Every AI comment is gated through human approval before it posts to GitHub. Unlike CodeRabbit, Greptile, and Copilot — nothing auto-publishes. Free for OSS. $20/mo flat for teams.
These are bugs PullLight found in production open-source repos. CVSS scores from NVD.
Every other tool in this space trains engineers to ignore it. Here's why PullLight is different.
When the webhook fires, Claude analyzes the diff and queues findings at /reviews. Nothing auto-publishes. Zero. A comment that appears on a PR is one a human decided was worth the developer's attention.
You configure the minimum severity per repo — show me CRITICAL + HIGH only, or everything. PullLight's prompt is tuned to ignore formatting, whitespace, and style nitpicks unless you explicitly ask for them.
CodeRabbit charges $19–$24/dev/mo. Greptile $30/dev/mo + overages. At 10 developers, that's $190–$400/mo. PullLight is $20 for the whole team. The price is locked for early-access teams.
| Feature | ◈ PullLight | CodeRabbit | Greptile | Copilot |
|---|---|---|---|---|
| Human approval gate | Yes | No | No | No |
| Pricing model | $20 flat/team | Per seat | Per seat + overages | Per seat |
| Noise level | Low | High | Medium | High |
| Free for OSS | Yes | Limited | No | With Copilot |
Pricing verified from public sources June 2026. Full comparison →
CodeRabbit auto-publishes every comment it generates — directly to GitHub, on every PR, before any human sees it. PullLight queues findings for human review at /reviews. Nothing posts until you approve it. That's the core distinction. CodeRabbit is also $19–$24/dev/mo; PullLight is $20/mo for the whole team.
Claude sees the PR diff — the same text that appears in a GitHub PR's "Files changed" tab. It does not see your full codebase, your git history, or any private context beyond the diff. We do not train on your code, store diffs after analysis, or use your findings to improve models. Full data and security policy at /trust →
Go to github.com/settings/installations, find PullLight, click Configure → Uninstall. That's it. No data is retained after uninstall. PullLight stops receiving webhooks immediately.
Any language Claude can read — which is essentially every mainstream language: JavaScript, TypeScript, Python, Go, Rust, Java, C, C++, C#, Ruby, PHP, Swift, Kotlin, and more. PullLight reviews diffs, so it works on any file type Claude can analyze, including config files, SQL, and infrastructure-as-code.
Self-hosting is on the roadmap. The current version is cloud-hosted only — you install the GitHub App and reviews flow through PullLight's infrastructure. If self-hosting is a hard requirement for your team, see our data handling policy and reach out via the feedback button.