shippie
Shippie is an AI-powered code review agent that automatically reviews pull requests by analyzing diffs, exploring codebases with real developer tools, and posting focused review comments. It runs as a GitHub Action, local CLI, or deployed service, and integrates with multiple LLM providers (Anthropic, OpenAI, OpenRouter, Cloudflare).
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | mattzcarey/shippie |
| Owner | mattzcarey |
| Primary language | TypeScript |
| License | MIT — OSI-approved |
| Stars | 2.4k |
| Forks | 244 |
| Open issues | 8 |
| Latest release | v0.21.2 (2026-06-23) |
| Last updated | 2026-07-03 |
| Source | https://github.com/mattzcarey/shippie |
What shippie is
TypeScript-based agent built on the flue framework and pi runtime that uses LLM-driven workflows to perform code analysis, detect issues (secrets, inefficient code, potential bugs), and supports Model Context Protocol (MCP) for external tool integration. Deployable on Node, Cloudflare Workers, GitHub Actions, and GitLab CI.
Get the shippie source
Clone the repository and explore it locally.
git clone https://github.com/mattzcarey/shippie.gitcd shippie# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires an active LLM provider account (Anthropic, OpenAI, OpenRouter, or Cloudflare) and valid API credentials stored as GitHub secrets or environment variables.
- GitHub Action setup needs PR write permissions and full checkout (`fetch-depth: 0`); local mode reviews only staged git changes, not full history.
- Customize review behavior via `AGENTS.md` / `CLAUDE.md` rules files, `CUSTOM_INSTRUCTIONS` env var, and MCP server configuration for external tool access.
- Supports provider-specific features (e.g., Claude's extended thinking via `THINKING_LEVEL`) — verify your chosen LLM's feature parity.
- Node >= 22.19 required; npm-based workflow. Development uses oxlint/oxfmt for linting; CI runs tests via npm test.
When to avoid it — and what to weigh
- Security-Critical Codebases Without LLM Vetting — If your organization has strict policies against sending code to third-party LLM APIs (Anthropic, OpenAI, etc.), Shippie's reliance on external model inference may not be acceptable without on-premise LLM alternatives.
- Need for 100% Deterministic Review Decisions — LLM-based review is probabilistic and non-deterministic. If your workflow requires repeatable, rule-based linting decisions, traditional static analysis tools are more suitable.
- No TypeScript/Node.js Development Environment — Shippie is Node.js-based (requires Node >= 22.19). Teams on JVM, Python-only, or older Node stacks will face integration friction or runtime compatibility issues.
- Heavily Customized, Legacy Review Processes — If your code review workflow relies on bespoke integrations or proprietary tooling deeply embedded in your CI/CD, Shippie's opinionated agent-loop design may require significant refactoring.
License & commercial use
MIT License — permissive OSI license allowing commercial use, modification, and distribution with attribution.
MIT is a permissive open-source license that explicitly permits commercial use, commercial redistribution, and incorporation into proprietary software. No license restrictions prevent commercial deployment. However, you remain responsible for compliance with your LLM provider's terms of service (Anthropic, OpenAI, etc.) and any data handling agreements.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
Code diffs and codebase content are sent to external LLM providers (Anthropic, OpenAI, etc.) for analysis—evaluate your organization's data residency and compliance requirements. Shippie can detect exposed secrets in diffs, but relies on LLM detection heuristics, not cryptographic scanning. No formal security audit published. Review provider data retention policies and consider network-isolated deployment (Cloudflare Workers AI) for sensitive codebases. GitHub Action runs with PR write permissions—review GitHub secret handling and API key rotation practices.
Alternatives to consider
Codium AI pr-agent
Open-source, also LLM-based PR review, supports multiple providers; heavier configuration, less opinionated agent loop.
GitHub Copilot Code Review (built-in)
Native GitHub integration, no setup required, but limited customization and tied to GitHub's model; simpler for basic reviews.
Traditional static analysis (SonarQube, ESLint, Checkmarx)
Deterministic, rule-based, no LLM inference costs; better for strict compliance and security scanning, but no semantic code understanding.
Build on shippie with DEV.co software developers
Shippie reduces review friction with AI-driven insights. Devco's engineering teams can integrate it into your CI/CD pipeline or customize it for your review workflow.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
shippie FAQ
Can I run Shippie without sending code to an external LLM provider?
What happens if the LLM review misses a critical bug?
How much does it cost to run Shippie?
Can I customize what Shippie reviews?
Software development & web development with DEV.co
DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If shippie is part of your mcp servers roadmap, our team can implement, customize, migrate, and maintain it.
Need Automated Code Review at Scale?
Shippie reduces review friction with AI-driven insights. Devco's engineering teams can integrate it into your CI/CD pipeline or customize it for your review workflow.