Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.gitar.ai/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Gitar automatically reviews your pull requests and merge requests on GitHub and GitLab, providing AI-powered feedback on security, bugs, performance, edge cases, and code quality.

Security Analysis

Vulnerabilities, unsafe patterns, input validation

Bug Detection

Logic errors, null pointer risks, edge cases

Performance

Algorithm complexity, database queries, memory usage

Code Quality

Readability, maintainability, best practices
Reviews appear directly on your PR/MR — inline on the lines that have issues, summarized in the Gitar dashboard comment, and grouped into a single review. No context switching to external tools.

Enabling Code Review

Code review can be enabled or disabled through the Gitar UI in your organization settings:
  1. Navigate to your organization settings in the Gitar dashboard
  2. Locate the Code Review section under Features
  3. Enable the toggle to activate automatic code reviews
Once enabled, Gitar will automatically review all new pull requests and merge requests in your organization’s repositories.

How It Works

Automatic Triggers

Code reviews run automatically when:
  • A new pull request or merge request is created
  • New commits are pushed to an open PR/MR

Review Process

Gitar analyzes your code changes through multiple specialized checks:
  • Security analysis: Vulnerabilities, unsafe patterns, input validation
  • Bug detection: Logic errors, null pointer risks, edge cases
  • Performance analysis: Algorithm complexity, database queries, memory usage
  • Code quality: Readability, maintainability, best practices

Custom Code Review Instructions

Allows the agent to leverage custom rules, checks or gotchas to tailor the review process to specific project requirements. It can be configured by adding a markdown file containing instructions under the .gitar/review directory. Note that multiple files can be used to organize instructions based on different aspects. For example, we created a file named gitar-gotchas.md that documents some gotchas very specific to Gitar’s codebase, like using info! for logging that requires operational visibility or leaving debug! for debugging locally, since our telemetry only renders logs with severity info or higher.

Including Specific Files

You can include content from specific files using the @ syntax with a relative path. Paths are first resolved relative to the source file, with a fallback to the repository root if not found. Example: Given the following directory structure: 
your-repo/
  .gitar/
    review/
      gotchas.md
    documents/
      rust_best_practices.md
  shared/
    common_rules.md
From .gitar/review/gotchas.md, you can include files using either approach: 
# Gotchas for Rust Code

@../documents/rust_best_practices.md

@shared/common_rules.md

# Other project-specific gotchas
...
  • @../documents/rust_best_practices.md — uses ../ to navigate up from review/ to .gitar/, then into documents/
  • @shared/common_rules.md — not found relative to review/, so falls back to repo root resolution
This works recursively—an included file can itself include other files.

Review Output

Gitar publishes review feedback in two places on your PR/MR:
  1. Inline review comments — every unresolved finding is posted on the exact file and line it applies to, so feedback lands where you’re reading the code.
  2. Dashboard comment — Code Review section — a consolidated view on the Gitar dashboard comment showing the overall verdict, severity breakdown, and resolved-finding tracking.
Each finding includes:
  • Category: Security, Bug, Performance, Edge Case, or Code Quality
  • Severity: Critical, Important, or Suggestion
  • Short description: One-line summary of the issue
  • Details: Expanded explanation with a link to the specific file and line

Design Principles

Gitar’s code review is built around a few core principles that shape how feedback is delivered:

One Dashboard Comment, Kept Up to Date

The Gitar dashboard comment is the single source of truth for the overall state of a PR. It consolidates the code review summary, CI analysis, and rule evaluations in one place. When you push new commits, Gitar updates the existing comment rather than posting a new one — so your PR timeline stays clean.

Resolved Findings Tracking

As you address issues and push fixes, Gitar tracks what’s been resolved. The dashboard shows a collapsible section with resolved findings, so you can see your progress at a glance. This helps you stay confident that you’re making headway and prevents Gitar from repeatedly flagging issues you’ve already fixed.

Providing Feedback

Gitar learns from your feedback on review findings:
  • Reply to findings: Comment on a finding thread with responses like “this is intentional” or “already fixed” — Gitar processes the reply and dismisses the finding. On GitLab you can reply without the gitar prefix on inline findings.
  • Reply gitar fix: Every inline finding includes a “Reply gitar fix to apply this suggestion” footer. One reply and Gitar pushes the fix.
  • Resolve / unresolve threads: Resolving a finding thread on GitHub or GitLab dismisses the finding in real time. Unresolving reopens it. On GitLab you can also thumbs-down a finding to dismiss it.
  • Stale findings: When code is deleted or rewritten between review iterations, Gitar automatically resolves findings that pointed at the removed code.
  • Ambiguous replies: If your reply is unclear, Gitar asks a follow-up question instead of guessing.
Your feedback persists across review iterations — Gitar won’t re-report issues you’ve already dismissed.

Merge Blocking

Gitar can block PR merges based on its code review verdict severity. Configure a threshold in your organization settings:
  • Approved — PR can merge freely
  • Approved with Suggestions — Minor suggestions, non-blocking by default
  • Changes Requested — Gitar submits a blocking review
  • Blocked — Critical issues found, merge blocked
When the verdict meets or exceeds the configured threshold, Gitar submits a blocking review on the PR to prevent merging until issues are addressed.