1
Triggered
A PR update or @postil mention starts a run on the current head SHA.
How it works
A review run you can audit.
One event in, one diff reviewed, one check run out. If there is nothing worth saying, the PR does not get a bot recap.
postil/reviewBlocking
src/billing/plan.ts:84
Billing update now runs before authorization.
The write moved ahead of `canManageBilling`, so a caller can change a plan before the permission failure is raised. Move the authorization check before the billing mutation.
- await billing.updatePlan(org.id, plan)+ if (!canManageBilling(actor, org)) throw new Error("authorization failed")+ await billing.updatePlan(org.id, plan)status:
2
Loaded
Postil reads the diff, config, and open review threads.
3
Checked
The reviewer returns structured findings, not a prose blob.
4
Filtered
Ignored paths, severity thresholds, and max findings apply before posting.
5
Posted
Real findings become inline comments. Clean reviews can stay quiet.
6
Recorded
The check run records the result for branch protection.
What the reviewer notices
The examples rotate, but each one is the kind of issue a reviewer would actually block on.
postil/reviewBlocking
src/billing/plan.ts:84
Billing update now runs before authorization.
The write moved ahead of `canManageBilling`, so a caller can change a plan before the permission failure is raised. Move the authorization check before the billing mutation.
- await billing.updatePlan(org.id, plan)+ if (!canManageBilling(actor, org)) throw new Error("authorization failed")+ await billing.updatePlan(org.id, plan)status:
Ask again
Comment @postil in a PR, review, or inline thread for another pass.
Keeps context
Open review threads and change requests go into the prompt.
Can stay quiet
No finding means no synthetic recap.
Line-backed
Each finding points to the changed file and line it depends on.
Status examples
Pass
status:
Warning
status:
Blocking
status:
Context
status:
Trust the merge, not the speed.
Join the hosted beta queue, or run the Postil CLI in your own CI.