The review that sees everything, and the billing that runs itself
PR reviews now cover more security, dependency, license, CI/CD, authentication, database, frontend, and code-quality risks while producing fewer low-value findings.- Added dependency-impact and cross-file consumer analysis.
- Added typosquatting detection and richer review telemetry.
- Added Terraform, CloudFormation, and Kubernetes scanning through three independent engines.
- Added finding detail views, progressive loading, frontend-health findings, and AI fix suggestions.
- Added evidence views for violated business-logic invariants.
- Added plan management, hosted checkout, UPI and B2B invoicing, invoice history, and usage visibility.
The gate gets teeth
Autter’s merge gate now runs a dedicated review pipeline with structured chapters, inline findings, PR summaries, and visible gate decisions.- Added fifteen review categories spanning security, dependencies, API contracts, infrastructure, privacy, architecture, policy, and AI-generated code quality.
- Added durable chapter, activity, issue-link, blast-impact, and policy-violation records.
- Improved GitHub delivery logging, recursive-writeback protection, and first-delivery schema setup.
- Added per-event Slack notification routing.
- Added a Monaco diff viewer, keyboard shortcuts, activity feeds, and chronological review conversations.
- Added Markdown comments, mentions, GIF support, and authentication reliability fixes.
The merge gate, public reports, and the knowledge graph
The PR review pipeline can now parse diffs, generate structured summaries, run review tasks, and block a merge when required checks fail.- Added durable PR revision tracking and local or Fargate runners.
- Rebuilt GitHub webhook handling around native PR, review, comment, and issue events.
- Expanded secret scanning with TruffleHog history scans, provider context, and verification status.
- Expanded Semgrep coverage across major security classes.
- Added public share links, branded scan pages, and downloadable PDF reports.
- Added deterministic dependency risk, lockfile-aware resolution, exploit-chain tracking, and infinite-loop detection.
- Added issue refresh, payment execution traces, Graphify-based knowledge graphs, chat improvements, and architecture-diagram controls.
The full scan surface
The scan engine now brings its major security, compliance, quality, and business-logic checks into one findings workflow.- Added per-agent pipeline and performance tracking, runtime preflight checks,
stracetracking, and PostgreSQL support. - Added organization-scoped CycloneDX SBOM storage and file-risk history.
- Added AI-generated scan summaries and persistent action items.
- Added bidirectional Linear, Jira, and GitHub issue synchronization with logs and backfill.
- Added persisted Captain Patch suggestions and accept or decline workflows.
- Added CodeQL as a fourth SAST engine, Trivy filesystem scanning, dependency and license enrichment, and Socket.dev supply-chain analysis.
- Added exploit probability, CVSS, OSV context, exploit chains, API-surface analysis, policy validation, and AI-slop detection.
The docs engine, the architecture view, and the auditor agents
Generated repository documentation now has a more observable pipeline and a stronger browsing experience.- Added manual documentation generation, job status tracking, clearer failures, and modular processing.
- Improved ingestion concurrency, import parsing, Dockerfile extraction, metadata updates, and organization connection pooling.
- Added indexed wiki search, improved Markdown navigation, zoom controls, and page-generation prompts.
- Added architecture visualization beside generated documentation.
- Added custom teams and member assignments.
- Added repository-scoped issues and file-content search results.
- Added a Payment Gateway Auditor with dedicated findings and execution-path context.
- Improved agent execution with batch writes, parallel processing, lockfile parsing, team context, and risk scoring.
Custom agents, guided config, and the documentation engine
Teams can now organize custom agents by category and configure when they run.- Added trigger configuration and expanded APIs for custom agents.
- Added guided setup with streamed progress and surfaced configuration problems.
- Added editable overrides for prebuilt agents.
- Added repository graph construction, dependency edges, module clustering, and risk-aware documentation generation.
- Added wiki routes, documentation query APIs, Markdown rendering, sidebar navigation, and full-text search.
- Added optional mailing-list enrollment during onboarding.
Repository overview, CVE watch, and smarter search
The repository workspace now brings activity, dependencies, APIs, health, and onboarding into one view.- Improved repository health signals, empty states, and architectural-risk visibility.
- Added organization-wide search suggestions, finalized-query tracking, page awareness, and persistent query caching.
- Added scheduled CVE checks with concurrency control, graceful shutdown, and structured upgrade suggestions.
- Expanded registry, version, and vulnerability enrichment for dependencies.
- Connected endpoint indexing to test-coverage insights.
- Added AI response caching and broader LLM observability.
- Migrated model traffic to Vercel AI Gateway and added web analytics instrumentation.
The wiki, the PR review, and the graph
Repository knowledge is now browsable through generated wiki pages, search, navigation, and an AI-assisted question flow.- Rebuilt PR review with dedicated review, check, and commit tabs; inline conversations; file navigation; and unified or split diffs.
- Expanded indexing for repository context, scopes, hotspots, files, dependencies, change impact, and health metrics.
- Added reverse-dependency, call-graph, and scope-dependency analysis.
- Expanded third-party dependency classification and documentation resolution.
- Added multi-framework endpoint indexing and API test-coverage analysis.
- Added event notifications, weekly digest controls, and Slack or webhook test flows.
- Improved tracing around dependency and supply-chain agents.
Indexing, onboarding, and a lot of plumbing
Organization setup now collects more useful context and guides users through the initial codebase scan.- Improved organization creation, login transitions, and dashboard motion.
- Added webhook testing with clearer notification errors.
- Hardened organization database provisioning and deployment retries.
- Expanded backend health checks, logging, Slack integration, and AI-pipeline instrumentation.
- Improved repository-context detection, scope profiling, file coverage, dependency resolution, graph insights, and per-scope health metrics.
- Refined analytics, wiki interactions, navigation, and sidebar styling.
Onboarding that gets out of the way
The first-run experience now provides more context at each organization-setup step.- Added guided organization setup.
- Improved loading motion and dashboard or login transitions.
- Hardened secrets management, host configuration, and deployment setup.
- Added dynamic database migrations during organization provisioning.
- Improved route logging, health checks, and Slack integration.
Self-service scan initiation
You can now start a full repository scan without a support handoff.- Start scans from onboarding or the dashboard.
- Select the branch you want Autter to analyze.
- Receive completion notifications through email or Slack.
- Audit dependency and vulnerability results over time.
- Review security, dependency, license, AI-code quality, and blast-radius findings in one report.
Streaming progress and auto-open setup
Organization creation now shows each setup stage as it happens instead of leaving you on a static loading screen.The setup dialog also opens automatically from the relevant dashboard flow, reducing the steps required to finish organization configuration.The multi-agent scan engine
Autter now runs specialized agents for distinct codebase risk surfaces and combines their findings into one prioritized report.- Added checks for security, licenses, supply chains, infrastructure, containers, policy, business logic, and runtime behavior.
- Added GitHub PR comments, check runs, webhook handling, and review automation.
- Added the first analytics dashboard with date filtering and multiple result views.
- Expanded hotspot detection, dependency mapping, and legacy-code signals.
Week one: We built the product
The first product release established the core account, repository, and review foundations.- Added email one-time-code login, passkeys, trusted devices, and welcome flows.
- Added organization creation, branding, team management, account configuration, and product settings.
- Added GitHub App installation, pull request views, and repository insights.
- Added architecture graphs, repository context, hotspots, and codebase-learning signals.
- Added responsive dashboard navigation, search, loading states, notifications, and the Autter visual system.
- Introduced Captain Patch.
Read the source changelog
View Autter’s full public release narrative and subscribe to future updates.

