Skips clean PRs
No summary paragraph just to prove the bot ran.
Calm review gate
Trust the merge, not the speed.
Postil looks for the pull-request bugs reviewers usually have to reconstruct by hand: moved auth checks, unsafe deletes, race windows, bad migrations. Clean change? No filler comment.
What changes
Fewer comments. Better reasons.
Reads the thread
Existing review comments and change requests stay in view.
Names the risk
A finding should point at the changed line and the thing that can break.
Runs in CI
Use the hosted app when it opens, or run the reviewer from your workflow today.
Status line
Compact signal, no counters.
Pass
status:
Warning
status:
Blocking
status:
Context
status:
Examples
Different risks, same restraint.
src/billing/plan.ts:84
Plan mutation moved before authorization.
The write now happens before the permission check, so an unauthorized caller can change a plan and still receive an authorization error. Put the authorization gate before the mutation.
status:
Patch shape
- await billing.updatePlan(org.id, plan)- if (!canManageBilling(actor, org)) throw new Error('denied')+ if (!canManageBilling(actor, org)) throw new Error('denied')+ await billing.updatePlan(org.id, plan)Hosted
Managed beta stays free while installs open.
The public app link lands on a wait page until review is done. No surprise billing while that door is closed.
Join betaCI
Run it from your workflow.
Add the CLI to GitHub Actions and keep model choice in repo config.
Benchmarks
Numbers after the harness.
Isolated PR fixtures first: real bugs, no upstream answers, human review before claims.
Trust the merge, not the speed.
Join the hosted beta queue, or run the Postil CLI in your own CI.