Documentation

Looking for deeper docs?

Concepts, guides, troubleshooting, and reference live at our full documentation site.

Visit docs.grapple-pr.com

Quick Start

Get your first AI code review in under 60 seconds.

1

Install the GitHub App

Visit the GitHub Marketplace and install the Grapple PR app on your organization or personal account. Select which repositories you want reviewed.

Install on GitHub
2

Open a Pull Request

Push code and open a PR on any installed repository. Grapple PR automatically indexes your codebase, builds a knowledge graph, and runs 6 agents with full context. The review appears as a comment within 30–90 seconds.

3

Apply fixes and iterate

Review the findings in the PR comment or on your dashboard. Apply auto-fix suggestions with one click using GitHub's suggestion blocks. Create GitHub issues from critical findings. Mark feedback as Helpful / Not Useful to improve future reviews.

CLI

The Grapple PR CLI lets you trigger reviews, view findings, apply fixes, and manage settings from the terminal.

Install

npm install -g grapple-pr

Requires Node.js 20+. Works on macOS, Linux, and Windows.

Authentication

Authenticate via GitHub OAuth. Opens your browser, completes the flow, and stores tokens locally.

grapple login     # opens browser for GitHub OAuth
grapple logout    # clear stored credentials

Commands

grapple status

Show API health, logged-in user, current repo, branch, and PR context.

grapple repos

List connected repositories with graph build status.

grapple findings --pr 42

List review findings. Filter by --severity, --agent, or --status. Auto-detects PR from branch.

grapple review --pr 42

Trigger a review. Add --wait to poll until complete.

grapple fix <id>

Apply an autofix to the PR branch. Add --local to write to your working tree instead.

grapple config

View or update repository review settings (confidence threshold, enabled agents, etc.).

grapple init

Generate a .grapple.yml configuration file interactively.

grapple completion bash

Output shell completion scripts for bash, zsh, or fish.

Git Context Detection

The CLI auto-detects your repository and PR from the current directory. It reads git remote -v to find the owner/repo, matches it against your connected repositories, and resolves the current branch to a PR. Run commands without flags when you're on a feature branch with an open PR.

Global Options

--jsonOutput results as JSON for scripting and CI pipelines.
--no-colorDisable colored output.
--api-url <url>Override the API URL (for self-hosted deployments).

Configuration

Drop a .grapple.yml file in your repository root. Grapple PR reads it before every review.

.grapple.yml
# Custom rules — enforced by all agents
rules:
  - name: No console.log in production
    description: Use the structured logger instead
    severity: major
  - name: API endpoints need Zod validation
    description: All POST/PATCH must validate request body
    severity: critical

# Skip these paths from review
ignore:
  - "dist/**"
  - "**/*.test.ts"
  - "**/*.spec.ts"
  - "node_modules/**"

# Linter awareness — don't duplicate findings
linters:
  eslint: true
  prettier: true

# Hotfix branches suppress minor findings
hotfixBranches:
  - hotfix
  - urgent
  - release

# Override severity for specific categories
severityOverrides:
  sql-injection: critical
  xss: critical
  hardcoded-secret: critical

# Confidence threshold — suppress findings below this score
confidenceThreshold: 60

Schema Reference

rulesarray

Custom rules enforced by all agents. Each rule has a name, description, and severity (critical, major, minor, info).

ignorestring[]

Glob patterns for files/directories to skip during review. Supports standard glob syntax.

lintersobject

Declare which linters your project uses (eslint, prettier, rubocop, etc.). Agents won't duplicate findings already covered by your linters.

hotfixBranchesstring[]

Branch name patterns that trigger hotfix mode. Minor and info findings are suppressed to reduce noise on urgent fixes.

severityOverridesobject

Override the default severity for specific finding categories. Keys are category slugs, values are severity levels.

confidenceThresholdnumber

Suppress findings with a confidence score below this value (0–100). Default is 50. Higher values mean fewer but more reliable findings.

Agents

Every PR review runs 6 specialized agents in parallel. Each agent sees the full codebase context — linked issues, CI status, human reviews, commit churn, and team patterns. A Verification Agent cross-checks every finding.

Security

Sonnet 4.6

60+ OpenGrep AST-aware rules scan for injection, SSRF, timing attacks, ReDoS, and hardcoded secrets across 16 languages. Taint-tracking prompts trace data flow from source to sink. Reads open Dependabot alerts.

Logic

Opus 4.6

Evaluates code against stated intent. Reads commit messages, linked issues, and PR description. Catches edge cases, race conditions, null pointer paths, and off-by-one errors.

Architecture

Opus 4.6

Traces blast radius through the dependency graph. Detects cross-module impact, API contract violations, and pattern inconsistencies. Automatically skips for small changes.

Performance

Sonnet 4.6

Traces call chains for N+1 query detection. Identifies memory leaks, O(n²) complexity, unbounded pagination, and unnecessary re-renders.

Style

Haiku 4.5

Matches existing naming patterns from the code graph. Respects linter configuration. Ultra-conservative — zero noise or it's not worth surfacing.

Verification

Sonnet 4.6

Cross-checks every finding from other agents against codebase evidence. Boosts confidence for hotspot files and CI failures. Filters hallucinations.

Settings

Configure Grapple PR from the dashboard. These settings apply across all repos in your organization.

Confidence Threshold

Set the minimum confidence score (0–100) for findings to appear in reviews. Higher = fewer but more reliable findings. Default: 50.

Agent Toggles

Enable or disable individual agents per repository. Useful if you want to skip Style checks on a prototype repo or disable Architecture for small projects.

Inline Comment Severity

Control which severity levels get posted as inline PR comments vs. only appearing in the summary. Default: major and above. Options: critical, major, minor, info.

Auto-Review on Push

Automatically trigger a review on every push to an open PR. Enabled by default. Disable to only review on manual trigger.

API

API access is coming in a future release. For now, all functionality is available through the GitHub integration and dashboard.

Interested in early API access? Contact us.