensed, no usage limits because there's no meter to hit.