Multi-reviewer code review using LLMs. Spawns parallel agents with different models/prompts, aggregates their feedback into a final verdict. Supports two modes — parallel aggregation and actor-critic debate — across two task types: code review and free-form questions.
Free Web version is available for open source projects.
Each reviewer is an agentic loop that can call tools (read files, grep, glob, git commands) to explore the repo before writing its review. Review prompts now encourage a quick initial map, a short working plan, and early subagent delegation for disjoint investigations. Tool outputs include lightweight headers and clearer truncation/no-match messages so agents can reason about partial evidence more reliably. A separate aggregator model deduplicates and synthesizes the individual reviews into a final verdict.
cargo install nitpicker
export ANTHROPIC_API_KEY="your-api-key-here"
nitpicker
nitpicker --repo /path/to/repo
nitpicker --repo /path/to/repo --prompt "focus on src/api/"
nitpicker --analyze src/components/
nitpicker --analyze # entire repo
nitpicker --no-debate
nitpicker --no-debate --analyze src/
nitpicker --no-debate --max-turns 40
nitpicker pr
nitpicker pr https://github.com/owner/repo/pull/42
nitpicker pr --no-comment
nitpicker pr https://github.com/owner/repo/pull/42 --no-comment
# force a fresh temp clone even when the URL points to your current repo
nitpicker pr https://github.com/owner/repo/pull/42 --clone
# machine-readable output for embedding (one JSON object on stdout)
nitpicker pr https://github.com/owner/repo/pull/42 --no-comment --json
nitpicker ask "should we use eyre or thiserror for error handling?"
nitpicker ask --no-debate "is this authentication flow secure?"
nitpicker ask --rounds 3 "should we split this module?"
nitpicker ask --max-turns 40 "should we split this module?"
Configuration is loaded from (first match wins):
--config <path> (explicit flag)nitpicker.toml in repo root~/.nitpicker/config.toml (global config)# create a config in current directory
nitpicker init
# prefer OpenRouter experimental free models when OPENROUTER_API_KEY is set
nitpicker init --free
# create a global config at ~/.nitpicker/config.toml
nitpicker init --global
Example nitpicker.toml:
[defaults]
debate = true # optional, default: true
max_turns = 100 # optional, default: 100
log_trajectories = false # optional, default: false
[aggregator]
model = "claude-sonnet-4-6"
provider = "anthropic"
max_tokens = 8192 # optional, default: 8192
[[reviewer]]
name = "claude" # used in output headers and logs
model = "claude-sonnet-4-6"
provider = "anthropic"
[[reviewer]]
name = "gpt"
model = "gpt-5.2-codex"
provider = "openai_compatible"
base_url = "https://api.openai.com/v1"
api_key_env = "OPENAI_API_KEY"
Tip: Use providers that were not used for the initial building of your codebase to enforce diversity of thought.
Unknown config keys are rejected. For example, use max_tokens for output length; token_limit is not a supported field.
Debate mode is enabled by default for nitpicker, nitpicker ask, and nitpicker pr. Pass --no-debate to use parallel aggregation for a single run. Use [defaults].max_turns or --max-turns to control the per-agent tool-use loop limit.
Set [defaults].log_trajectories = true to save per-agent JSONL traces and a final aggregation.json under ~/.nitpicker/sessions/session-<timestamp>-<pid>/.
provider |
Auth | Notes |
|---|---|---|
anthropic |
ANTHROPIC_API_KEY env var (or api_key_env), or auth = "azure-ad" |
base_url optional |
gemini |
GEMINI_API_KEY/GOOGLE_AI_API_KEY env var (or api_key_env), or auth = "agy-keyring" |
base_url optional (e.g. a local Gemini-compatible server); agy-keyring reuses the Antigravity CLI OAuth token from the system keyring — research only, see warning |
openai |
OPENAI_API_KEY env var (or api_key_env), auth = "azure-ad", or auth = "codex" |
codex reuses your ChatGPT subscription via the Codex CLI token — research only, see warning |
openrouter |
OPENROUTER_API_KEY env var (or api_key_env) |
explicit model names are recommended; model = "free" is experimental |
anthropic_compatible and openai_compatible are accepted as aliases for backward compatibility.
auth = "azure-ad" authenticates with a refreshing Azure AD (Entra ID) token instead of a static key — for OpenAI and Anthropic models hosted on Azure AI Foundry. Requires a build with the azure feature, see below.
auth = "codex" authenticates with your ChatGPT Plus/Pro (Codex) subscription instead of a paid API key, reusing the token the Codex CLI stores on disk, see below.
openrouter supports both explicit pinned models and an experimental free auto-selection mode.
