grippy-code-review¶

AI-powered PR review agent with security rule engine.

Runs with any OpenAI-compatible model as an MCP server or GitHub Actions workflow. Indexes your codebase for context-aware analysis, runs a deterministic security rule engine before the LLM, scores PRs against a structured rubric, and posts inline findings --- all as a grumpy security auditor who is reluctantly thorough.

Get Started Configuration

Pages¶

• Getting Started --- Setup for MCP server, OpenAI, local LLMs, and development
• Configuration --- Environment variables, transports, and model options
• Architecture --- Modules, prompt composition, data flow
• Knowledge Graph --- Cross-PR memory, blast radius, and codebase graph
• Review Modes --- The 6 review modes and how they work
• Scoring Rubric --- How Grippy scores PRs
• Security Model --- Rule engine, codebase tool protections, and CI hardening
• Self-Hosted LLM Guide --- Run your own model with Cloudflare Tunnel
• Contributing --- Development setup, testing, and conventions

Quick links¶

• GitHub repository
• PyPI package (pip install grippy-mcp)
• MIT License
• Issue tracker