A seal of approval on every pull request.
Five specialists review every PR — Metis, Argus, Iris, Eunomia, and the synthesizer Harmonia. Believability isn’t a prompt; it’s a five-stage architecture that grounds, verifies, and anchors every finding before it posts. The mark only lands when the code earns it.
Not a wall of fluff. A verdict you can act on.
One structured comment: an effort estimate, quality gates, the files that matter ranked by risk, and every finding anchored to the exact line with a proof tier attached. Collapsible. Skimmable. Believable.
Everyone else ships model → comment.
We ship a pipeline where a finding can’t post unless it cites real evidence and survives execution. It’s the reason the hallucinated-finding count is zero by construction, not by luck.
Deterministic scans, AST rules, dep-vuln lookups — assembled before any model speaks.
The pantheon interprets evidence — each cites the manifest, never the abstract.
Provenance contracts, self-refutation, live execution. Uncited findings are dropped.
Every finding carries a proof tier — verified, grounded, or model.
Every dismissal trains a per-repo trust ledger. You tune it by disagreeing.
Five minds. One verdict.
A PR opens. The pantheon reviews in parallel. Harmonia collapses every overlapping signal into a single, anchored comment — the only thing you read.
sigilix bot reviewed · nowChanges requested1 finding posted inline · coverage: logic · security · performance · tests
1 finding · 1 inline · Proof: 1 grounded
The Knip wrapper and SARIF converter are well-implemented, following established runner patterns and security practices. One logic issue was identified where string truncation in the converter can produce invalid Unicode sequences.
Dismiss: @sigilix dismiss <reason> · Re-run: /sigilix review · Review #1 · 140b156
sigilixBot· last week_bounded_text truncation can split a multi-byte Unicode character, producing a broken surrogate pair in the SARIF message_bounded_text slices the string at text[: limit - 3] without regard to character boundaries. When text contains a multi-byte UTF-8 character (e.g. an emoji or a non-BMP codepoint like '𝒳') that straddles the cut point, the slice can split a surrogate pair, leaving a lone high surrogate in the output. The resulting SARIF message.text will carry an invalid Unicode sequence that downstream SARIF consumers may reject or render as a replacement character.
▸ Detailed reasoning
Example:
input:name = '𝒳' * 200 (200 copies of U+1D4B3 MATHEMATICAL SCRIPT CAPITAL X) limit = 500 actual:text[:497] slices at byte offset 497 — inside the 125th codepoint's 4-byte sequence SARIF consumer: may reject the invalid UTF-8 or render '�'
Suggested fix:
encoded = text.encode('utf-8')[: limit - 3] truncated = encoded.decode('utf-8', errors='ignore') returntruncated + '...'
▸ Prompt to fix with AI
Five specialists. One constellation.
Each is tuned for one class of failure. A single model hopes; the pantheon divides the surface area and Harmonia resolves the overlap.
Logic errors, dead code, naming drift, unreachable branches.
Secrets, injection, SSRF, auth bypass, OWASP patterns.
N+1 queries, re-renders, leaks, Big-O regressions.
Missing coverage, untested failure paths, brittle fixtures.
Dedupes, ranks by merge impact, writes the final verdict.
A vague ticket, traced to the line.
Sigilix meets your team where work already happens. It reviews pull requests, triages CI failures — turning a red build into a grounded root-cause comment instead of a raw log dump — and rewrites vague Linear issues into something an engineer can act on, mapped to the failure path.
rewritten by Sigilix · SIG-463 · P1The review earns context. Two lanes spend it.
Every PR reviewed deposits a verified, machine-usable understanding of your repo — index, code graph, trust ledger. Review-bots discard it. We build on it.
Review parity (sigilix review --staged) plus an agent that lands fixes with file:line receipts. Sigilix models — or bring your own.
↳ fetching verified subgraph…
✓ patch grounded · refund.ts:208
Ask “where do refunds get capped?” and get an answer assembled from the code graph — with file:line receipts, not a model’s recollection.
→ refund.ts:208 · billing/cap.ts:44
✓ grounded · 2 receipts
Stop re-buying context every session.
Context-blind agents rediscover your codebase on every task. A model working through Sigilix makes one grounded call — the exploration was already paid for by the review loop.
Others compete on volume. We compete on belief.
Same class of retrieval as the best. A believability engine no one else has on top — grounded, verified, anchored to the exact line, recall-safe.
CodeRabbit casts a wide net — and a real share of what it raises isn’t actionable. We optimize the opposite axis: every finding is grounded and verified before it posts; anything it can’t substantiate is demoted, not shown.
Greptile leads with whole-repo context; we run the same retrieval — vector + AST + dependency graph. The difference is what happens after: evidence schemas, verification before posting, and a provable guarantee no suppression path drops a P0/P1.
Greptile finds; Sigilix finds, proves, and anchors the proof — added or deleted line.
It learns the moment you disagree.
Every dismissal trains a per-repository trust ledger. Disagree once — in plain language, in the thread — and Sigilix stops raising that class of finding on future reviews. No model fine-tuning, and nothing is a black box: the memory is visible, removable, and auditable.