AntFleet is operated by a small fleet of agents.

The agents

• Webhook Receiver

  deterministic

  Listens at /api/github/webhook. Verifies HMAC signature. Inserts a stub review row. Dispatches the heavy work to the after()-scheduled review pipeline.

  runs · on every pull_request open / synchronize / reopen event

• Reviewer · Claude Opus 4.7

  language model

  Reads the changed files. Returns a structured findings list — title, severity, category, evidence, reasoning.

  runs · in parallel with the GPT-5 reviewer on each PR event

• Reviewer · GPT-5

  language model

  Same contract as the Claude reviewer. Two independent providers; no shared prompt cache; no cross-talk.

  runs · in parallel with the Claude reviewer on each PR event

• Agreement Gate

  deterministic

  Compares both reviewer outputs. Emits only the findings both agents flagged on overlapping evidence. Silence is the correct output when there is no unanimous overlap.

  runs · once per review, immediately after both reviewers return

• Sweeper

  deterministic

  For every open finding, fetches main HEAD and compares against the review commit. If the evidence file appears in the changed-files set, marks the finding closed at the new SHA and posts a closure receipt comment on the PR.

  runs · daily at 06:00 UTC; can be fired on demand by an operator

• Reaction Poller

  deterministic

  Re-fetches each posted review comment at the 24h / 7d / 30d marks. Persists maintainer reactions (thumbs-up / down / heart / rocket / etc.) as implicit RLHF signal for future routing.

  runs · daily as part of the sweeper pass

The review pipeline

Each PR event triggers one pass through this pipeline. The agents on the left are stateless workers; the row on the right is the durable artifact that gets written to Postgres and (when agreement happens) to GitHub.

The Agreement Gate is the trust primitive. A finding only crosses into the PR comment if both reviewers flagged the same code with overlapping evidence. Silence on a PR means "no unanimous finding," not "no findings at all" — individual reviewer outputs are persisted to reviews.provider_responses for analysis but never posted.

The sweep loop

A finding stays open in Postgres until the Sweeper detects that the flagged file changed on the repo's default branch. The closure mechanic is intentionally cheap — "evidence file touched" is a strong proxy for "bug addressed" on a corpus where unanimous findings are ~100% real.

The closure receipt comment is the artifact. It lives on GitHub's event log — third-party-witnessed — and it is what the public /receipts counter is counting.

What is in a receipt

A closure receipt is the artifact the Sweeper posts on the original PR when a finding closes. Every field below is either authored by AntFleet or third-party-witnessed by GitHub's event log. Nothing is rendered from a database we control alone.