Is Kodus really self-hosted end to end?

Yes. The agent, the API, the worker, the webhooks, the web UI, Postgres, MongoDB, and RabbitMQ all run on your Docker host. The repo is AGPLv3 and the reference deploy is docker-compose.prod.yml. It is open source AI code review without vendor lock-in.

What infrastructure do I need?

Docker with Compose plugin, a public-ish domain or fixed IP for webhooks, and a host with at least 2 CPU cores, 8 GB RAM, and 60 GB of disk.

How long does it take to bring up?

Local quickstart is yarn setup && yarn docker:start && yarn migrate:dev && yarn seed. Production VM install is a seven-step runbook.

Self-hosted AI code review.

Open source AI code review without vendor lock-in. The full review pipeline runs on your infrastructure, your database, your network. Bring any LLM, pin any version, keep every audit trail on your side of the network.

Install on a VM Get the installer

feat/auth-guard-tier

            40function isTenantAllowed(req) {
            41  if (typeof req.query.orgId !== 'string') {
            42    return false;
            43  }
            41  const raw = req.query.orgId;
            42  if (typeof raw !== 'string') return false;
            43  if (!UUID_RE.test(raw)) return false;
            44  return tenants.has(raw);
            45}
          

Kody · critical · SecurityAgent

The original guard accepted any string-shaped orgId and let an unrelated tenant's UUID through. Narrow with the UUID regex before the lookup. Otherwise /api/cockpit?orgId=… leaks cross-tenant rows.

Kody · medium · PerformanceAgent

Consider caching the tenants set or hitting it through a memoized accessor. This hot path is in every authenticated request.

What it is

Self-hosted AI code review is when the AI that reviews your pull requests runs on your own infrastructure, not on a vendor's cloud. Source code, LLM calls, and review history stay inside the network your team controls.

The boundary you keep

What stays inside, stays inside.

SaaS code review forces every diff to leave your network. Self-hosting Kodus draws the line where your audit boundary already lives. Four guarantees come with the deploy.

01 ━

Source code never leaves your VPC

Webhooks land on your domain. Diffs read from your Git host. Embeddings persist in your Postgres. The pipeline is local end to end.

02 ━

You pick where the LLM call goes

Route to a hosted provider you already trust, or to an internal OpenAI-compatible endpoint. Kodus does not relay LLM traffic through anything you don't control.

03 ━

Audit trails live in your stack

Every API call, every worker job, every webhook is a log line in your existing aggregator. Retention, redaction, and access stay under your policy.

04 ━

Fork it, audit it, run it

The agent is AGPLv3. The Docker images are pinned and reproducible. Updates ship as tagged releases. No kill switch we control.

how kody reviews

From PR opened to inline comments. Four stages, your network.

Deterministic pipeline. Real components in the repo, no marketing-ware. Click any stage to read the source.

01 / 04

intake

Trigger from your Git host or the CLI.

Webhooks come in from GitHub, GitLab, Bitbucket, and Azure DevOps. Self-managed flavors work the same way: GitHub Enterprise Server, GitLab Self-Managed, Bitbucket Data Center. Or skip the Git host entirely and trigger reviews from the Kodus CLI in your dev loop or CI.

CLI · webhooks

02 / 04

context

Kody builds the picture before it writes anything.

A sandbox is provisioned for the review (local on your box, hosted on E2B, or skipped entirely if you don't want one). Kody reads the diff, walks the code structure, and pulls in your Kody Rules and linked tickets. Everything assembled, then it starts looking for problems.

sandbox · your choice code graph your rules + tickets

03 / 04

review

One reviewer by default. Four specialists when you ask for it.

In normal mode Kody runs as a single generalist reviewer that covers logic, security, and performance in one pass, plus your Kody Rules agent if you have rules configured. Switch the review to deep mode and three dedicated specialists go in parallel instead. Same model you brought, same sandbox.

Generalist

default · logic, security, and performance in one agent

KodyRules

enforces your team's custom rules and conventions

Bug / Security / Performance

deep mode · three specialists run in parallel

BYO LLM

every agent uses the provider you set in .env

findings collapse by semantic similarity · ranked critical / high / medium / low

04 / 04

output

Findings come back on the PR or in the CLI.

When the review starts on a PR, Kody posts line-anchored inline comments and sets approve or request-changes status, right next to the rest of your CI. When it starts from the CLI, the same findings stream back to your terminal as structured output you can pipe, fail builds on, or feed into another tool.

