GitHub
GitHub is the default forge and the only one the hosted app at postil.dev talks to today. It is also a first-class CLI target: run it yourself in Actions, another CI, or locally with no dependency on the hosted platform.
Hosted app
Install the GitHub App and reviews start on the next PR: inline comments, both check-runs (postil/review, postil/gate), and the @postil interactive bot on issues and pull requests. No CI job to write.
Run it yourself
Use postil-action in GitHub Actions, or call the binary directly:
export GITHUB_TOKEN=... # repo scope, or a fine-grained token with
# pull requests: write, checks: write
export MODEL_API_KEY=...
export POSTIL_API_KEY="$MODEL_API_KEY"
postil review --repo owner/name --pr 123 # posts inline comments + both check-runsA gate-failing review exits 1; a clean review exits 0 and posts nothing. See exit codes for what CI should do with each. Mark postil/gate required in branch protection; see the gate.
GitHub Enterprise Server
Point the CLI at your instance with GITHUB_API_URL:
export GITHUB_TOKEN=...
export GITHUB_API_URL=https://ghes.example.com/api/v3
postil review --repo owner/name --pr 123Token, scopes, and gate semantics are identical to github.com. The hosted app does not reach GHES; run the CLI in your own CI.
The @postil bot
Mention @postil in a pull-request or issue comment, reply to one of its review comments, or open an issue that mentions it. The hosted bot replies automatically. On a pull request, an exact command such as @postil review the current head or @postil re-review runs the structured reviewer, with inline findings and the compact review summary. Other mentions are treated as questions and receive a bounded thread reply. Issue comments cannot start a pull-request review. The CLI equivalent for a question is:
postil respond --repo owner/name --pr 123 --comment "@postil is this safe?"
postil respond --repo owner/name --issue 45 --comment "@postil what's the likely cause?"
# Automation should pass the text via env instead (argv is visible in `ps`):
POSTIL_COMMENT="@postil is this safe?" postil respond --repo owner/name --pr 123GitHub covers both issues and pull requests for respond: its issues API handles both, so --pr and --issue both work. Postil reviews and answers only; it never opens PRs or pushes commits.
SARIF
--sarif <path> writes SARIF 2.1.0 for GitHub code scanning ingestion alongside the review:
postil review --repo owner/name --pr 123 --sarif postil.sarifOther forges
See the forges overview for GitLab, Bitbucket, and Azure DevOps, and the CLI reference for every flag and environment variable.