Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.gitar.ai/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Gitar is an AI code review and CI fixing agent that works directly in your PR/MR interface. It reads your code changes, analyzes CI failures, reviews for bugs and security issues, and pushes fixes — all without leaving the pull request. This page explains the internals: what data Gitar accesses, how it processes changes, and what guarantees it provides around privacy and safety.

What Context Gitar Sees

When Gitar processes a PR/MR, it pulls context in two ways: a baseline that is always loaded, and on-demand lookups the agent performs when it needs more information.

Baseline context

  • The diff (changed lines)
  • Full contents of files touched by the diff
  • CI logs (when CI fails)
  • Repository rules (.gitar/rules/*.md)
  • Custom review instructions (.gitar/review/*.md)
  • AI instruction files (AGENTS.md, CLAUDE.md, .cursorrules, .cursor/rules/*)
  • PR/MR title, description, and comment history
  • Linked issue context from Jira or Linear (when integrated)

On-demand, when the agent needs it

  • Reads related files in the repo to understand callers, types, or config the diff depends on
  • Greps or globs across the repo to find usages and patterns
  • Runs read-only shell commands to inspect project structure
  • Spawns a dedicated explorer sub-agent for deeper investigation on complex changes
  • Pulls learned codebase knowledge from previous scans (conventions, architectural patterns)
Gitar does not read:
  • Other branches
  • Deployment configurations or infrastructure state
  • Secrets or environment variables
  • Files outside the repository being reviewed

Code Review Process

Gitar reviews code changes through multiple specialized lenses:
  • Security: Vulnerabilities, unsafe patterns, input validation issues
  • Bugs: Logic errors, null pointer risks, unhandled edge cases
  • Performance: Algorithm complexity, database query patterns, memory usage
  • Code quality: Readability, maintainability, adherence to best practices
Findings are posted as inline review comments on the exact lines they apply to. A consolidated summary appears in the Gitar dashboard comment on the PR/MR, showing the overall verdict and findings breakdown. When new commits are pushed, Gitar updates the existing dashboard comment rather than creating new ones, and resolves inline threads for findings that have been addressed. Custom review instructions placed in .gitar/review/*.md let you tailor what Gitar looks for in your specific codebase. See Repository Configuration for details.

CI Failure Fixing

When CI fails on a PR/MR, Gitar:
  1. Reads the full CI log output across all jobs and steps
  2. Identifies the failing step and extracts relevant error messages
  3. Determines the root cause by cross-referencing errors with the code diff
  4. Pushes a fix commit to the branch
Gitar handles a wide range of failure types:
Failure TypeExamples
Build errorsCompilation failures, missing imports, type errors
Test failuresBroken assertions, missing setup, incorrect expected values
Linting errorsCode style violations, formatting issues, static analysis warnings
Flaky testsRace conditions, timing issues, non-deterministic behavior
If the first fix does not resolve the failure, Gitar automatically re-analyzes the new CI output and attempts another fix, building on context from previous iterations.

Data Flow and Privacy

Gitar supports two deployment models with different data flow characteristics:
Cloud DeploymentEnterprise CI Deployment
Where code is processedEphemeral, Gitar-managed containersYour own CI infrastructure
Data retentionZero — containers destroyed after processingCode never leaves your environment
AI provider agreementsZero data retention with all providers (Google, Anthropic)Configurable — bring your own LLM key
Code storageNo source code stored beyond ephemeral processingComplete control over data lifecycle
For full details on infrastructure security, encryption, compliance, and certifications, see Security.

What Gitar Does NOT Do

  • Does not store your code — processing is ephemeral with zero retention
  • Does not train on your code — zero data retention agreements with all AI providers
  • Does not force-push — all changes are new commits
  • Does not merge PRs/MRs by default — merging only happens when you explicitly enable Auto-Merge, which relies on your code host’s native merge and your branch protection rules
  • Does not access repositories it isn’t connected to — the agent is scoped to the repository being reviewed
  • Does not access secrets or environment variables — processing environments are isolated from credentials