CodeCanary
AI-powered code review for GitHub pull requests. Catch bugs, security issues, and quality problems before they land in main. Runs in GitHub Actions or locally from the terminal.
────────────────────────────────────────────── Model Input Output Cost ────────────────────────────────────────────── claude-haiku-4-5 842 156 $0.0003 ────────────────────────────────────────────── Duration: 1.8s PR size: +24/-8 lines, 3 files
Built for real workflows
Not another AI gimmick. A review tool that fits into how you already work.
GitHub Actions native
Runs as a composite action on every push. Posts inline comments on exact diff lines. Zero config after setup.
Incremental reviews
Go-driven triage classifies existing threads at zero LLM cost. Only changed code gets re-evaluated.
Conversational
When authors reply to a finding, CodeCanary re-evaluates in context. It understands fixes, dismissals, and rebuttals.
Anti-hallucination
Explicit file allowlists, line validation against the diff, and distance thresholds prevent fabricated findings.
Cost-efficient
Fast triage model for thread re-evaluation, full model for review. Tracks per-invocation usage so you see what you spend.
Multi-provider
Bring your own LLM: Anthropic, OpenAI, OpenRouter, Grok (xAI), or Claude CLI. No vendor lock-in. New providers are easy to add.
Auto-resolution
When code is fixed, threads are auto-resolved. No stale reviews cluttering your PRs.
Local reviews
Review your changes from the terminal before pushing. Same engine, same findings, instant feedback. Works inside llmux worktree sessions.
Agentic review loop
Pairs with Claude Code via the bundled codecanary-fix skill. Reviews, triages, fixes, and pushes — confirming every change with you before it lands.
How it works
Three commands. Automated reviews from there.
Install
One curl command installs the codecanary binary. Supports Linux and macOS, amd64 and arm64.
Setup
The interactive wizard configures your provider, stores your API key in the system keychain, and creates the config file.
Review
Run locally for instant feedback, or merge the GitHub Actions workflow for automated reviews on every push.
Configuration-as-code
Define rules, context, and ignore patterns in .codecanary/config.yml. Checked into your repo.
version: 1 provider: anthropic review_model: claude-sonnet-4-6 triage_model: claude-haiku-4-5-20251001 context: | Go REST API using chi router. Tests use testify. rules: - id: error-handling description: "Errors must be wrapped with context" severity: warning paths: ["**/*.go"] - id: sql-injection description: "Queries must use parameterized statements" severity: critical ignore: - "vendor/**" - "*.lock"
Close the loop with Claude Code
The bundled codecanary-fix skill drives review → triage → fix → push until your PR is clean — with you in the loop on every change.
- In Claude Code, say “handle codecanary” on your PR (or invoke
/codecanary-fixdirectly) — the skill is auto-discovered and matched to your request. - The skill calls
codecanary findings --watch, blocks until the GitHub Actions review check completes, and parses the structured findings. - You see a triage table and confirm which fixes to apply — nothing auto-applies.
- Approved fixes are committed and pushed; the loop watches the next review and repeats until clean. Any finding you defer gets a reply posted on its review thread explaining why.
- Ask for a local pass to skip git plumbing — the skill runs a single review against your dirty working tree and applies approved fixes without committing or pushing.
Bring your own LLM
No vendor lock-in. Pick the provider that works for you.
Start reviewing in 30 seconds
Install, setup, review. That's it.