DEV.co
MCP Servers · mattzcarey

shippie

Shippie is an AI-powered code review agent that automatically reviews pull requests by analyzing diffs, exploring codebases with real developer tools, and posting focused review comments. It runs as a GitHub Action, local CLI, or deployed service, and integrates with multiple LLM providers (Anthropic, OpenAI, OpenRouter, Cloudflare).

Source: GitHub — github.com/mattzcarey/shippie
2.4k
GitHub stars
244
Forks
TypeScript
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositorymattzcarey/shippie
Ownermattzcarey
Primary languageTypeScript
LicenseMIT — OSI-approved
Stars2.4k
Forks244
Open issues8
Latest releasev0.21.2 (2026-06-23)
Last updated2026-07-03
Sourcehttps://github.com/mattzcarey/shippie

What shippie is

TypeScript-based agent built on the flue framework and pi runtime that uses LLM-driven workflows to perform code analysis, detect issues (secrets, inefficient code, potential bugs), and supports Model Context Protocol (MCP) for external tool integration. Deployable on Node, Cloudflare Workers, GitHub Actions, and GitLab CI.

Quickstart

Get the shippie source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/mattzcarey/shippie.gitcd shippie# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Automated PR Code Review at Scale

Teams needing consistent, 24/7 code review coverage without hiring additional reviewers. Catches common issues (exposed secrets, inefficient patterns, edge cases) before human review.

Augmented Human Review Workflow

Engineering teams using Shippie as a first-pass filter to highlight issues and reduce cognitive load on human reviewers, freeing them to focus on architectural and design concerns.

CI/CD Integration with Minimal Setup

Organizations seeking a drop-in GitHub Action or local CLI tool that requires no server infrastructure, supporting multiple LLM backends and easy customization via rules files.

Implementation considerations

  • Requires an active LLM provider account (Anthropic, OpenAI, OpenRouter, or Cloudflare) and valid API credentials stored as GitHub secrets or environment variables.
  • GitHub Action setup needs PR write permissions and full checkout (`fetch-depth: 0`); local mode reviews only staged git changes, not full history.
  • Customize review behavior via `AGENTS.md` / `CLAUDE.md` rules files, `CUSTOM_INSTRUCTIONS` env var, and MCP server configuration for external tool access.
  • Supports provider-specific features (e.g., Claude's extended thinking via `THINKING_LEVEL`) — verify your chosen LLM's feature parity.
  • Node >= 22.19 required; npm-based workflow. Development uses oxlint/oxfmt for linting; CI runs tests via npm test.

When to avoid it — and what to weigh

  • Security-Critical Codebases Without LLM Vetting — If your organization has strict policies against sending code to third-party LLM APIs (Anthropic, OpenAI, etc.), Shippie's reliance on external model inference may not be acceptable without on-premise LLM alternatives.
  • Need for 100% Deterministic Review Decisions — LLM-based review is probabilistic and non-deterministic. If your workflow requires repeatable, rule-based linting decisions, traditional static analysis tools are more suitable.
  • No TypeScript/Node.js Development Environment — Shippie is Node.js-based (requires Node >= 22.19). Teams on JVM, Python-only, or older Node stacks will face integration friction or runtime compatibility issues.
  • Heavily Customized, Legacy Review Processes — If your code review workflow relies on bespoke integrations or proprietary tooling deeply embedded in your CI/CD, Shippie's opinionated agent-loop design may require significant refactoring.

License & commercial use

MIT License — permissive OSI license allowing commercial use, modification, and distribution with attribution.

MIT is a permissive open-source license that explicitly permits commercial use, commercial redistribution, and incorporation into proprietary software. No license restrictions prevent commercial deployment. However, you remain responsible for compliance with your LLM provider's terms of service (Anthropic, OpenAI, etc.) and any data handling agreements.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityLow
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Code diffs and codebase content are sent to external LLM providers (Anthropic, OpenAI, etc.) for analysis—evaluate your organization's data residency and compliance requirements. Shippie can detect exposed secrets in diffs, but relies on LLM detection heuristics, not cryptographic scanning. No formal security audit published. Review provider data retention policies and consider network-isolated deployment (Cloudflare Workers AI) for sensitive codebases. GitHub Action runs with PR write permissions—review GitHub secret handling and API key rotation practices.

Alternatives to consider

Codium AI pr-agent

Open-source, also LLM-based PR review, supports multiple providers; heavier configuration, less opinionated agent loop.

GitHub Copilot Code Review (built-in)

Native GitHub integration, no setup required, but limited customization and tied to GitHub's model; simpler for basic reviews.

Traditional static analysis (SonarQube, ESLint, Checkmarx)

Deterministic, rule-based, no LLM inference costs; better for strict compliance and security scanning, but no semantic code understanding.

Software development agency

Build on shippie with DEV.co software developers

Shippie reduces review friction with AI-driven insights. Devco's engineering teams can integrate it into your CI/CD pipeline or customize it for your review workflow.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

shippie FAQ

Can I run Shippie without sending code to an external LLM provider?
Not with the current setup. Shippie integrates Anthropic, OpenAI, OpenRouter, and Cloudflare Workers AI. Cloudflare Workers AI may allow regional data processing, but full on-premise LLM is not documented. Requires review of your provider's data handling terms.
What happens if the LLM review misses a critical bug?
Shippie is a first-pass agent, not a guarantee. It catches common issues (secrets, inefficient patterns, edge cases) but is not a replacement for human code review. Use it to augment human reviewers, not replace them.
How much does it cost to run Shippie?
Cost depends on your LLM provider's API pricing (per-token or per-request). Anthropic and OpenAI have published pricing; requests scale with diff size and codebase complexity. No cost for GitHub Action hosting or npm package itself.
Can I customize what Shippie reviews?
Yes, via `AGENTS.md` / `CLAUDE.md` rules files, `CUSTOM_INSTRUCTIONS` environment variable, `IGNORE` patterns, and MCP server integrations for external tools. The agent loop is driven by flue and pi, so you can inject context and delegate tasks.

Software development & web development with DEV.co

DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If shippie is part of your mcp servers roadmap, our team can implement, customize, migrate, and maintain it.

Need Automated Code Review at Scale?

Shippie reduces review friction with AI-driven insights. Devco's engineering teams can integrate it into your CI/CD pipeline or customize it for your review workflow.