MCPcopy Index your code
hub / github.com/arsenyinfo/nitpicker

github.com/arsenyinfo/nitpicker @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
568 symbols 1,139 edges 28 files 80 documented · 14%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

nitpicker

crates.io

Multi-reviewer code review using LLMs. Spawns parallel agents with different models/prompts, aggregates their feedback into a final verdict. Supports two modes — parallel aggregation and actor-critic debate — across two task types: code review and free-form questions.

Free Web version is available for open source projects.

Each reviewer is an agentic loop that can call tools (read files, grep, glob, git commands) to explore the repo before writing its review. Review prompts now encourage a quick initial map, a short working plan, and early subagent delegation for disjoint investigations. Tool outputs include lightweight headers and clearer truncation/no-match messages so agents can reason about partial evidence more reliably. A separate aggregator model deduplicates and synthesizes the individual reviews into a final verdict.

Requirements

  • Rust toolchain
  • A git repository to review
  • At least one configured LLM (API key or Gemini OAuth)

Installation

cargo install nitpicker

Quick start

export ANTHROPIC_API_KEY="your-api-key-here"

Review

nitpicker
nitpicker --repo /path/to/repo
nitpicker --repo /path/to/repo --prompt "focus on src/api/"
nitpicker --analyze src/components/
nitpicker --analyze  # entire repo

Parallel Mode

nitpicker --no-debate
nitpicker --no-debate --analyze src/
nitpicker --no-debate --max-turns 40

PR review

nitpicker pr
nitpicker pr https://github.com/owner/repo/pull/42
nitpicker pr --no-comment
nitpicker pr https://github.com/owner/repo/pull/42 --no-comment
# force a fresh temp clone even when the URL points to your current repo
nitpicker pr https://github.com/owner/repo/pull/42 --clone
# machine-readable output for embedding (one JSON object on stdout)
nitpicker pr https://github.com/owner/repo/pull/42 --no-comment --json

Ask

nitpicker ask "should we use eyre or thiserror for error handling?"
nitpicker ask --no-debate "is this authentication flow secure?"
nitpicker ask --rounds 3 "should we split this module?"
nitpicker ask --max-turns 40 "should we split this module?"

Configuration

Configuration is loaded from (first match wins):

  1. --config <path> (explicit flag)
  2. nitpicker.toml in repo root
  3. ~/.nitpicker/config.toml (global config)
# create a config in current directory
nitpicker init

# prefer OpenRouter experimental free models when OPENROUTER_API_KEY is set
nitpicker init --free

# create a global config at ~/.nitpicker/config.toml
nitpicker init --global

Example nitpicker.toml:

[defaults]
debate = true          # optional, default: true
max_turns = 100        # optional, default: 100
log_trajectories = false # optional, default: false

[aggregator]
model = "claude-sonnet-4-6"
provider = "anthropic"
max_tokens = 8192        # optional, default: 8192

[[reviewer]]
name = "claude"          # used in output headers and logs
model = "claude-sonnet-4-6"
provider = "anthropic"

[[reviewer]]
name = "gpt"
model = "gpt-5.2-codex"
provider = "openai_compatible"
base_url = "https://api.openai.com/v1"
api_key_env = "OPENAI_API_KEY"

Tip: Use providers that were not used for the initial building of your codebase to enforce diversity of thought.

Unknown config keys are rejected. For example, use max_tokens for output length; token_limit is not a supported field.

Debate mode is enabled by default for nitpicker, nitpicker ask, and nitpicker pr. Pass --no-debate to use parallel aggregation for a single run. Use [defaults].max_turns or --max-turns to control the per-agent tool-use loop limit.

Set [defaults].log_trajectories = true to save per-agent JSONL traces and a final aggregation.json under ~/.nitpicker/sessions/session-<timestamp>-<pid>/.

Provider types

provider Auth Notes
anthropic ANTHROPIC_API_KEY env var (or api_key_env), or auth = "azure-ad" base_url optional
gemini GEMINI_API_KEY/GOOGLE_AI_API_KEY env var (or api_key_env), or auth = "agy-keyring" base_url optional (e.g. a local Gemini-compatible server); agy-keyring reuses the Antigravity CLI OAuth token from the system keyring — research only, see warning
openai OPENAI_API_KEY env var (or api_key_env), auth = "azure-ad", or auth = "codex" codex reuses your ChatGPT subscription via the Codex CLI token — research only, see warning
openrouter OPENROUTER_API_KEY env var (or api_key_env) explicit model names are recommended; model = "free" is experimental

anthropic_compatible and openai_compatible are accepted as aliases for backward compatibility.

auth = "azure-ad" authenticates with a refreshing Azure AD (Entra ID) token instead of a static key — for OpenAI and Anthropic models hosted on Azure AI Foundry. Requires a build with the azure feature, see below.

auth = "codex" authenticates with your ChatGPT Plus/Pro (Codex) subscription instead of a paid API key, reusing the token the Codex CLI stores on disk, see below.

