Now in public beta — free for early adopters

Your codebase deserves a reviewer who reads everything

6 specialized AI agents. Full codebase context. Context-aware fixes.

See what we found in Netflix Metaflow & NVIDIA PhysicsNeMo

grapple-prbot

reviewed 32s ago

Review Summary

6 agents analyzed 12 files across 3 packages with full codebase context.

SeverityFoundAuto-fixStatus

Critical22Ready

Major43Ready

Minor11Ready

Impact Diagram

src/auth/ -> middleware.ts -> 3 routes affected
src/api/ -> users.ts -> SQL injection risk

Apply all fixesCreate issuesReviewed in 32s

Full codebase context. Not just the diff.

Before reviewing a single line, Grapple PR fetches 9 data sources and runs 4 specialized capabilities — all powered by a persistent code knowledge graph.

9 data sources per review

Linked Issues

Commit History

CI/CD Status

Human Reviews

Security Alerts

Code Ownership

Blast Radius

Team Patterns

Deployments

What we do with all that context

Intent-Aware Review

Logic Agent

Reads the linked issue and PR description to understand WHY the code was written — then evaluates whether it achieves that intent.

OpenGrep + LLM Security

Security Agent

60+ AST-aware rules scan for injection, SSRF, and secrets across 16 languages BEFORE the LLM runs. Taint-tracking traces source to sink.

Context-Aware Auto-Fix

Auto-Fix Engine

Fixes read the full file, imports, and team patterns. If your codebase has sanitizeInput(), the fix uses it instead of writing inline code.

Mermaid Impact Diagrams

Review Comments

Visual diagrams showing how changes fit into the codebase — blast radius, affected tests, dependency chains. Rendered natively by GitHub.

CLI — Review from the Terminal

npm install -g grapple-pr

Trigger reviews, browse findings, apply fixes, and manage settings without leaving your editor. Auto-detects repo and PR from git context.

Greptile 2025 AI Code Review Benchmark

Tested on 50 real-world bugs across 5 repos

Same benchmark. Same rules. 50 bug-introducing PRs from Sentry, Cal.com, Grafana, Keycloak, and Discourse. Every result is publicly verifiable.

ToolOverallCriticalHighMediumLow

Greptile82%58%100%89%87%

Grapple PR56%20%65%73%86%

Cursor58%58%64%56%53%

Copilot54%50%57%78%87%

CodeRabbit44%33%36%56%53%

Graphite6%17%0%11%0%

Sentry (Python)Cal.com (TypeScript)Grafana (Go)Keycloak (Java)Discourse (Ruby)

We're transparent about where we stand. We're also shipping improvements every week.

See full feature comparison

6 agents. Full codebase context. One review.

Each agent sees the full picture — linked issues, CI status, human reviews, commit churn, security alerts, code ownership, and team patterns. Then a Verification Agent cross-checks every finding.

Security

Sonnet 4.6

60+ OpenGrep rules + taint-tracking LLM. Injection, SSRF, timing attacks, auth bypass, ReDoS, secrets. 16 languages. Reads Dependabot alerts.

Logic

Opus 4.6

Evaluates code against intent. Reads commit messages + linked issues. Catches edge cases, race conditions, null paths, off-by-ones.

Architecture

Opus 4.6

Traces blast radius through dependency graph. Cross-module impact, API contracts, pattern violations. Skips for tiny changes.

Performance

Sonnet 4.6

Traces call chains for N+1 detection. Memory leaks, O(n²) complexity, unbounded pagination. Uses dependency graph.

Style

Haiku 4.5

Matches existing naming patterns from code graph. Respects linter config. Ultra-conservative — zero noise or it's not worth it.

Verification

Sonnet 4.6

Cross-checks every finding against codebase evidence. Boosts confidence for hotspot files, CI failures, and human-reviewer alignment.

16 languages. 60+ security rules. One platform.

Deep AST parsing and code graph analysis for 16 languages. LLM agents review any language in a diff.

Supported Languages

JavaScriptTypeScriptPythonGoJavaKotlinRubyRustC#C/C++PHPSwiftScalaElixirShell

Security Patterns (OpenGrep + Regex)

SQL Injection Command Injection SSRF Timing Attacks XSS ReDoS Hardcoded Secrets Unsafe Deserialization Path Traversal Weak Crypto JWT Misuse CORS Wildcards Mass Assignment Reentrancy (Solidity) Open S3 Buckets (Terraform) Eval Injection

Your rules. Your repo. One file.

Drop a .grapple.yml in your repo root. We read it before every review.

.grapple.yml

# Custom rules — enforced by all agents
rules:
  - name: No console.log in production
    description: Use the structured logger
    severity: major
  - name: API endpoints need Zod validation
    description: All POST/PATCH must validate body
    severity: critical

# Skip these paths
ignore:
  - "dist/**"
  - "**/*.test.ts"

# Linter awareness — don't duplicate
linters:
  eslint: true
  prettier: true

# Hotfix branches suppress minor findings
hotfixBranches:
  - hotfix
  - urgent

# Override severity for categories
severityOverrides:
  sql-injection: critical

60 seconds from install to first review

Install the GitHub App

One click. Select your repos. We index the codebase, build a knowledge graph, and generate intelligent project descriptions by reading your actual code.

Open a Pull Request

Grapple PR fetches 9 data sources in parallel, runs 6 agents with full codebase context, generates a natural language summary + Mermaid impact diagram, and posts findings with auto-fix suggestions.

Apply fixes. Create issues. The system learns.

Batch-apply fixes in one commit. File GitHub issues from findings. Mark feedback as Helpful/Not Useful — the confidence scoring adjusts automatically. Your .grapple.yml rules are enforced on every review.

Review Agents

Data Sources per Review

60+

Security Scan Rules

Languages Supported

Start reviewing in 60 seconds

Free during beta. No credit card required.

Already have an account?