Self-hosting

REES enrichment

REES runs external or heavier analyzers and returns a public-safe brief that the AI reviewer can use.

Where REES fits

REES fires inside the AI review path. It is not a separate status check, dashboard report, or PR attachment. When it returns a non-empty promptSection, the engine folds that brief into the AI reviewer prompt. The final result is seen only through the normal AI review summary, blockers, risks, nits, and decision.

A 200 response with no findings can produce no rendered brief. That is expected: the review proceeds as if REES had no useful extra context for that PR.

When it fires

AI review is running: The PR must reach the AI review path: review mode is not off, the author is reviewable, and the PR has a head SHA.
Repo is allowlisted: The repo must be listed in GITTENSORY_REVIEW_REPOS, the same cutover allowlist used by the other per-PR review features.
REES is enabled: GITTENSORY_REVIEW_ENRICHMENT must be truthy and REES_URL must be set. Otherwise no REES request is made.
Service auth matches: If the service has REES_SHARED_SECRET configured, the engine must send the same bearer secret.

Engine configuration

.env

GITTENSORY_REVIEW_REPOS=owner/repo
GITTENSORY_REVIEW_ENRICHMENT=true
REES_URL=https://enrichment.example.internal
REES_SHARED_SECRET=<shared-secret>
REES_TIMEOUT_MS=8000
REES_FORWARD_GITHUB_TOKEN=true
REES_ANALYZERS=all

GITTENSORY_REVIEW_ENRICHMENT: Global switch. Must be truthy and REES_URL must be set.
GITTENSORY_REVIEW_REPOS: Repo allowlist. REES only runs for allowlisted repos.
REES_SHARED_SECRET: Bearer secret shared with the REES service. Keep it out of code and images.
REES_TIMEOUT_MS: Request timeout. Defaults to 8000 ms and is clamped to at least 1000 ms.
REES_FORWARD_GITHUB_TOKEN: Defaults to true. Sends a GitHub read token so token-aware analyzers can read CODEOWNERS and blob sizes. Set false to keep tokens out of the REES request.

Disable cleanly

Set GITTENSORY_REVIEW_ENRICHMENT=false to turn off REES for the whole instance. To keep REES configured but prevent a repo from using it, remove that repo from GITTENSORY_REVIEW_REPOS. To keep REES enabled but prevent token forwarding, set REES_FORWARD_GITHUB_TOKEN=false.

.env

# Full REES off switch:
GITTENSORY_REVIEW_ENRICHMENT=false

# Keep REES on, but do not send a GitHub token to the service:
REES_FORWARD_GITHUB_TOKEN=false

Analyzer selection

Leave REES_ANALYZERS unset, all, or * to run the full REES registry. To run a subset, use exact comma-separated analyzer names. Unknown names are ignored with a rees_analyzer_config_invalid warning and the remaining valid analyzers still run. If every configured name is invalid, the engine sends an empty analyzer list so the typo fails closed instead of running the full registry.

.env

REES_ANALYZERS=secret,actionPin,redos

current analyzer names

dependency
lockfileDrift
secret
license
installScript
actionPin
eol
redos
provenance
codeowners
secretLog
assetWeight
typosquat

See the REES analyzer reference for each analyzer's inputs, network behavior, and finding shape.

Request boundary

When enabled, the engine POSTs the repo name, PR number, head SHA, base SHA when GitHub supplies it, title, changed file paths, changed file patches, and review diff to REES_URL. By default it also forwards a GitHub read token when one is available, so GitHub API analyzers can read private CODEOWNERS and blob sizes. The engine prefers a short-lived installation token and falls back to GITHUB_PUBLIC_TOKEN. Set REES_FORWARD_GITHUB_TOKEN=false if the REES service is outside your trust boundary.

Do not point REES_URL at a service you do not trust with PR diffs. Token forwarding is optional, but the diff/files themselves can contain private code.

Service configuration

The REES service must use the matching REES_SHARED_SECRET. Optional Sentry env captures analyzer degradations without logging request bodies, tokens, diffs, or review content.

REES service env

REES_SHARED_SECRET=<shared-secret>
SENTRY_DSN=
SENTRY_ENVIRONMENT=production
SENTRY_TRACES_SAMPLE_RATE=0

Failure behavior

Transport failure: The engine logs review_context_fetch_failed with contextType=enrichment and continues without REES context.
Analyzer failure: REES marks that analyzer degraded, may set partial=true, and returns findings from the analyzers that completed.
Empty brief: No prompt section is spliced into the AI review. The review proceeds with diff, grounding, and RAG context only.
Auth rejection: 401/403 responses log authRejected=true, authConfigured, authHeaderSent, and whether the secret was normalized before sending.

Security boundary

REES output is untrusted advisory context. The engine sanitizes the public brief and never accepts REES-provided system instructions.

For broader secret handling, see Self-host security.

← PreviousAI providers Next →REES analyzers