OpenRouter models

openrouter supports both explicit pinned models and an experimental free auto-selection mode.

Pinned models are the supported default and the recommended setup:

# recommended: explicit model
[[reviewer]]
name = "qwen"
model = "qwen/qwen3-30b-a3b"
provider = "openrouter"

Experimental best-effort free auto-selection is also available:

# experimental: auto-select a currently available free model
# omit `model` or set model = "free"
[[reviewer]]
provider = "openrouter"

# explicit experimental form
[[reviewer]]
model = "free"
provider = "openrouter"

When model is omitted or set to "free", nitpicker tries to pick a currently working free model at startup.

This mode is convenient, but it is not production-stable and may fail due to upstream availability, routing differences, or timeouts.

If you want predictable behavior, pin explicit model names instead of relying on free auto-selection.

export OPENROUTER_API_KEY="your-key"

A free OpenRouter account is sufficient for the experimental free mode — no credit card required, just rate limits.

Antigravity Keyring (research only)

[!CAUTION] Research only — do not use on a Google account you care about. AG2's Additional Terms of Service Section 6 prohibits "using the Service in connection with products not provided by us", which directly covers reusing the agy OAuth token from a third-party client like nitpicker. Google has been actively enforcing this in 2026: paid AI Ultra subscribers have received account suspensions, often without warning, for using third-party AG2 OAuth bridges (OpenClaw, OpenCode, Pi Agent). Detection appears aggressive — even light testing has triggered bans. The earlier gemini-cli OAuth path was discouraged on similar grounds (discussion). If you want billed Gemini access without this risk, set GEMINI_API_KEY and drop the auth line.

AG2 is Google's current agentic IDE, succeeding both the older Gemini CLI OAuth path and the earlier AG1 preview. The gemini-3.x family ships only through AG2's CloudCode backend, so auth = "agy-keyring" exists purely as a research path to compare those models against the rest of the reviewer pool, with full awareness of the ToS posture above.

The proxy reads agy's OAuth token from the system keyring (service=gemini, account=antigravity) via the keyring crate (Secret Service on Linux, Keychain on macOS, Credential Manager on Windows), relies on agy to refresh it, and routes chat through CloudCode's v1internal:streamGenerateContent SSE endpoint. Run agy and complete its login first. NITPICKER_ANTIGRAVITY_PLATFORM can override the auto-detected platform enum if needed.

This path requires a build with the antigravity feature (off by default, since it pulls in the local proxy stack — axum — and the keyring crate with its native backends):

cargo build --release --features antigravity
# or: cargo install --features antigravity ...

Without the feature, auth = "agy-keyring" is rejected at config validation with a build hint, and nitpicker init won't offer the keyring reviewer.

Tested AG2 models (current author config): gemini-3.1-pro-low, gemini-3.5-flash-low. Other IDs returned by fetchAvailableModels (e.g. gemini-3-flash-agent) likely work but have not been exercised.

[aggregator]
model = "gemini-3.5-flash-low"
provider = "gemini"
auth = "agy-keyring"

[[reviewer]]
name = "gemini"
model = "gemini-3.1-pro-low"
provider = "gemini"
auth = "agy-keyring"

ChatGPT/Codex subscription (research only)

[!CAUTION] Research only. This reuses the OpenAI Codex CLI's public OAuth client to call OpenAI through your ChatGPT Plus/Pro subscription. Third-party use of that client is arguably outside OpenAI's terms — same posture as the Antigravity path above. Use a paid OPENAI_API_KEY for anything you care about.

auth = "codex" (on an openai reviewer/aggregator) reuses the OAuth token the Codex CLI stores in ~/.codex/auth.json. Log in once with codex login (choosing your ChatGPT account, not an API key); nitpicker reads the token read-only and refreshes the short-lived access token in-memory via the refresh token — it never writes back to auth.json. Set CODEX_HOME to override the token directory.

Under the hood this talks to the Codex subscription endpoint (chatgpt.com/backend-api/codex/responses), which speaks the OpenAI Responses API with subscription-specific quirks (a required top-level system prompt, mandatory streaming, store: false, no max_output_tokens, and encrypted reasoning items round-tripped across turns since nothing is server-side persisted); nitpicker handles all of that transparently. No API-key env var is needed.

Models are your subscription's Codex models (e.g. gpt-5.4, gpt-5.4-mini, gpt-5.5):

[aggregator]
model = "gpt-5.4"
provider = "openai"
auth = "codex"

[[reviewer]]
name = "codex"
model = "gpt-5.4"
provider = "openai"
auth = "codex"

Azure AD (Azure AI Foundry)

Call OpenAI and Anthropic models hosted on Azure AI Foundry using a short-lived Azure AD (Entra ID) token instead of a static key. nitpicker acquires the token via the Azure SDK and transparently refreshes it (rebuilding the client before the token expires), so long reviews and debates don't die mid-run — the equivalent of the Python SDK's azure_ad_token_provider.

