Codebase immune system
Gets smarter
every PR.
CodeTitan learns your repo and catches things no generic scanner ever will — launching as a GitHub Action and CLI for JS/TS teams.
How it works
From install to intelligent review in one sprint.
- 01
Add the Action in 30 seconds
Paste one workflow file into your repo. No npm install, no configuration, no build step. On the first PR it's already running.
- 02
Every PR gets a Risk Score
CodeTitan runs 266+ JS/TS rules, detects AI-generated code patterns, and posts a Risk Score with inline file annotations directly in the pull request. Findings link to exact lines.
- 03
The profile learns your repo
Every merged PR, dismissed finding, and applied fix trains a per-repo learned profile. After a month it catches things no generic scanner ever will — because it knows your codebase, not just the language.
How to use it
Two surfaces. Zero friction.
# .github/workflows/codetitan.yml
name: CodeTitan
on: [pull_request]
jobs:
review:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
security-events: write
steps:
- uses: actions/checkout@v4
with: { fetch-depth: 0 }
- uses: Noa-Lia/codetitan-action@v1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
fail-on-severity: HIGH
format: bothRuns on every PR. Annotates changed files, posts a Risk Score comment, and optionally blocks merge on high-severity findings.
# Install
npm install -g @noalia/codetitan-cli
# Analyse the current repo (no AI, fast)
codetitan analyze . --no-ai --format json
# Analyse only what changed vs main
codetitan analyze . --changed-only
# Preview auto-fixes before applying
codetitan fix . --dry-runRun locally before you push, or drop into any CI pipeline. Diff-aware mode only analyses changed files — fast enough for pre-commit hooks.
Private preview
Get in before launch.
Leave your work email — we'll reach out when the private preview opens.