Get started with Revund
Install the CLI, connect a repo, and get a review on your next pull request — usually in under five minutes.
Quickstart
Revund reviews pull requests like a senior engineer. It runs a multi-pass analysis — security, performance, architecture, style — grounded in your actual TypeScript types via tsc, and explains why every finding matters.
There are two ways to use it:
- GitHub / GitLab / Bitbucket app — Revund comments on every PR automatically.
- CLI — run
revund reviewlocally against a branch or diff.
Install
Install the CLI globally with npm:
$ npm install -g revundOr run without installing:
$ npx revund reviewAuthenticate once — this opens a browser tab and links the CLI to your account:
$ revund loginYour first review
Inside any git repo, run revund review to review the diff between your current branch and main:
$ revund review # reviewing feat/orders-api (24 files, +812 −146) # running passes: security · perf · arch · style BLOCKER src/auth/token.ts:47 JWT secret falls back to hardcoded string. why: tokens become forgeable across environments
To compare against a different base, pass --base:
$ revund review --base origin/developGitHub app
Install the Revund GitHub app from github.com/revund-dev. Pick the repos you want reviewed — public ones are free, private ones count against your plan. Revund will comment on every new PR within about a minute of it opening.
Required scopes: pull_requests: read & write, contents: read, checks: write. Revund never pushes commits or modifies your branches.
GitLab & Bitbucket
GitLab and Bitbucket work the same way — install the app, pick repos, done. For self-managed GitLab, point the integration at your instance URL and generate a project access token with api scope.
VS Code & JetBrains
The editor extensions surface findings inline as you work, before the PR is even open. Install from the VS Code Marketplace or JetBrains Plugin Repository, then run Revund: Sign in from the command palette.
.revund.yaml
Drop a .revund.yaml at the root of your repo to configure per-repo behavior. All fields are optional.
passes: - security - perf - arch - style severity_threshold: warning # nitpick | warning | blocker ignore: - "**/*.generated.ts" - "dist/**" rules: no_console_in_prod: warning prefer_result_type: nitpick
Custom rules
Custom rules are available on Team and Enterprise plans. Each rule is a short natural-language description plus a severity. Revund loads them into the matching pass automatically.
rules: no_raw_sql: severity: blocker pass: security description: "Never build SQL with string concatenation — use the query builder."
Ignoring findings
Dismiss a finding on the PR with a reason and Revund remembers it — the same finding on the same fingerprint won’t surface again in that repo. Dismissals are per-repo, not global, so one team’s conventions don’t leak into another’s.
CLI reference
Common commands:
revund login— link the CLI to your account.revund review— review the current branch againstmain.revund review --base <ref>— review against a different base.revund review --pass security,perf— run a subset of passes.revund review --json— emit findings as JSON for CI.revund explain <finding-id>— expand the why on a specific finding.
Finding model
Every finding Revund emits has the same shape:
{
"id": "f_01HXZ...",
"pass": "security",
"severity": "blocker",
"file": "src/auth/token.ts",
"line": 47,
"body": "JWT secret falls back to hardcoded string.",
"why": "Tokens become forgeable across environments.",
"confidence": 0.92,
"fingerprint": "a3f1..."
}Findings with confidence < 0.6 are dropped silently — noise is the single fastest way to lose trust in a reviewer.
Self-hosted
Enterprise customers can run the Revund agent inside their own VPC. Your code never leaves your network boundary — the agent talks to your own LLM endpoint (Bedrock, Azure OpenAI, or a bring-your-own key) and reports findings back to the control plane over an outbound TLS tunnel.
Shipped as a signed container image with Helm and Terraform modules. Contact sales@revund.dev for the installer.