This path requires a build with the azure feature (off by default, since it pulls in the Azure SDK and needs Rust 1.88+):

cargo build --release --features azure
# or: cargo install --features azure ...

Set auth = "azure-ad" on an openai or anthropic reviewer/aggregator and point base_url at your Foundry endpoint:

[[reviewer]]
name = "gpt"
provider = "openai"                                                  # OpenAI models → /openai/v1
base_url = "https://<resource>.services.ai.azure.com/openai/v1"
model = "gpt-4o"                                                     # your Foundry deployment / model
auth = "azure-ad"

[[reviewer]]
name = "claude"
provider = "anthropic"                                               # Anthropic models → /anthropic
base_url = "https://<resource>.services.ai.azure.com/anthropic"
model = "claude-sonnet-4-5"
auth = "azure-ad"
azure_credentials = "dev"                                            # optional, see below

Optional per-reviewer/aggregator fields:

  • azure_scope — AAD token scope. Defaults to https://cognitiveservices.azure.com/.default.
  • azure_credentials — selects the credential chain, mirroring the Azure SDK's AZURE_TOKEN_CREDENTIALS:
  • "dev" — developer tools only (az login, Azure Developer CLI), excluding managed identity. Use on a VM where you want az login instead of a system-assigned managed identity.
  • "prod" — env service principal (AZURE_TENANT_ID/AZURE_CLIENT_ID/AZURE_CLIENT_SECRET), then managed identity.
  • unset / "auto" — env service principal → managed identity → developer tools, in that order.

If unset, the AZURE_TOKEN_CREDENTIALS env var is honored as a fallback.

CLI reference

nitpicker [OPTIONS]
nitpicker ask [--no-debate] [--rounds N] [--max-turns N] [OPTIONS] <topic>
nitpicker pr [URL] [--no-comment] [--no-debate] [--rounds N] [--max-turns N] [OPTIONS]
nitpicker init [--global] [--free]

Review (default)

--repo <PATH>      git repository to review [default: .]
--config <PATH>    config file [default: <repo>/nitpicker.toml, then ~/.nitpicker/config.toml]
--prompt <TEXT>    review instructions (optional, has a sensible default)
--analyze [PATH]   analyze existing code instead of reviewing changes
--no-debate        use parallel aggregation instead of actor-critic debate
--rounds <N>       maximum debate rounds [default: 5]
--max-turns <N>    maximum tool-use turns per agent or debate turn [default: 100 via config]
-v, --verbose      show info-level logs (hidden by default)

PR subcommand

nitpicker pr [URL] [--no-comment] [--no-debate] [--rounds N] [--max-turns N] [--prompt TEXT] [--repo .] [--config PATH] [--json] [-v]

Reviews a GitHub PR using its title, description, and diff. Requires the gh CLI (gh auth login to authenticate).

  • Without URL: reviews the current branch's open PR (must be run inside the repo)
  • With URL (https://github.com/owner/repo/pull/N): clones the repo i

Extension points exported contracts — how you extend this code

Tool (Interface)
(no doc) [7 implementers]
crates/nitpicker-agent/src/tools.rs
LLMClient (Interface)
(no doc) [9 implementers]
crates/nitpicker-agent/src/llm.rs
LLMClientDyn (Interface)
(no doc) [2 implementers]
crates/nitpicker-agent/src/llm.rs
WithRetryExt (Interface)
(no doc) [1 implementers]
crates/nitpicker-agent/src/llm.rs

Core symbols most depended-on inside this repo

wrapped_provider_error
called by 16
crates/nitpicker-agent/src/llm.rs
bar_message
called by 14
src/progress.rs
text
called by 13
crates/nitpicker-agent/src/llm.rs
add
called by 12
src/output.rs
build
called by 11
crates/nitpicker-agent/src/lib.rs
send
called by 11
crates/nitpicker-agent/src/codex.rs
into_arc
called by 10
crates/nitpicker-agent/src/llm.rs
base_url
called by 8
src/gemini_proxy/client.rs

Shape

Function 348
Method 103
Class 99
Enum 14
Interface 4

Languages

Rust100%

Modules by API surface

crates/nitpicker-agent/src/llm.rs81 symbols
crates/nitpicker-agent/src/codex.rs55 symbols
crates/nitpicker-agent/src/config.rs39 symbols
src/pr.rs32 symbols
crates/nitpicker-agent/src/tools.rs32 symbols
crates/nitpicker-agent/src/azure.rs30 symbols
crates/nitpicker-agent/src/agent.rs27 symbols
src/main.rs25 symbols
src/debate.rs25 symbols
src/progress.rs24 symbols
crates/nitpicker-agent/src/openrouter.rs21 symbols
src/detect.rs19 symbols

For agents

$ claude mcp add nitpicker \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact