Postil is a quiet AI code review gate for pull requests. It publishes findings that can change a merge decision, stays silent on clean changes, and reports gate status separately from advisory review comments.
This repository contains the hosted service at postil.dev: the Next.js dashboard, webhook receiver, review worker, billing controls, and deployment configuration. The review engine lives in the postil CLI, so the same review path runs locally, in CI, and through the hosted GitHub App.
- Install the GitHub App for hosted reviews.
- Use the CLI with GitHub, GitLab, Bitbucket, or Azure DevOps.
- Configure review policy in the repository.
- Read the security model before self-hosting or granting repository access.
| Path | Purpose |
|---|---|
src/app |
Public site, authentication, dashboard, and API routes |
src/worker |
Durable review and notification jobs |
src/lib |
GitHub, billing, policy, and persistence boundaries |
drizzle |
PostgreSQL schema migrations |
scripts |
Release, billing, verification, and operations commands |
tests |
Unit, integration, database, and dashboard coverage |
Postil uses Bun, Next.js, and PostgreSQL. Copy .env.example to .env, point DATABASE_URL at a reachable PostgreSQL database, and provide the credentials required for the path you are exercising. Then run:
bun install
bun run db:migrate
bun run devRun focused tests with bun test <path>. A production build is bun run build.
Operational and self-hosting requirements are documented at postil.dev/docs/self-hosted.
postil-cli: review engine and local CLIpostil-action: GitHub Action wrapperpostil-sandbox: small review fixture
Security reports belong in GitHub private vulnerability reporting, not in a public issue.