                42  function isTenantAllowed(req) {
                43    if (typeof req.query.orgId !== 'string') return false;
                43    const raw = req.query.orgId;
                44    if (typeof raw !== 'string' || !UUID.test(raw)) return false;
                45    return tenants.has(raw);
                46  }
              

The original guard accepted any string-shaped orgId and let an unrelated tenant's UUID through. Narrow with the UUID regex before the lookup, otherwise the route leaks cross-tenant rows under /api/cockpit?orgId=....

// HOW KODY REVIEWS

From PR to inline comments.

Webhook lands, sandbox spins up, AST graph builds, context loads from your tools, four specialized agents review in parallel, dedup runs, comments post back. All inside your network. Reference: libs/code-review/pipeline/.

kody.engine · live review RUNNING

$pr #1247 received · branch feat/auth-guard-tiergithub ✓context pack assembled ├─ sandbox up e2b ├─ ast graph built (12 files)kodus-graph └─ context loaded jira KOD-301 + 3 docspgvector $dispatching 4 agents in parallel ├─ BugAgent investigatingclaude-sonnet-4.6 ├─ SecurityAgent investigatingclaude-sonnet-4.6 ├─ PerformanceAgent investigatingclaude-sonnet-4.6 └─ KodyRulesAgent investigatingclaude-sonnet-4.6 ✓23 raw findings → 18 after dedup ├─ 3 critical ├─ 7 high ├─ 6 medium └─ 2 low $posting inline comments... ✓6 comments posted · status REQUEST_CHANGES completed in 47s · all inside your network

hover to pause · loops every 22s libs/code-review/pipeline/ · agents in libs/code-review/infrastructure/agents/

A · INTAKE pull request received apps/webhooks

webhook

github · gitlab · azure · bitbucket → enqueued on rabbitmq for the worker.

B · CONTEXT PACK facts assembled for review libs/code-review/pipeline/stages

sandbox

e2b vm spins up. readFile, listDir, bash, run-cmd. agents get a real shell, not a string buffer.

ast graph

kodus-graph parses changed files + their call graph. caller/callee relations emit as xml.

context loader

pgvector rag pulls kody rules, conventions, linked jira / linear / docs into the prompt.

deterministic order · sandbox is reused across reviews via lease

C · AGENTS · PARALLEL four specialists investigate infrastructure/agents

BugAgent

logic · edge cases · null safety · race conditions

SecurityAgent

authz · injection · secrets · xss · idor

PerformanceAgent

n+1 · hot loops · allocations · algorithms

KodyRulesAgent

your team rules · architecture · conventions

each agent runs its own llm loop with sandbox tools · byo provider · openai / anthropic / google / groq / cerebras / any openai-compatible

D · DEDUP + RANK noise out, signal ranked agent-review.stage.ts

semantic dedup · severity rank

findings from all four agents collapsed by similarity. coverage ledger forces every changed file to be touched. results graded critical · high · medium · low.

E · OUTPUT comments back on the pr create-file-comments.stage.ts

inline comments + pr status

line-anchored comments via the git provider's native api. status: approve or request-changes. github checks line up next to your other ci.

resource minimum recommended

CPU 2+ cores 4+ for repos >100k LOC

RAM 8 GB 16 GB with local sandbox

DISK 60 GB grows with PR volume

OS Any Docker host Linux preferred

NET Domain or fixed IP for Git webhooks

PHONE Anonymous heartbeat opt-out via env

Air-gapped deployment

Off the public wire.

For defense contractors, sovereign environments, and IP-controlled networks. There is no packaged air-gap installer, but every dependency is replaceable with something you operate. Four switches and you are off the public internet.

SW-01

Mirror the container images

Push ghcr.io/kodustech/* to your private registry. Pin KODUS_VERSION in .env so deploys stay reproducible offline.

SW-02

Bring the LLM inside the wire

Point API_OPENAI_FORCE_BASE_URL at an internal OpenAI-compatible endpoint (vLLM, TGI, Ollama, or any inference server you operate on your network).

SW-03

Use a local Git provider

Webhooks land where the diff lives. GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket DC on the same network keep the loop closed.

SW-04

Silence the heartbeat

Set KODUS_TELEMETRY_DISABLED=true. The anonymous daily ping is the only outbound call by default and it goes away with one flag.

