Revieko
Repo-aware structural signals for PR review
Revieko
Repo-aware structural signals for PR review
Most agent attacks don't arrive in one prompt
Omega Walls is a stateful runtime trust boundary for RAG and AI agents.
It catches distributed, cocktail, and multi-step attacks before untrusted content shapes context or triggers tools.
Apache-2.0 • OSS Core • GitHub
Revieko · High risk | risk=58.7 | hotspots=6
Architecture drift detected
def validate(x): # ← hotspot: nested_logic if x < 0: # ← hotspot: magic_num return False return True result = calc(x) + 5 # ← hotspot: side_effect class API: # ← hotspot: stateful def __init__(self): self.conn = None# ← hotspot: hidden_dep
A COMPLETE WORKFLOW
Real agent attacks don't arrive as one obvious prompt
Revieko doesn’t replace review. It makes structural change observable, so humans can focus judgment where it matters.
Your agent reads external data as evidence
Web pages, emails, tickets, attachments, tool outputs enter your agent's reasoning loop as trusted data.
Each chunk may look harmless alone
Intent spreads across chunks
Malicious instructions can be distributed across documents, session steps, and tool outputs.
Together they push the agent to bad actions
Each chunk looks harmless
In isolation, no single chunk triggers a one-shot filter.
Together they push the agent to bad actions
A COMPLETE WORKFLOW
Built for the attacks one-shot filters miss
Revieko doesn’t replace review. It makes structural change observable, so humans can focus judgment where it matters.
BEFORE CONTEXT ASSEMBLY
Every untrusted chunk passes through π + Ω before reaching the model. Blocked docs never enter the reasoning loop.
AT TOOL EXECUTION
All tool calls route through ToolGateway. Dangerous actions freeze fail-closed, even if the model requests them.
A COMPLETE WORKFLOW
Built for the attacks one-shot filters miss
Revieko doesn’t replace review. It makes structural change observable, so humans can focus judgment where it matters.
Stateful by design
Risk accumulates across session steps — not per-chunk scoring.
Catches attacks spread across documents, time, and goals.
Deterministic containment
Block, freeze, quarantine, escalate — not just a risk score.
SOFT_BLOCK · TOOL_FREEZE · SOURCE_QUARANTINE · HUMAN_ESCALATE
Attribution you can inspect
See which docs contributed and why action was taken.
Structured events for replay, audit, and incident response.
A COMPLETE WORKFLOW
Measured on multi-step attack flows
Revieko doesn’t replace review. It makes structural change observable, so humans can focus judgment where it matters.
| Metric | Value |
|---|---|
| Session attack off-rate | 97.92% |
| Benign off-rate | 0.00% |
| Cross-session attack off | 83.33% |
| Precision (WAInjectBench) | 91.4% |
| Steps-to-Off (median) | 3 |
WHY THIS MATTERS
Real agent attacks don’t arrive as one obvious prompt
Your agent reads external data — web pages, emails, tickets, attachments, tool outputs — and treats it as evidence.
- external docs, emails, tickets, attachments, tool outputs look like evidence
- malicious intent can be spread across chunks and steps
- each chunk may look harmless in isolation
- together they push the agent toward bad context or bad action
The catch: attacks are often not in one obvious prompt.
They're spread across documents, session steps, and goals.
Each chunk looks harmless alone.
Together, they push the agent to a dangerous action.
One-shot filters miss this.
Linters and tests can stay green while structure quietly shifts.
WHY THIS MATTERS
THE SOLUTION
Omega Walls inserts a deterministic trust boundary at two critical points:
1. Before final context assembly
— Every untrusted chunk passes through the π-projector
— Risk pressure is measured across 4 walls:
• instruction override
• secret exfiltration
• tool abuse
• policy evasion
— Only chunks below threshold reach the model
2. At the tool execution chokepoint
— All tool calls route through ToolGateway
— On policy trigger: fail-closed blocking
— Dangerous actions never execute, even if the model requests them
We don't evaluate chunks in isolation.
We accumulate risk across the session (scar-mass) and act on combinations.
Linters and tests can stay green while structure quietly shifts.
INSTALL ONCE
Every PR gets an attention map
Baseline builds automatically from your repo history. No setup required to start.
Baseline builds automatically
Revieko learns repo-specific invariants from history.
Get focused PR review
Risk summary + top hotspots + per-file actions — in one evolving comment.
WHY THIS MATTERS
Drift hides inside “reasonable” changes
Tests can pass while architectural drift accumulates. The code works — the structure shifts. The cost shows up later as cognitive load, slower changes, and more regressions.
- AI increases PR volume and PR size.
- Humans still own judgment and accountability.
- The bottleneck moved: writing code → validation and trust.
Revieko is a structural radar: it points you to hotspots where review judgment is most likely required.
Linters and tests can stay green while structure quietly shifts.
AI AT MACHINE SPEED
AI optimizes locally. Structure breaks globally
Agents can generate locally-correct code at machine speed. But they can violate repo norms, boundaries, and contracts — even when tests pass.
Revieko surfaces repo-level drift, boundaries, and blast radius as high-signal hotspots, so reviewers can triage risk fast — without reading 2,000 lines.
Works great for Cursor/Copilot/agents PRs
Focuses on structure, not cosmetics
A change can work locally while violating repo-level boundaries.
01 · PR comment
Risk summary + top hotspots.