Pinned models are the supported default and the recommended setup:
# recommended: explicit model
[[reviewer]]
name = "qwen"
model = "qwen/qwen3-30b-a3b"
provider = "openrouter"
Experimental best-effort free auto-selection is also available:
# experimental: auto-select a currently available free model
# omit `model` or set model = "free"
[[reviewer]]
provider = "openrouter"
# explicit experimental form
[[reviewer]]
model = "free"
provider = "openrouter"
When model is omitted or set to "free", nitpicker tries to pick a currently working free model at startup.
This mode is convenient, but it is not production-stable and may fail due to upstream availability, routing differences, or timeouts.
If you want predictable behavior, pin explicit model names instead of relying on free auto-selection.
export OPENROUTER_API_KEY="your-key"
A free OpenRouter account is sufficient for the experimental free mode — no credit card required, just rate limits.
[!CAUTION] Research only — do not use on a Google account you care about. AG2's Additional Terms of Service Section 6 prohibits "using the Service in connection with products not provided by us", which directly covers reusing the
agyOAuth token from a third-party client like nitpicker. Google has been actively enforcing this in 2026: paid AI Ultra subscribers have received account suspensions, often without warning, for using third-party AG2 OAuth bridges (OpenClaw, OpenCode, Pi Agent). Detection appears aggressive — even light testing has triggered bans. The earliergemini-cliOAuth path was discouraged on similar grounds (discussion). If you want billed Gemini access without this risk, setGEMINI_API_KEYand drop theauthline.
AG2 is Google's current agentic IDE, succeeding both the older Gemini CLI OAuth path and the earlier AG1 preview. The gemini-3.x family ships only through AG2's CloudCode backend, so auth = "agy-keyring" exists purely as a research path to compare those models against the rest of the reviewer pool, with full awareness of the ToS posture above.
The proxy reads agy's OAuth token from the system keyring (service=gemini, account=antigravity) via the keyring crate (Secret Service on Linux, Keychain on macOS, Credential Manager on Windows), relies on agy to refresh it, and routes chat through CloudCode's v1internal:streamGenerateContent SSE endpoint. Run agy and complete its login first. NITPICKER_ANTIGRAVITY_PLATFORM can override the auto-detected platform enum if needed.
This path requires a build with the antigravity feature (off by default, since it pulls in the local proxy stack — axum — and the keyring crate with its native backends):
cargo build --release --features antigravity
# or: cargo install --features antigravity ...
Without the feature, auth = "agy-keyring" is rejected at config validation with a build hint, and nitpicker init won't offer the keyring reviewer.
Tested AG2 models (current author config): gemini-3.1-pro-low, gemini-3.5-flash-low. Other IDs returned by fetchAvailableModels (e.g. gemini-3-flash-agent) likely work but have not been exercised.
[aggregator]
model = "gemini-3.5-flash-low"
provider = "gemini"
auth = "agy-keyring"
[[reviewer]]
name = "gemini"
model = "gemini-3.1-pro-low"
provider = "gemini"
auth = "agy-keyring"
[!CAUTION] Research only. This reuses the OpenAI Codex CLI's public OAuth client to call OpenAI through your ChatGPT Plus/Pro subscription. Third-party use of that client is arguably outside OpenAI's terms — same posture as the Antigravity path above. Use a paid
OPENAI_API_KEYfor anything you care about.
auth = "codex" (on an openai reviewer/aggregator) reuses the OAuth token the Codex CLI stores in ~/.codex/auth.json. Log in once with codex login (choosing your ChatGPT account, not an API key); nitpicker reads the token read-only and refreshes the short-lived access token in-memory via the refresh token — it never writes back to auth.json. Set CODEX_HOME to override the token directory.