Bring your own LLM

Any provider you already trust.

The agent runs on the model you choose. Set it once in .env and pin it. Self-hosted means your contract, your spend, your data path.

OpenAI Anthropic Google Vertex AI Novita Groq Cerebras Together AI Fireworks Moonshot / Kimi Z.ai / GLM Chutes Synthetic + any OpenAI-compatible

OpenAI

Anthropic

Gemini Local

# Same 3 vars for every provider.
# Swap the base URL, swap the model, you are done.
API_OPENAI_FORCE_BASE_URL="https://api.openai.com/v1"
API_OPEN_AI_API_KEY="sk-..."
API_LLM_PROVIDER_MODEL=gpt-5.1

# Anthropic exposes an OpenAI-compatible endpoint.
API_OPENAI_FORCE_BASE_URL="https://api.anthropic.com/v1"
API_OPEN_AI_API_KEY="sk-ant-..."
API_LLM_PROVIDER_MODEL=claude-sonnet-4-6

# Gemini exposes an OpenAI-compatible endpoint.
API_OPENAI_FORCE_BASE_URL="https://generativelanguage.googleapis.com/v1beta/openai"
API_OPEN_AI_API_KEY="..."
API_LLM_PROVIDER_MODEL=gemini-2.5-pro

# Same 3 vars. Point at your own gateway.
# vLLM, Ollama, LiteLLM, TGI, any OpenAI-compatible server.
API_OPENAI_FORCE_BASE_URL="http://llm.internal.your-co/v1"
API_OPEN_AI_API_KEY="sk-local-anything"
API_LLM_PROVIDER_MODEL=your-local-model

One config shape. The base URL is the switch. Kody never knows which vendor is on the other end.

Self-hosted vs alternatives

Kodus self-hosted checks every box.

How Kodus stacks against the tools most often evaluated for code review when the audit boundary matters.

Verdict

Only tool that ships all 8 properties at once.

Kodus self-hosted 8 / 8

SonarQube 3 / 8

CodeRabbit 1 / 8

Snyk Code 1 / 8

DeepSource 0 / 8

Capability	Kodus	CR CodeRabbit	SK Snyk	SQ SonarQube	DS DeepSource
Deployment & Licensing
Self-hosted	AGPLv3	Cloud only	Agent	Yes	Hybrid
Open source	AGPLv3	No	No	CE only	No
AI & Models
AI-driven review	Yes	Yes	DeepCode	Static	Limited
Bring your own LLM	Any provider	Bundled	Snyk only		Bundled
Compliance & Cost
Audit boundary	Your VPC	Their VPC	Mixed	Your VPC	Their VPC
Air-gapped feasible	Yes	No	No	No AI	No
GDPR / LGPD residency	Your region	Off-region	Off-region	Your region	Off-region
Markup on LLM costs	Zero	Bundled	Bundled		Bundled

Where self-hosted wins

For teams where the perimeter is the point.

Regulated industries, IP-heavy R&D, and sovereignty-conscious teams use Kodus self-hosted to keep AI code review inside the existing audit perimeter.

File · 01-FIN PCI-OK

Financial services

Cardholder data stays in scope.

Self-host Kodus inside the same network segment that already passed your PCI-DSS audit. No new third-party processor to add to the report.

PCI-DSS · SOC 2 · ISO 27001

File · 02-MED HIPAA

Healthcare

PHI never crosses a BAA you don't own.

Reviews run inside your HIPAA-covered infrastructure. No business associate agreement to renegotiate with a code review vendor.

HIPAA · HITRUST

File · 03-EU REGION

Regulated SaaS

GDPR & LGPD residency, no extra processors.

Pin Kodus to the region your data lives in. Keep your sub-processor list short and your DPA stack shorter.

GDPR · LGPD · CCPA

File · 04-IP IP-LOCK

High-IP engineering

Pre-release code stays inside the perimeter.

Proprietary algorithms and unreleased features are reviewed where they already live. Route the LLM call to a model you operate for an air-tight loop.

Trade secrets · export-controlled IP

Inside the boundary

The controls security asks for.

Community ships with the basics every self-hosted team needs. Enterprise unlocks the controls a security review wants to see. Both run on the same Docker stack. See the security docs and the telemetry policy for the full picture.

kodus security --check # click any row to inspect

OK sso-saml Enterprise ▶

Wire Kodus to Okta, Entra, Google Workspace, or any SAML 2.0 IdP. Map firstName, lastName, email. Test the IdP connection before flipping the org-wide flag.

