Northstar – AI PR review for Azure DevOps teams (flat price, not per-seat)

ginoarpesella1 pts0 comments

Northstar DevOps<br>☀Sign inGet started

Early access<br>Review faster.<br>Ship with more confidence.<br>Northstar reads every pull request on GitHub and Azure DevOps, grades its delivery risk, points reviewers at what matters, and drafts release notes — without ever storing your diffs or replacing human judgement.<br>Get started freeView pricing →<br>GitHub & Azure DevOps GitHub / Microsoft sign-in Teams & Slack alerts

Northstar analysis<br>🤖 AI-assisted<br>PR #247 · Update JWT token handlerHIGH<br>Rewrites session token issuance and expiry. Touches authentication and identity handling — the highest-blast-radius area in the change.<br>highSession tokens are not invalidated on password reset.<br>mediumNew expiry path lacks a regression test.

◆ risk: hightests: warning+142 / −38

diffs kept on disk<br>processed in memory, then discarded

AI call per revision<br>cached, gated, and budget-capped

providers, one workspace<br>GitHub and Azure DevOps

How it works<br>From webhook to reviewed, in one quiet pass.<br>01<br>Connect your provider<br>Authorise GitHub or Azure DevOps with least-privilege scopes. Work/school Entra accounts use OAuth; personal accounts connect with a Personal Access Token.

02<br>Every PR becomes a signal<br>Changed files and patch metadata are analysed asynchronously into a risk grade, reviewer guidance, missing-test and security findings, and a concise summary.

03<br>Route it to the right people<br>A tidy review comment lands on the PR, and high-risk alerts reach Teams, Slack, or the dashboard before the change slips through.

What you get<br>Precise where it counts. Quiet everywhere else.<br>Risk classification<br>Know which PRs actually need a senior reviewer.<br>High, medium, and low grades are derived from file paths, diff size, review heuristics, and provider context — so triage takes seconds, not a standup.

PR #247 · auth/login.ts, auth/session.tsHIGH<br>Authentication paths changed · token & identity handling · +142 / −38<br>Reviewer focus: token expiry and session invalidation. Start with auth/session.ts.

Diff retention<br>Patch data never touches disk.

bytes of diff stored permanently

Patches are analysed in memory, secret-redacted, then discarded. Only the risk signal is kept.

Release notes<br>Completion notes for every audience.

TechnicalBusiness<br>● #247 auth — high · token expiry paths<br>● #244 api — medium · contract change<br>○ #241 docs — low · README update

Polished summaries after merge, pitched at the right level for engineers or stakeholders.

Smart routing<br>High-risk alerts arrive before reviewers open the PR.<br>Teams and Slack notifications, provider-tagged dashboard views, and monitored queues keep GitHub and Azure DevOps work visible in one place.

High-risk PR: Update JWT token handler<br>just now<br>Teams · northstar-alerts

PR digest: 4 merged this sprint<br>3m ago<br>Slack · #eng-releases

Privacy by design<br>No diff retention<br>Patch content lives in memory during analysis only. Nothing is written to permanent storage.

Secret redaction<br>Pattern and entropy checks scrub API keys, tokens, and connection strings before analysis begins.

Human in the loop<br>Every recommendation is advisory. Northstar surfaces the risk — your team makes the call.

Minimal permissions<br>OAuth scopes stay narrow, sign-in supports GitHub and Microsoft, and reconnect stays explicit and revocable.

Simple, predictable pricing<br>One flat price. No per-seat math.<br>Most review tools bill for every developer, so the invoice climbs each time you hire. We charge one clear monthly price for a generous pool of pull-request analyses that your whole team shares. Grow the team without growing the bill — priced by the work you ship, not the people you employ.<br>Priced on your code, not your headcount<br>Add as many engineers as you like. Your plan scales with pull-request volume — never with seat counts or per-user fees.

No surprises on the invoice<br>A single flat rate with a clear analysis allowance. No background usage meters, no overage shocks, no seat audits at renewal.

Higher tiers, honestly better value<br>Move up for unlimited repositories, a much larger analysis pool, advanced risk analytics, release notes, and audit logs — what growing teams genuinely need.

See the plans →

Connect your first repository in a couple of minutes.<br>Start free, sign in with GitHub or Microsoft, and bring review risk, release notes, and alerts into one workflow.<br>Create accountSign in

risk github devops token northstar review

Related Articles