Shift-left · Analysis from the first commit

Ixtli reviews.
Your team ships.

Ixtli Reviewer detects bugs, vulnerabilities, dead code, exposed secrets, and technical debt on every commit, PR, and development session — with deep static analysis, not just text patterns.

controllers/user.ts — PR #312
81async function getUser(req, res) {
82 const id = req.params.id
83- const q = `SELECT * FROM users WHERE id=${{id}`
84+ const q = 'SELECT * FROM users WHERE id=?'
85+ // Ixtli: sanitized parameter ✓
CriticalSQL Injection — CWE-89
The id parameter is directly interpolated without sanitization.
→ Fix applied: parameterized query
91import crypto from 'node:crypto'
92 createHash('md5').update(password)
WarningHash deprecado — MD5
MD5 is not suitable for password hashing. Use bcrypt or argon2.
AST + CFG + DFG
Own static analysis
5 fuentes
Vulnerability engine
Web, CLI y MCP
Works with any IDE
0%
Training on your code
Backed by
🟢NVIDIA Inception🔷Microsoft for Startups🌊DigitalOcean Partner
Published on PyPI · Compatible with VS Code · Claude · Codex
How it works

Catch bugs
before they cost.

The shift-left approach means intervening early — when the cost of fixing a bug is minimal. Ixtli lives in your terminal, your editor, and your CI pipeline. Not at the end of the process: at every step.

💻
Local development
Dev writes code
No real-time review. Issues pile up silently.
🐕
Pre-commit / MCP
Ixtli enters here
Analyzes modified files before the commit. Detects bugs, secrets, vulnerabilities, and quality issues with full code tree context.
⚡ CLI · MCP · git hook
🐕
Pull Request / Merge Request
Automated PR review
Runs automatically when the PR is opened. Generates a findings report, risk analysis, and ready-to-apply code suggestions.
⚡ GitHub · GitLab · Gitea
🚀
Production
Clean code in main
Issues have already been detected and fixed. The tech lead approves with confidence.
⌨️

CLI — Analysis from the terminal

Analyze a file, folder, your session's modified files, or staged files. Automatically differentiates between code, dependencies, and IaC.

ixtli review --modified
🔌

MCP — In your favorite editor

Published on PyPI. Connect it to VS Code, Claude, Codex, or any Model Context Protocol-compatible client. Same capabilities as native tools.

pip install ixtli-mcp
🪝

Git Hooks — Pre-commit and pre-push

Install with a single command. Ixtli runs automatically before each commit or push, blocking problematic code before it reaches the repo.

ixtli hooks install
🌐

Web platform — Team visibility

Dashboard with findings per PR, commit, and team member. Visual AST/CFG risk graphs. On-demand analysis of any commit.

ixtli.app
Technology

Not a GPT wrapper.
Real engineering.

🌳

AST / CFG / DFG / IR Engine

Our own tree-sitter library that generates real code graphs — syntax tree, control flow, data flow, and intermediate representation. The agent understands code, it doesn't just read it.

TREE-SITTER
🛡️

Multi-source vulnerability engine

We analyze dependencies against 5 specialized vulnerability intelligence sources — not just NVD. By ecosystem: npm, pip, Maven, Go modules, and more.

5 FUENTES
☁️

IaC analysis

Terraform, Kubernetes, Docker Compose, CloudFormation. We detect misconfigurations and infrastructure vulnerabilities with the same rigor as application code.

IAC
🔒

Privacy by design

Your code is never used to train models. Each instance is isolated. What you write at your company stays at your company — with on-premise option for full compliance.

PRIVACIDAD
📊

Visual risk graphs

The web platform graphically shows the most critical files and functions, sensitive flows, and the potential impact of each change. Real visibility for the tech lead.

PLATAFORMA WEB
🇲🇽

LATAM first

Support in Spanish, local MXN billing, support in your time zone, and prices designed for Mexican and Latin American teams. No intermediaries or geographic barriers.

HECHO EN MÉXICO
Who it's for

Reviewer speaks
to two profiles.

👨‍💻

The Developer

Individual dev · Freelance · Developer

You want to write better code from the start, without waiting for PR feedback. Ixtli accompanies you on your machine, before the commit, in your editor.

  • Catch bugs before your teammates see them
  • Learn from each finding with contextual explanations
  • git hooks that automatically block problematic code
  • MCP to have it directly in VS Code or Claude
  • 2 projects (Freelance) or 5 projects (Developer)
🧑‍💼

The Tech Lead

Team · Enterprise

You can no longer manually review every PR from your team. You need visibility into code quality and security without burning out in the process.

  • Automated review on every PR/MR — no extra configuration
  • On-demand analysis of commits and branches
  • Findings dashboard by team member and project
  • Risk graphs for architecture decisions
  • 2.5M tokens per team member per month
IxtliReady to start

Ixtli is
ready to protect
your code.

Smart analysis. Your code always protected. Cancel anytime.

Start free nowTalk to the team →