Use case

AI code review with the governance turned on.

Automated PR review with diff-level PII scanning, per-repo configuration, and cost backed by credits — not an unbounded API bill.

AI code review is one of the highest-leverage applications of LLMs in developer tooling. It’s also one of the riskiest: diffs contain secrets, API keys, and connection strings; review runs on every push, which means costs compound fast; and per-repo policies differ — what’s fine in a service repo isn’t fine in a marketing site.

SchneeAI runs its own code review product on the same platform the Gateway provides. Every review reserves credits, scans the diff for 17 PII categories before sending it to the model, applies per-repo configuration loaded from .schneeai.yml, and posts a structured summary back to the PR. The same building blocks are available to your team.

What you ship

  • A GitHub App that reviews PRs on open and push — diff-only summary review, with risk classification and suggested follow-ups.
  • Per-repo configuration — language, tone, path filters, and custom instructions loaded from a YAML file in the repo.
  • Cost control — credits reserve before the run, settle when the model responds, release on failure. Reviews never spend more than the budget allows.

What SchneeAI handles

ConcernPlatform support
Secrets in diffs17 PII categories scanned pre-call; critical findings block the run
Cost controlCredit ledger with reserve / settle / release semantics
Per-repo configYAML loader with safe defaults and validation
Diff filteringPath filters and glob matching before the model sees the diff
IdempotencyWebhook delivery IDs deduplicated for 24 hours
Model routingFlash-tier models for summaries, premium for deep reviews

How it fits

A PR opens. The GitHub App receives the webhook, fetches the diff, and filters it through path rules from .schneeai.yml. SchneeAI reserves credits, scans the filtered diff for PII (masking or blocking as policy dictates), sends the rendered prompt to the configured model, settles the credits against the actual token usage, and posts a Markdown summary back to the PR. The whole run is an audit event tied to the repo, the PR, and the commit SHA.

That’s the same platform that runs SchneeAI’s own review product. The same governance, the same cost discipline, the same audit trail.