Open source · MIT · npm install -g review-harness

Multi-agent AI
code review, in parallel

A lightweight router analyzes your diff first and picks the most relevant experts — Security, Performance, Architecture, Correctness, Testing — each powered by a different model family. Never run a security agent on a CSS change again.

npm install -g review-harness
View on GitHub

How it works

Agent = Model + Harness. The harness handles routing, skills, state, and output. The models do the thinking.

git diff
Router
fast model — picks agents & skills from DiffSummary
Security
claude
Performance
gpt-4o
Architecture
gemini
Correctness
claude
Testing
claude
📋
Findings deduplicated & sorted by severity
pretty markdown json sarif
📄

Agents are data files

Each expert is a .md file with YAML frontmatter + system prompt. Drop one in ~/.crh/agents/ — no compilation, no restart.

Structured diff routing

The router sees a compact DiffSummary (file list, languages, key tokens), not the raw diff — so routing stays fast and accurate on large PRs.

🧠

Skills loaded at runtime

Agents see the full skill catalog as metadata and call request_skill mid-review to pull in checklists. They can also synthesize new ones on-the-fly.

🏛

Council mode

Run one agent across multiple model families — independent review, peer critique, then synthesis with agreement scores. Disagreement is real signal.

💾

Review history

Every review is persisted to SQLite with FTS5. Full-text search across all past findings: crh history --search "sql injection"

🔧

MCP server

Run crh serve --mcp and wire it into Claude Code. Call crh_review, crh_history, and more directly as tools.

See it in action

terminal
$ crh review --level standard --format pretty
↳ Router selected: security, correctness (2 agents)
↳ Running agents in parallel...

CRITICAL SQL Injection via raw query
src/db/users.ts:47 · security
Raw string interpolation in SELECT. Use parameterized queries.

HIGH Unhandled promise rejection
src/api/handler.ts:112 · correctness
await without try/catch — will crash the process on failure.

MEDIUM N+1 query in user listing
src/services/users.ts:88 · correctness

$ crh council --agent security --models anthropic/claude-opus-4-5,openai/gpt-4o,google/gemini-2.5-pro
Stage 1/3 — Independent review (3 models in parallel)
Stage 2/3 — Peer critique
Stage 3/3 — Synthesis

3/3 agree Missing rate limiting on auth endpoint
1/3 Consider CSRF token rotation (outlier)

Review levels

quick standard deep
Target latency< 30s30s – 2min2 – 10min
Max agents25all relevant
Ephemeral agents
Fail thresholdcriticalhighmedium

Exit code 0 = no findings above threshold. 1 = findings found. 2 = error. Override with --fail-on.

Built-in agents

Each agent's model can be overridden per-agent in ~/.crh/config.json.

security
claude-opus-4-5
Auth, injection, OWASP, secrets exposure
performance
gpt-4o
N+1 queries, O(n²) algorithms, memory leaks
architecture
gemini-2.5-pro
SOLID, coupling, layering, design patterns
correctness
claude-opus-4-5
Logic bugs, null deref, race conditions
testing
claude-opus-4-5
Coverage gaps, bad mocks, brittle tests
+ your own
Drop a .md file in ~/.crh/agents/ — zero compilation needed

Providers

OpenRouter
HTTP API — access Claude, GPT-4o, Gemini, and 200+ models from one key
OPENROUTER_API_KEY
Claude CLI
Spawns your local claude process — no API key needed if you're already logged in
Claude Code installed
Codex CLI
Spawns your local codex process for OpenAI models
Codex CLI installed

Get started in 60 seconds

1
Install
npm install -g review-harness
2
Configure your provider
crh init
Interactive wizard — choose OpenRouter, Claude CLI, or Codex CLI
3
Review your last commit
crh review
4
Or wire into GitHub Actions
on: pull_request: types: [opened, synchronize] # Add OPENROUTER_API_KEY to repo secrets # A ready-to-use workflow is in .github/workflows/

Ready to ship with more confidence?

Open source, MIT licensed. Works with any git repo.

npm install -g review-harness
View on GitHub →