Skip to main content

Overview

Gitar is an AI code review and CI fixing agent that works directly in your PR/MR interface. It reads your code changes, analyzes CI failures, reviews for bugs and security issues, and pushes fixes — all without leaving the pull request. This page explains the internals: what data Gitar accesses, how it processes changes, and what guarantees it provides around privacy and safety.

What Context Gitar Sees

When Gitar processes a PR/MR, it reads the following context:

Always Read

  • The diff (changed lines)
  • Full contents of files touched by the diff
  • CI logs (when CI fails)
  • Repository rules (.gitar/rules/*.md)
  • AI instruction files (AGENTS.md, CLAUDE.md, .cursorrules, .cursor/rules/*)
  • PR/MR title and description
  • Comment history on the PR/MR
  • Custom review instructions (.gitar/review/*.md)

When Connected

  • Linked issue context (Jira or Linear, if integrated)
Gitar does not read:
  • Files not touched by the PR (unless explicitly referenced by a touched file or rule)
  • Other branches
  • Deployment configurations
  • Secrets or environment variables

Code Review Process

Gitar reviews code changes through multiple specialized lenses:
  • Security: Vulnerabilities, unsafe patterns, input validation issues
  • Bugs: Logic errors, null pointer risks, unhandled edge cases
  • Performance: Algorithm complexity, database query patterns, memory usage
  • Code quality: Readability, maintainability, adherence to best practices
All findings are consolidated into a single dashboard comment on the PR/MR. When new commits are pushed, Gitar updates the existing comment rather than creating new ones. Resolved findings are tracked so you can see progress at a glance. Custom review instructions placed in .gitar/review/*.md let you tailor what Gitar looks for in your specific codebase. See Repository Configuration for details.

CI Failure Fixing

When CI fails on a PR/MR, Gitar:
  1. Reads the full CI log output across all jobs and steps
  2. Identifies the failing step and extracts relevant error messages
  3. Determines the root cause by cross-referencing errors with the code diff
  4. Pushes a fix commit to the branch
Gitar handles a wide range of failure types:
Failure TypeExamples
Build errorsCompilation failures, missing imports, type errors
Test failuresBroken assertions, missing setup, incorrect expected values
Linting errorsCode style violations, formatting issues, static analysis warnings
Flaky testsRace conditions, timing issues, non-deterministic behavior
If the first fix does not resolve the failure, Gitar automatically re-analyzes the new CI output and attempts another fix, building on context from previous iterations.

Data Flow and Privacy

Gitar supports two deployment models with different data flow characteristics:
Cloud DeploymentEnterprise CI Deployment
Where code is processedEphemeral, Gitar-managed containersYour own CI infrastructure
Data retentionZero — containers destroyed after processingCode never leaves your environment
AI provider agreementsZero data retention with all providers (Google, Anthropic)Configurable — bring your own LLM key
Code storageNo source code stored beyond ephemeral processingComplete control over data lifecycle
For full details on infrastructure security, encryption, compliance, and certifications, see Security.

What Gitar Does NOT Do

  • Does not access files outside the PR diff context (unless referenced by touched files or rules)
  • Does not store your code — processing is ephemeral with zero retention
  • Does not train on your code — zero data retention agreements with all AI providers
  • Does not force-push — all changes are new commits
  • Does not merge PRs/MRs — merging is always a human decision
  • Does not access secrets or environment variables — processing environments are isolated from credentials