Under the hood this talks to the Codex subscription endpoint (chatgpt.com/backend-api/codex/responses), which speaks the OpenAI Responses API with subscription-specific quirks (a required top-level system prompt, mandatory streaming, store: false, no max_output_tokens, and encrypted reasoning items round-tripped across turns since nothing is server-side persisted); nitpicker handles all of that transparently. No API-key env var is needed.
Models are your subscription's Codex models (e.g. gpt-5.4, gpt-5.4-mini, gpt-5.5):
[aggregator]
model = "gpt-5.4"
provider = "openai"
auth = "codex"
[[reviewer]]
name = "codex"
model = "gpt-5.4"
provider = "openai"
auth = "codex"
Call OpenAI and Anthropic models hosted on Azure AI Foundry using a short-lived Azure AD (Entra ID) token instead of a static key. nitpicker acquires the token via the Azure SDK and transparently refreshes it (rebuilding the client before the token expires), so long reviews and debates don't die mid-run — the equivalent of the Python SDK's azure_ad_token_provider.
This path requires a build with the azure feature (off by default, since it pulls in the Azure SDK and needs Rust 1.88+):
cargo build --release --features azure
# or: cargo install --features azure ...
Set auth = "azure-ad" on an openai or anthropic reviewer/aggregator and point base_url at your Foundry endpoint:
[[reviewer]]
name = "gpt"
provider = "openai" # OpenAI models → /openai/v1
base_url = "https://<resource>.services.ai.azure.com/openai/v1"
model = "gpt-4o" # your Foundry deployment / model
auth = "azure-ad"
[[reviewer]]
name = "claude"
provider = "anthropic" # Anthropic models → /anthropic
base_url = "https://<resource>.services.ai.azure.com/anthropic"
model = "claude-sonnet-4-5"
auth = "azure-ad"
azure_credentials = "dev" # optional, see below
Optional per-reviewer/aggregator fields:
azure_scope — AAD token scope. Defaults to https://cognitiveservices.azure.com/.default.azure_credentials — selects the credential chain, mirroring the Azure SDK's AZURE_TOKEN_CREDENTIALS:"dev" — developer tools only (az login, Azure Developer CLI), excluding managed identity. Use on a VM where you want az login instead of a system-assigned managed identity."prod" — env service principal (AZURE_TENANT_ID/AZURE_CLIENT_ID/AZURE_CLIENT_SECRET), then managed identity."auto" — env service principal → managed identity → developer tools, in that order.If unset, the AZURE_TOKEN_CREDENTIALS env var is honored as a fallback.
nitpicker [OPTIONS]
nitpicker ask [--no-debate] [--rounds N] [--max-turns N] [OPTIONS] <topic>
nitpicker pr [URL] [--no-comment] [--no-debate] [--rounds N] [--max-turns N] [OPTIONS]
nitpicker init [--global] [--free]
--repo <PATH> git repository to review [default: .]
--config <PATH> config file [default: <repo>/nitpicker.toml, then ~/.nitpicker/config.toml]
--prompt <TEXT> review instructions (optional, has a sensible default)
--analyze [PATH] analyze existing code instead of reviewing changes
--no-debate use parallel aggregation instead of actor-critic debate
--rounds <N> maximum debate rounds [default: 5]
--max-turns <N> maximum tool-use turns per agent or debate turn [default: 100 via config]
-v, --verbose show info-level logs (hidden by default)
nitpicker pr [URL] [--no-comment] [--no-debate] [--rounds N] [--max-turns N] [--prompt TEXT] [--repo .] [--config PATH] [--json] [-v]
Reviews a GitHub PR using its title, description, and diff. Requires the gh CLI (gh auth login to authenticate).
URL: reviews the current branch's open PR (must be run inside the repo)URL (https://github.com/owner/repo/pull/N): clones the repo i$ claude mcp add nitpicker \
-- python -m otcore.mcp_server <graph>