Early access

Review faster.
Ship with more confidence.

Northstar reads every pull request on GitHub and Azure DevOps, grades its delivery risk, points reviewers at what matters, and drafts release notes — without ever storing your diffs or replacing human judgement.

GitHub & Azure DevOps GitHub / Microsoft sign-in Teams & Slack alerts
Northstar analysis
🤖 AI-assisted
PR #247 · Update JWT token handlerHIGH

Rewrites session token issuance and expiry. Touches authentication and identity handling — the highest-blast-radius area in the change.

highSession tokens are not invalidated on password reset.
mediumNew expiry path lacks a regression test.
◆ risk: hightests: warning+142 / −38

0

diffs kept on disk

processed in memory, then discarded

1

AI call per revision

cached, gated, and budget-capped

2

providers, one workspace

GitHub and Azure DevOps

How it works

From webhook to reviewed, in one quiet pass.

01

Connect your provider

Authorise GitHub or Azure DevOps with least-privilege scopes. Work/school Entra accounts use OAuth; personal accounts connect with a Personal Access Token.

02

Every PR becomes a signal

Changed files and patch metadata are analysed asynchronously into a risk grade, reviewer guidance, missing-test and security findings, and a concise summary.

03

Route it to the right people

A tidy review comment lands on the PR, and high-risk alerts reach Teams, Slack, or the dashboard before the change slips through.

What you get

Precise where it counts. Quiet everywhere else.

Risk classification

Know which PRs actually need a senior reviewer.

High, medium, and low grades are derived from file paths, diff size, review heuristics, and provider context — so triage takes seconds, not a standup.

PR #247 · auth/login.ts, auth/session.tsHIGH

Authentication paths changed · token & identity handling · +142 / −38

Reviewer focus: token expiry and session invalidation. Start with auth/session.ts.

Diff retention

Patch data never touches disk.

0

bytes of diff stored permanently

Patches are analysed in memory, secret-redacted, then discarded. Only the risk signal is kept.

Release notes

Completion notes for every audience.

TechnicalBusiness

#247 auth — high · token expiry paths

#244 api — medium · contract change

○ #241 docs — low · README update

Polished summaries after merge, pitched at the right level for engineers or stakeholders.

Smart routing

High-risk alerts arrive before reviewers open the PR.

Teams and Slack notifications, provider-tagged dashboard views, and monitored queues keep GitHub and Azure DevOps work visible in one place.

High-risk PR: Update JWT token handler

just now

Teams · northstar-alerts

PR digest: 4 merged this sprint

3m ago

Slack · #eng-releases

Privacy by design

No diff retention

Patch content lives in memory during analysis only. Nothing is written to permanent storage.

Secret redaction

Pattern and entropy checks scrub API keys, tokens, and connection strings before analysis begins.

Human in the loop

Every recommendation is advisory. Northstar surfaces the risk — your team makes the call.

Minimal permissions

OAuth scopes stay narrow, sign-in supports GitHub and Microsoft, and reconnect stays explicit and revocable.

Simple, predictable pricing

One flat price. No per-seat math.

Most review tools bill for every developer, so the invoice climbs each time you hire. We charge one clear monthly price for a generous pool of pull-request analyses that your whole team shares. Grow the team without growing the bill — priced by the work you ship, not the people you employ.

Priced on your code, not your headcount

Add as many engineers as you like. Your plan scales with pull-request volume — never with seat counts or per-user fees.

No surprises on the invoice

A single flat rate with a clear analysis allowance. No background usage meters, no overage shocks, no seat audits at renewal.

Higher tiers, honestly better value

Move up for unlimited repositories, a much larger analysis pool, advanced risk analytics, release notes, and audit logs — what growing teams genuinely need.

Connect your first repository in a couple of minutes.

Start free, sign in with GitHub or Microsoft, and bring review risk, release notes, and alerts into one workflow.