What it is, what it isn't

What it is

Reads your auth state from local files only — env vars and parsed contents of ~/.claude/sessions/, ~/.gemini/google_accounts.json, ~/.codex/auth.json, plus the presence of a login session under ~/.copilot/ (to detect login state); never transmits credentials
Each LLM call goes against the endpoint you configured — every authenticated CLI runs as a subprocess and every llms.<name>.base_url entry runs as an HTTP provider agent (Ollama, vLLM, OpenAI-compat, etc.); your account, your key, your quota
A local CLI that reviews a git diff using LLMs you've already authenticated
An orchestrator that runs Claude / Gemini / Codex / Copilot CLIs in parallel and merges findings into one report
BYOK — your API key, requests go direct to the vendor (no middleman server)
A pre-commit gate — exits non-zero on major / critical findings so hooks can block the commit
A single Go binary — no Node, no Python, no Docker, no telemetry

What it isn't

A keychain scraper or credential-exfil tool — auth files are read locally to determine readiness, never sent anywhere
A proxy, mirror, or reseller running between you and the LLM — no local-review-operated relay, no shared capacity
A replacement for Claude's /review or /simplify — those are single-prompt commands; this is multi-LLM diff orchestration with merge and storage
"Code never leaves your machine" — the diff still goes to whichever LLM you authenticate (run Ollama for true offline)
A SaaS — no hosted dashboard, no account, no team collaboration features
A linter or static analyzer — it's LLM-based, with the heuristic tradeoffs that implies
A chat interface — reads a diff, prints findings, exits

Why local-review?

Privacy First

No SaaS signup, no telemetry, no auto-update calls. Your diff goes only to the LLM(s) you authenticate — point at Ollama for a fully-offline review.

Multi-LLM

Run Claude, Gemini, Codex, and Copilot in parallel; findings consolidated into one report with deduplication. Pre-flight readiness probe (v0.10.1+) shows ✓/✗ per agent in seconds — no more 4-minute waits on a doomed LLM.

Free Options

Works with the free tier from Claude (and Gemini until its 2026-06-18 sunset). No credit card required.

Fast Setup

Single binary, no Docker/Node required. Works on macOS, Linux, and Windows.

No Lock-In

Switch between LLM providers freely. Works with any OpenAI-compatible API.

Pre-Commit Hooks

Catch issues before they're committed. Perfect for team workflows.

Whole-Codebase Audit

local-review audit --topic security|tech-debt walks every tracked file, groups by package, and surfaces accumulated issues no diff would catch. Reports committed under audit/ next to the bench leaderboard.

Quick Start

Install

brew install mshykov/tap/local-review

Set up — picks a provider, writes .local-review.yml

local-review init

Review staged changes (init tells you which env var to export first)

local-review staged

Or audit the whole codebase for accumulated issues (--dry-run previews cost first)

local-review audit --topic security --dry-run

Supported LLMs

Claude

Free tier via the Claude CLI

✓ FREE

Default enabled

Antigravity (experimental)

Gemini CLI's successor (agy)

✓ FREE

Detected by doctor; not yet in the review fan-out

Gemini (sunset)

Free API key from Google

✓ FREE

Stops serving 2026-06-18 — migrate to Antigravity. v0.15+ auto-disables in the fan-out after the cutoff; set llms.gemini.force_after_sunset: true to opt back in.

Codex

ChatGPT Plus or OpenAI API key

$ OpenAI

Enabled when authenticated

You pay OpenAI. local-review is 100% free.

Copilot

GitHub Copilot subscription

$ GitHub

Enabled when authenticated

One Premium request per run. local-review is 100% free.

Supported Languages

Works on any language the LLM understands. Specialized prompt packs add language-specific idiom checks, security patterns, and pitfalls.

Any language

default pack

Universal review rules

Rust

.rs

Specialized pack

Go

.go

Specialized pack

TypeScript

.ts / .tsx

Specialized pack

Python

.py

Specialized pack

Swift

.swift

Specialized pack

Kotlin

.kt / .kts

Specialized pack

Liquid

.liquid

Specialized pack (Shopify)

More language packs on the way — add yours →

Want the checklist behind the tool?

Every rule local-review applies is published as a human-readable checklist — OWASP 2025-aligned, with severity tiers, concrete measurables, and the specialist-review prompts you don't get from generic checklists.

Use it for manual reviews, paste it into your team wiki, or run local-review review to get the same rules executed by an LLM in seconds.

Checklist

CHECKLIST.md

Security · Authentication

SEC-AUTH-1: protect every endpoint behind authCRITICAL
SEC-AUTH-2: rotate session tokens on privilege changeMAJOR

Correctness · Concurrency

COR-RACE-1: writes to shared maps hold the lockCRITICAL
COR-CTX-1: long ops observe context cancellationWARNING

+ 60 more rules across 8 categories…

Installation

🍺 Homebrew (macOS/Linux) RECOMMENDED

brew install mshykov/tap/local-review

📦 Download Binary

Download from GitHub Releases

Available for macOS, Linux, Windows — no dependencies required

🔧 Go Install

go install github.com/mshykov/local-review/cmd/local-review@latest