Postil

GitHub

GitHub is the default forge and the only one the hosted app at postil.dev talks to today. It is also a first-class CLI target: run it yourself in Actions, another CI, or locally with no dependency on the hosted platform.

Hosted app

Install the GitHub App and reviews start on the next PR: inline comments, both check-runs (postil/review, postil/gate), and the @postil interactive bot on issues and pull requests. No CI job to write.

Run it yourself

Use postil-action in GitHub Actions, or call the binary directly:

export GITHUB_TOKEN=...            # repo scope, or a fine-grained token with
                                    # pull requests: write, checks: write
export MODEL_API_KEY=...
export POSTIL_API_KEY="$MODEL_API_KEY"

postil review --repo owner/name --pr 123   # posts inline comments + both check-runs

A gate-failing review exits 1; a clean review exits 0 and posts nothing. See exit codes for what CI should do with each. Mark postil/gate required in branch protection; see the gate.

GitHub Enterprise Server

Point the CLI at your instance with GITHUB_API_URL:

export GITHUB_TOKEN=...
export GITHUB_API_URL=https://ghes.example.com/api/v3
postil review --repo owner/name --pr 123

Token, scopes, and gate semantics are identical to github.com. The hosted app does not reach GHES; run the CLI in your own CI.

The @postil bot

Mention @postil in a pull-request or issue comment, reply to one of its review comments, or open an issue that mentions it. The hosted bot replies automatically. On a pull request, an exact command such as @postil review the current head or @postil re-review runs the structured reviewer, with inline findings and the compact review summary. Other mentions are treated as questions and receive a bounded thread reply. Issue comments cannot start a pull-request review. The CLI equivalent for a question is:

postil respond --repo owner/name --pr 123 --comment "@postil is this safe?"
postil respond --repo owner/name --issue 45 --comment "@postil what's the likely cause?"
# Automation should pass the text via env instead (argv is visible in `ps`):
POSTIL_COMMENT="@postil is this safe?" postil respond --repo owner/name --pr 123

GitHub covers both issues and pull requests for respond: its issues API handles both, so --pr and --issue both work. Postil reviews and answers only; it never opens PRs or pushes commits.

SARIF

--sarif <path> writes SARIF 2.1.0 for GitHub code scanning ingestion alongside the review:

postil review --repo owner/name --pr 123 --sarif postil.sarif

Other forges

See the forges overview for GitLab, Bitbucket, and Azure DevOps, and the CLI reference for every flag and environment variable.