Twice the Signal. Half the Noise. Every PR.

A seal of approval on every pull request.

Four specialists review every PR — logic, security, performance, and tests — unified by a synthesizer. Believability isn’t a prompt; it’s a five-stage architecture that grounds, verifies, and anchors every finding before it posts. The mark only lands when the code earns it.

Hosted GitHub App · reviews fire on every PR
WHAT A REVIEW LOOKS LIKE

Not a wall of fluff. A verdict you can act on.

One structured comment: an effort estimate, quality gates, the files that matter ranked by risk, and every finding anchored to the exact line with a proof tier attached. Collapsible. Skimmable. Believable.

Proof pills on every finding — VERIFIED, GROUNDED, or MODEL.
Suggested fixes — ready-to-apply patches and a one-click prompt for your agent.
Recall-safe — a real P0/P1 is never suppressed to keep the review tidy.
Sigilix
Sigilix bot reviewed · Request changes
effort 4/5
✓ title✓ descriptionℹ issue link
Adds a default-on Knip wrapper that converts dependency findings into Sigilix SARIF. A specialist flagged a logic issue where string truncation can split a multi-byte sequence.
IMPORTANT FILES
5/5run_knip.shGROUNDED
4/5knip_to_sarif.pyVERIFIED
2/5scan.ymlMODEL
▸ Sequence diagram  ·  ▸ Provenance ledger  · view the real review on GitHub →
FIVE STAGES, NOT TWO

Everyone else ships model → comment.

We ship a pipeline where a finding can’t post unless it cites real evidence and survives execution. It’s the reason the hallucinated-finding count is zero by construction, not by luck.

01 · BEFORE
Evidence

Deterministic scans, AST rules, dep-vuln lookups — assembled before any model speaks.

02 · AROUND
Specialists

The pantheon interprets evidence — each cites the manifest, never the abstract.

03 · AFTER
Gates

Provenance contracts, self-refutation, live execution. Uncited findings are dropped.

04 · POSTED
Receipts

Every finding carries a proof tier — verified, grounded, or model.

05 · LEARNED
Memory

Every dismissal trains a per-repo trust ledger. You tune it by disagreeing.

THE REVIEW · IN MOTION

Five minds. One verdict.

A PR opens. The pantheon reviews in parallel. The synthesizer collapses every overlapping signal into a single, anchored comment — the only thing you read.

Sigilixsigilix bot reviewed · nowChanges requested

1 finding posted inline · coverage: logic · security · performance · tests

1 finding · 1 inline · Proof: 1 grounded

The Knip wrapper and SARIF converter are well-implemented, following established runner patterns and security practices. One logic issue was identified where string truncation in the converter can produce invalid Unicode sequences.

Dismiss: @sigilix dismiss <reason> · Re-run: /sigilix review · Review #1 · 140b156

📄.github/scripts/knip_to_sarif.py
Comment on lines +95 to +99
95+def _bounded_text(value, default, limit):
96+ text = str(value or default).strip()
97+ if len(text) <= limit:
98+ return text
99+ return text[: limit - 3] + "..."
SigilixsigilixBot· last week
P2LOGICGROUNDED_bounded_text truncation can split a multi-byte Unicode character, producing a broken surrogate pair in the SARIF message

_bounded_text slices the string at text[: limit - 3] without regard to character boundaries. When text contains a multi-byte UTF-8 character (e.g. an emoji or a non-BMP codepoint like '𝒳') that straddles the cut point, the slice can split a surrogate pair, leaving a lone high surrogate in the output. The resulting SARIF message.text will carry an invalid Unicode sequence that downstream SARIF consumers may reject or render as a replacement character.

Detailed reasoning

Example:

input:name = '𝒳' * 200  (200 copies of U+1D4B3 MATHEMATICAL SCRIPT CAPITAL X)
limit = 500
actual:text[:497] slices at byte offset 497 — inside the 125th codepoint's 4-byte sequence
SARIF consumer: may reject the invalid UTF-8 or render '�'

Suggested fix:

encoded = text.encode('utf-8')[: limit - 3]
truncated = encoded.decode('utf-8', errors='ignore')
returntruncated + '...'

Prompt to fix with AI

THE PANTHEON

Four specialists. One constellation.