Revieko PR review: HIGH
risk=58.7 | hotspots=6
Top hotspots:
- struct_pattern_break (yield+state)
- new_abstraction
- hidden_dep
Actions:
- Requires attention in checkout/
02 · Status check
Fail / warn / pass — configurable.
Status: WARN
Reason:
Structural drift detected
Default: warn (not block)
Configure policies later
03 · Full report
HTML/MD/JSON when you need depth.
Report includes:
- hotspots (line-level)
- per-file actions
- glossary (drift types)
- exports: html/md/json
WHAT IT SURFACES
High-signal structural drift — line by line
Not cosmetics. Not lint noise. Hotspots point to concrete lines where structure deviates from your repo baseline.
Revieko · High risk | risk=69.49 | hotspots=10
These hotspots = top 5% to review first
def _goal_generator(history): # ← hotspot: struct_pattern_break (yield + state)
if all(norm(goal - g) > 2.0 for g in history[-3:]): # ← hotspot: struct_pattern_break (complex filter)
yield goal
damped = J.T @ J + damping * np.eye(N) # ← hotspot: struct_pattern_break (algorithmic shift)
class _StateManager: # ← hotspot: struct_pattern_break (new abstraction)
pass
Common drift signals
- Architectural drift — new abstractions and responsibilities appear or shift
- Boundary drift — cross-module moves that increase coupling
- Hidden coupling — implicit dependencies introduced
- State introduced — stateful objects appear where the repo is typically stateless
- Control-flow complexity — generators with state, dense branching, deep nesting
- Heuristic drift — mixed rules without clear rationale
- Pattern breaks — structure deviates from repo baseline (the “almost right” trap)
What it does NOT do
- No style nitpicks
- No generic best-practice spam
- No wall of comments
- Not a linter. Not a bug finder
- Signals only where structure deviates
High signal-to-noise by design.
HIGH SIGNAL-TO-NOISE
Designed to stay useful at scale
Pointed highlights, structural guardrails, transparent outputs — so review stays human-sized.
Pointed highlights
Top hotspots concentrate most structural risk. No review spam.
Structural guardrails
Focused on repo-specific invariants — not cosmetics.
Transparent outputs
Short PR summary + full report + glossary when you need depth.
BY ROLE
What you get — depending on what you own.
Same signal, different outcomes: faster triage, clearer ownership, steadier architecture.
Developers
Tech leads
Engineering managers
- Less review churn: reviewers focus on hotspots, not everything.
- Faster time-to-trust for AI-generated changes.
- Clear “what changed structurally” without reading thousands of lines.
- Repo-aware guardrails that evolve with your codebase.
- Early detection of architectural drift before it compounds.
- Better alignment: structure becomes observable in PRs.
- Reduced review drag and fewer rubber-stamped PRs.
- More consistent gates without blocking dev flow (default: warn).
- Clearer ownership and less hidden complexity over time.
PLANS THAT GROW WITH YOU
Start free. Upgrade when it proves value
Revieko is read-only by default, runs on diffs, and stays low-noise.
FREE
$0 / month
- Core PR comment + status check
- Read-only by default
- Runs on diffs
- Uninstall anytime
TEAM (pilot)
pilot / month
- Org-wide settings
- Reporting
- Advanced controls
- Best for teams standardizing review guardrails
ENTERPRISE (pilot)
Custom
- SSO / audit logs
- Org-wide governance
- Security & compliance options
- Dedicated support
FAQ
Quick answers for busy reviewers
Short and practical. No hand-wavy promises.
Does it replace code review?
No. Revieko shortens time-to-trust by surfacing where judgment is needed most — hotspots and per-file actions, not a replacement for human accountability.
Will this create review theater?
No. Revieko is built for high-signal triage: a small set of top hotspots, not a stream of comments. The goal is to reduce cognitive load and make review more real — not more performative.
How does Revieko reduce ownership debt from AI-generated code?
By making structural change observable. Hotspots show where the repo’s structure bends so humans can explicitly accept, adjust, or reject the shift. As your team adopts new patterns, the repo baseline can refresh so accepted structure stops being flagged as anomalous.
Is this a linter or a security scanner?
No. Linters enforce style and local rules. Security scanners focus on known vulnerabilities. Revieko targets repo-abnormal structural drift: boundary moves, hidden coupling, state introduced, and other “correct-but-dangerous” shifts.
How does baseline work?
Revieko builds a repo-specific baseline from your repo history and compares new PR diffs against that baseline. The baseline can evolve over time as your repo changes and accepted patterns become normal.
Does it block merges?
Default: warn (not block). You can configure pass / warn / fail policies later.
STILL HAVE QUESTIONS
Don’t trust us — ask your favorite LLM
>_ What makes Revieko different from linters, code review bots, and generic LLM reviewers — and why might it be a better choice for my team?
Pick your oracle:
UNDER THE HOOD
Structural ML (not LLM semantics)
Revieko treats code as structural complexity — not as natural language. It scores deviations relative to your repo baseline and surfaces high-signal hotspots for review triage.
How it works
We encode code structure into a compact representation and score structural deviations relative to your repo baseline. The output is intentionally human-sized: a short PR summary plus a full report when you need it.
Want the deep dive? Learn more under the hood →
Under the hood: compact structural representation → deviation scoring → hotspots
© 2026 • Build systems that reconstruct the structure of reality