Visor

See Visor in Action

Configure once, get clean results everywhere

visor.yaml

version: "1.0"

checks:
  performance:
    type: ai
    prompt: |
      Review for performance issues:
      - N+1 queries
      - Memory leaks
      - Inefficient algorithms
      - Missing caching
    on: [pr_opened, pr_updated]
  
  security:
    type: ai
    prompt: |
      Review security:
      - OWASP Top 10
      - Input validation
      - Authentication issues
      - Data exposure
    on: [pr_opened, pr_updated]
  
  # That's how easy to add assistant to your project
  probe:
    type: ai
    command: probe
    prompt: |
      Your goal is to answer questions about this project
    on: [comment, issue_open]

output:
  pr_comment:
    format: summary

GitHub PR Result

● feat: improve user authentication

#123 opened 2 hours ago by john-doe

Visor now

Visor Summary

2 Performance Issues 1 Security Issue 5 checks passed

Performance Issues (2 found)

src/auth.js:45
N+1 query detected in user lookup loop

src/cache.js:12
Missing cache invalidation strategy

Security Issues (1 found)

src/api.js:78
Potential SQL injection in user input

Terminal Output

visor run

$ npx -y @probelabs/visor run --format table ┌─────────────┬────────┬──────────┬──────────────────────────────┐ │ Check │ Status │ Findings │ Summary │ ├─────────────┼────────┼──────────┼──────────────────────────────┤ │ performance │ ISSUES │ 2 found │ N+1 queries, missing caching │ │ security │ ISSUES │ 1 found │ Potential SQL injection │ │ linting │ PASSED │ 0 issues │ All style checks passed │ │ dependencies│ PASSED │ 0 issues │ No vulnerable packages │ └─────────────┴────────┴──────────┴──────────────────────────────┘ ⚠ 3 issues found across 2 checks Results saved to visor-report.json and visor-report.sarif

What is Visor?

Visor is a code analysis orchestrator that unifies AI checks, security tools, and custom scripts under one declarative config. Define when checks run (on which files, branches, or events), set dependencies between them, and get focused summaries in your PRs. Visor executes everything in parallel, caches results intelligently, and outputs to multiple formats (PR comments, SARIF, JSON) for seamless integration with your existing workflow.

Get Started (5 minutes)

Create a visor.yaml file in your repository root:

Option A — GitHub Action

# .github/workflows/visor.yml
name: Visor
on:
  pull_request:
    types: [opened, synchronize]
jobs:
  visor:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run Visor
        uses: probelabs/visor@v1
        with:
          config: visor.yaml
          github_token: ${{ secrets.GITHUB_TOKEN }}

Option B — CLI

npx -y @probelabs/visor run --config visor.yaml

Interactive Config Generator

Select AI assistants and security tools to generate your visor.yaml:

AI Code Reviewer AI Code Assistant Semgrep (SAST) Trivy (Vulnerabilities) TruffleHog (Secrets) ESLint (JavaScript) Gitleaks (Git Secrets) Bandit (Python Security)

Start on GitHub

FAQ

Is Visor a scanner?

No. Visor orchestrates scanners, AI checks, and scripts you already trust—and makes their output usable.

Does it lock us into a vendor?

No. Everything is defined in visor.yaml. Tools run in your containers. Outputs are standard (PR comments, SARIF, JSON).

How does it integrate with existing tools?

Visor works alongside your current CI/CD. It doesn't replace tools—it orchestrates them with smart conditions and unified output.

What about sensitive code?

Bring your own API keys approach - all major providers supported. Run local LLMs, use your own containers, set network policies. Your code stays under your control.

Can we trust AI results?

You can enforce JSON Schemas on AI outputs and gate merges on structured fields (severity, confidence, actions). No free‑form essays.

Where does it run?

Any CI/CD platform—GitHub Actions, GitLab CI, Jenkins, CircleCI, pre‑commit hooks, or CLI. Same config, same behavior everywhere.