Each is tuned for one class of failure. A single model hopes; the pantheon divides the surface area and a synthesizer resolves the overlap.

logic
Logic specialist

Logic errors, dead code, naming drift, unreachable branches.

security
Security specialist

Secrets, injection, SSRF, auth bypass, OWASP patterns.

performance
Performance specialist

N+1 queries, re-renders, leaks, Big-O regressions.

tests
Tests specialist

Missing coverage, untested failure paths, brittle fixtures.

synthesis
The synthesizer

Dedupes, ranks by merge impact, writes the final verdict.

OUR MODELS · BUILT IN-HOUSE

The Sigilix model line.

Our own models, built in-house and grounded in your codebase — a line that runs from Light to Premium.

Light · 3.1
Boreasdefault

The everyday flagship — fast, grounded in your codebase, tuned in-house.

Base · 3.0
Pyroeis

The balanced workhorse for standard review and agent work.

Premium · 3.0
Astraeus

The deepest-reasoning tier, for the hardest changes.

Coming soon
Phanes

A new model, arriving soon.

TRIAGE · WHERE WORK HAPPENS

A vague ticket, traced to the line.

Sigilix meets your team where work already happens. It reviews pull requests, triages CI failures — turning a red build into a grounded root-cause comment instead of a raw log dump — and rewrites vague Linear issues into something an engineer can act on, mapped to the failure path.

GitHub PRsCI failuresLinear
See triage in motion →
PMpriya · “something looks broken, see screenshot”
Sigilixrewritten by Sigilix · SIG-463 · P1
Findings with a valid changed line render PR-level instead of inline — anchoring believability
FAILURE PATH
scope?normalizebody route
Suggested fix: promote pr/file scope → line when a RIGHT-anchorable changed line exists.
BEYOND THE REVIEW COMMENT

The review earns context. Two lanes spend it.

Every PR reviewed deposits a verified, machine-usable understanding of your repo — index, code graph, trust ledger. Review-bots discard it. We build on it.

TOKEN ECONOMICS

Stop re-buying context every session.

Context-blind agents rediscover your codebase on every task. A model working through Sigilix makes one grounded call — the exploration was already paid for by the review loop.

CONTEXT-BLIND AGENT · PER TASK
01grep the repo, open candidate files
02re-derive call paths & dependencies
03re-learn conventions (integer cents…)
04guess what's real vs. noise
05attempt edit, verify by more reading
exploratory spend — repeated every session
THROUGH SIGILIX · PER TASK
relevant subgraph attached from the graph
call paths already held by the review loop
conventions from review memory, pre-verified
trust ledger supplies real-vs-noise
one grounded call, evidence attached
context already paid for · ~4× cheaper at the hottest call
DETECTION VS. TRUSTWORTHY DETECTION

Others compete on volume. We compete on belief.

Same class of retrieval as the best. A believability engine no one else has on top — grounded, verified, anchored to the exact line, recall-safe.

VS CODERABBIT
Breadth, minus the noise.

CodeRabbit casts a wide net — and a real share of what it raises isn’t actionable. We optimize the opposite axis: every finding is grounded and verified before it posts; anything it can’t substantiate is demoted, not shown.

VERIFIEDGROUNDEDMODEL
VS GREPTILE
Context isn’t the gap.

Greptile leads with whole-repo context; we run the same retrieval — vector + AST + dependency graph. The difference is what happens after: evidence schemas, verification before posting, and a provable guarantee no suppression path drops a P0/P1.

Greptile finds; Sigilix finds, proves, and anchors the proof — added or deleted line.

CodeRabbit and Greptile compete on detection. Sigilix competes on trustworthy detection — grounded, verified, precisely anchored, recall-safe. The moat is believability, not volume.
MEMORY · THE TRUST LEDGER

It learns the moment you disagree.

Every dismissal trains a per-repository trust ledger. Disagree once — in plain language, in the thread — and Sigilix stops raising that class of finding on future reviews. No model fine-tuning, and nothing is a black box: the memory is visible, removable, and auditable.

A finding you’ve dismissed in similar code stops being raised.
Recorded in sigilix.json or sigilix.yaml — reviewable as code, removable any time.
The team’s conventions, learned — without touching a model weight.
Recommended: replace the wildcard import
-7 +1
▸ Committable suggestion
JB
jbrooks215author2 minutes ago
@sigilix No — we want to get rid of the star imports.
Sigilix
sigilixbot1 minute ago
@jbrooks215— noted. I’ll remember this preference for this repo.
New learnings added
logic · avoid wildcard imports in src/ · applied to future reviews