OK rbac Enterprise ▶

Policy guard on every API endpoint via @CheckPolicies. Per-role scoping for repos, rules, and analytics. Roles are first-class and live in your database.

OK audit-logs Enterprise ▶

Every workspace action with actor, target, and timestamp. Forwarded to your logging stack of choice (Datadog, Splunk, Loki, ELK). Retention is your policy, not ours.

OK source-available-agent All editions ▶

Read every line of Kody before it touches your repos. AGPLv3 on GitHub, tagged releases, CVE-mapped advisories. Your security team can diff every upgrade before it ships.

OK secrets-in-your-vault All editions ▶

API keys, LLM tokens, OAuth secrets, webhook signatures: all live in your secret store. Kodus reads them at runtime through your container. We never get a copy.

FAQ

kodus-self-hosted-faq(1) bash

KODUS-FAQ(1) Self-Hosted Edition KODUS-FAQ(1)

Yes. The web UI, API, worker, webhooks, RabbitMQ, Postgres (pgvector), and MongoDB all run on your Docker host via the kodus-installer repo. The agent is AGPLv3. There is no required call-home to operate the product. It is open source AI code review without vendor lock-in.

Docker (latest stable) with the Compose plugin, a public-ish domain or fixed IP for Git provider webhooks, and a host with at least 8 GB of RAM. For repos beyond 100k lines of code, plan for 16 GB and give the worker container 4 to 8 GB on top. Default ports: 3000 (web), 3001 (api), 3332 (webhooks), 5432 (postgres), 27017 (mongodb), and 5672 / 15672 / 15692 (rabbitmq).

OpenAI, Anthropic, Google Gemini, Google Vertex AI, Novita, Groq, Cerebras, Together AI, Fireworks, Chutes, Moonshot / Kimi, Synthetic, and Z.ai / GLM are wired in the code. Anything else with an OpenAI-compatible API works through API_OPENAI_FORCE_BASE_URL, including an internal vLLM, TGI, or Ollama instance you operate.

Functionally yes, with caveats. Mirror the Docker images to a private registry, point Kodus at an internal OpenAI-compatible LLM endpoint, and set KODUS_TELEMETRY_DISABLED=true. The product itself does not need outbound traffic to operate. We do not ship a packaged air-gap installer today, so plan that operational glue yourself.

Community is the AGPLv3 codebase. Free, open source, self-host or hosted by us. Enterprise adds SSO, RBAC, audit logs, and analytics under a commercial license, activated with KODUS_LICENSE_KEY. Files marked .ee. in the repo are the EE add-ons.

Tagged releases on GitHub plus pinned Docker images via KODUS_VERSION. You promote the tag through your change-management process. Security advisories are published on the repo with CVE references. No auto-update channel.

An anonymous daily heartbeat: aggregated counters like PRs reviewed, integrations enabled, uptime, and node version. Never your source code, never PR titles, never identifiers, never your LLM traffic. Inspect with yarn telemetry:preview. Disable entirely with KODUS_TELEMETRY_DISABLED=true.

The production install is the kodus-installer repo: clone, fill in .env, run ./scripts/install.sh. The script generates secrets, creates the Docker networks, pulls the ghcr.io/kodustech/* images, and waits on healthchecks. Budget 15 to 30 minutes end to end for the first deployment, minutes for the ones that come after.

Yes. Kodus integrates with GitHub Enterprise Server, GitLab Self-Managed, and Bitbucket Data Center as first-class targets, alongside their cloud equivalents and Azure DevOps. Self-managed flavors use the same webhook signing and OAuth flows. Point Kodus at your internal Git host and the review loop closes inside your network.

CodeRabbit is cloud-only with a bundled LLM. Kodus self-hosts under AGPLv3, lets you bring your own LLM, and keeps source code, LLM calls, and audit logs on your infrastructure. Both review pull requests with AI. The choice is data sovereignty and cost control versus managed convenience. For the full comparison across deployment, models, and compliance, see the table above on this page.

Ship it

Pull the repo. Run the review.

One docker compose away from an AI code reviewer that lives inside your perimeter.

Install on a VM Local quickstart

Star kodus-ai on GitHub