The product

Every PR, reviewed before the tab loads

Commitloom plugs into GitHub or GitLab via a single OAuth install and operates at webhook speed. The moment a PR opens, it fetches the diff, reads the surrounding context, and posts inline comments — before your reviewer has opened the tab.

Start free How it works
<60s
First comments after PR opens
2 min
Average setup time
0
Secrets or repo content stored
3
Platforms: GitHub, GitLab, Slack
Inline comments

Pinned to the exact line where the problem lives

Every finding is attached to the specific diff line that triggered it — not dumped in a top-level comment. The annotation includes severity, the line reference, and enough context to understand why it matters without switching files.

  • Warning / Issue / Suggestion severity tiers
  • Context-aware: reads surrounding functions and imports
  • Suppression via commitloom-ignore inline comment
auth/token.ts — +18 lines
12export async function validateToken(tok: string) {
13+ const decoded = jwt.verify(tok, process.env.JWT_SECRET)
14+ return { user: decoded.sub, exp: decoded.exp }
15}
Warning token.ts:14

JWT_SECRET is accessed via process.env without a null guard. If the env var is missing, jwt.verify will sign with undefined — tokens from any key will validate.

Commitloom PR review dashboard showing AI-generated pull request summary and review analytics on a laptop screen
PR summaries

From 800-line diff to a 5-sentence brief

The generated summary lands directly in the PR description on open. It identifies what changed, flags the riskiest lines by file and line number, and suggests where to start reviewing. Your EM reads it in standup. Your reviewer skips the orientation work and goes straight to judgment calls.

  • Auto-populates PR description on open
  • Editable before merge — it's yours to refine
  • Jira ticket link detection and embedding
Custom rules

Teach Commitloom what your team cares about

Drop a commitloom.yaml in your repo root to extend the default ruleset. Define regex patterns for team-specific anti-patterns, promote warnings to errors for your risk tolerance, and ignore paths like vendor/ or generated files. Commitloom is not a linter — custom rules teach it what your codebase considers dangerous, not just what violates style.

commitloom.yaml 
# Commitloom configuration
version: 1

review:
  severity_threshold: warning
  max_comments_per_pr: 12
  summary: true

rules:
  - id: no-raw-sql
    pattern: "db.Exec\\(fmt.Sprintf"
    severity: error
    message: "Use parameterized queries"

ignore:
  paths:
    - "**/*_test.go"
    - "vendor/**"
Commitloom
APP · Today at 2:31 PM
PR review complete — 2 issues found
auth/token.ts:14 — JWT_SECRET null guard missing
payment/retry.go:3 — panic recovery missing
feat: add retry logic to payment handler · PR #247 · @alex
Slack notifications

Your team's review queue, surfaced in Slack

When Commitloom finds issues above your severity threshold, it posts a threaded Slack message to your engineering channel or directly to the PR author. Each message deep-links to the annotated diff line. Quiet hours are configurable so the bot doesn't ping at 11pm. No separate dashboard to check.

  • Channel or DM routing, configurable per repo
  • Only pings on issues above threshold — no noise
  • Deep link directly to the annotated diff line
~3 min
average setup time
<60s
first inline comments after PR open
0
secrets or repository content stored

Connect a repo. Open a PR. See what you were missing.

Free plan. No credit card. First review in under two minutes.

Start free Read the docs