Skip to content

Nominal Code

An AI-powered code review agent for GitHub and GitLab pull requests. It uses an LLM to read your diffs and post structured inline reviews — all without leaving your PR.

It runs anywhere: as a CI job (GitHub Actions or GitLab CI), from the command line, or as a self-hosted webhook server for real-time interaction.

Choose Your Mode

Mode Best For Setup Details
CI Teams wanting zero-infrastructure automated reviews on every PR Add a workflow file — no server, no CLI Uses the LLM provider API directly
CLI Developers running one-off reviews from their terminal Install the Claude Code CLI and run a command Uses the Claude Code CLI as agent runner
Webhook Teams wanting real-time, interactive reviews via @mention Deploy a webhook server Conversation continuity, auto-trigger, multi-turn

New here? Start with the Getting Started guide.

Features

  • Reviewer bot — fetches the PR diff, runs an agent with read-only tools, posts structured inline code reviews
  • Three execution modes — CI job, CLI one-off, or webhook server
  • GitHub and GitLab — supports both platforms simultaneously
  • Conversation continuity — multi-turn conversations within the same PR (webhook mode)
  • Auto-trigger — run reviews automatically on PR open, push, reopen, or ready-for-review events
  • Per-repo guidelines — coding standards via .nominal/guidelines.md and .nominal/languages/{lang}.md

Documentation

  • Getting Started — from zero to a working review
  • CI Mode — automated reviews in GitHub Actions and GitLab CI
  • CLI Mode — run one-off reviews without a server
  • Webhook Mode — real-time interactive reviews via @mention
  • GitHub — webhook setup, tokens, supported events
  • GitLab — webhook setup, self-hosted support
  • Review Process — how the bot reviews code, tool restrictions, output format
  • Configuration — modes, prompts, guidelines, behavior
  • Policies — filtering and routing policy models
  • Environment Variables — full variable reference by feature
  • Architecture — request flow, agent runners, workspace layout
  • Sub-Agents — on-demand explore sub-agents, WriteNotes, Agent tool
  • Compaction — notes-based context compaction for long sessions
  • Security — trust model, LLM risks, authentication
  • Deployment — standalone server, Kubernetes, health checks

Security

Nominal Code includes webhook signature verification, tool restrictions, token separation, and resource limits. See the Security page for the full trust model, LLM prompt injection risks, and hardening recommendations.