DOC · callahan-ci / v1.1.0 · MIT RELEASE · 2026.05 BRANCH · main
AI NATIVE CI/CD · local-first · v1.1.0

Your pipeline,
on your machine.
No cloud.

Callahan CI is a single Go binary that runs your pipelines on your laptop, reads diffs as they're built, and posts AI review and security findings back to your PRs. Four agents — Architect, Debugger, Reviewer, Analyst — do the parts you'd usually skip.

Get started — free → ★ Star on GitHub git clone && go run ./cmd/callahan
01 · BINARY
1
02 · DATABASE
SQLite
03 · LLM PROVIDERS
4
04 · LICENSE
MIT
callahan/CI

AI NATIVE
CI/CD

01Architect 02Debugger 03Reviewer 04Analyst 4 agents · onboard

Callahan runs CI/CD pipelines locally and reviews the diff on every build. The Architect writes your YAML, the Debugger explains failures, the Reviewer posts structured findings on every PR, the Analyst parses Trivy and Semgrep into plain English.

Install → Source on GitHub
~/projects/go-cli · zsh callahan ci · v1.1.0
./start.sh dev
─────────────────────────────────────────────
backend listening on :8080
dashboard listening on :3000
─────────────────────────────────────────────
webhook · pull_request opened (go-cli #17)
HMAC verified · build #42 · go test ./... · pass
◆ reviewer posted to PR #17 · 3 findings
◆ analyst trivy: critical=1 · GitHub PAT in auth.go:14
─────────────────────────────────────────────
http://localhost:3000/builds/42
CI/CD · schematic · rev 1.1

A pipeline
you can hold.

One binary. Four agents. Pipelines as plain shell processes. Callahan is the small CI/CD tool you'd write yourself if you had a free weekend — built openly, MIT licensed, on your machine.

Install → GitHub
IN →git push · pull request · cron OUT →build · test · scan · deploy SIDE →AI review · AI triage · AI patch
§ 02 · PIPELINE

Six stages.
One binary. No orchestrator.

Callahan models a pipeline as a straight line of deterministic stages. Each runs natively on the host — no containers required — and emits a structured event stream the agents subscribe to.

SCHEMATIC · canonical flow local · go 1.22 · trivy 0.70 · semgrep 1.x
01 · INGEST
webhook
github push / PR · gitlab push / MR
02 · PLAN
parse YAML
Callahanfile.yaml · GH-Actions syntax
03 · BUILD
run jobs
shell process per step · WS log stream
04 · AI
review + explain
diff review · failure triage
05 · SCAN
security
trivy · semgrep · AI fallback
06 · POST
PR comment
review + scan summary → originating PR
§ 03 · CAPABILITIES

Built in, no plugins.

Pipelines, AI review, security scanning, PR comments, and a dashboard — all in the binary. There's a marketplace tab in some other tools where you'd otherwise wire up half this list.

FEAT · 001YAML + NL

GitHub Actions-compatible YAML, with an English escape hatch.

Paste your existing workflow. It runs. Prefer to describe it in plain English? The Pipeline Architect writes the YAML for you and commits it.

name: production
on: [push, pull_request]
jobs:
  build-and-scan:
    runs-on: callahan:latest
    ai:
      review: true
      explain-failures: true
FEAT · 002RUNTIME

Host-native execution.

Each step runs as a shell process under your user. State lives in a single SQLite file. Live logs stream over a WebSocket to the dashboard.

→ binary go · static
→ state SQLite · WAL
→ logs WebSocket
→ daemon none
FEAT · 003AI LAYER

Bring your own model.

Four providers wired in. Pick one in the settings page; switch any time without a rebuild. No key? Falls back to Ollama.

claude gpt-4o groq · llama-3.3 ollama
FEAT · 004SECURITY

Trivy and Semgrep, parsed and triaged.

If Trivy or Semgrep are on the runner, Callahan runs them per build, parses the JSON, and renders findings as expandable cards. If neither is installed, the AI does an LLM source review instead.

Security Scan
trivy: critical=1 high=0 medium=0
[CRITICAL] GitHub PAT
auth.go:14
ai → rotate · move to project secrets
FEAT · 005DEPLOY

If it runs in your shell, it ships.

Deploy step is literally a shell. kubectl, fly, vercel, terraform — whatever you already know.

kubernetes
fly.io
vercel
lambda
helm
terraform
FEAT · 006WEBHOOKS

Webhooks in, comments out.

HMAC-verified inbound webhooks for GitHub push / pull_request and GitLab Push / MR hooks. Build results post back to the PR as a single markdown comment.

webhook · pull_request opened
HMAC-256 verified
build #42 triggered
review + scan posted to PR #17
FEAT · 007OBSERVABILITY · LIVE LOGS · AI EXPLAIN

Live logs. AI explain on every failure.

Streaming output, structured events, and a one-click plain-English diagnosis on any red step. No more 800-line stack traces scrolled by hand.

▶ step[1] install deps
npm ci — 12.3s (cached)
▶ step[2] run tests
142 passed · 0 failed — 8.1s
▶ step[3] build
ENOMEM — out of memory
ai → increase Node --max-old-space-size=4096
§ 04 · AGENTS

Four jobs the AI does on every build.

Each is a single LLM call with structured input and output, scoped to one task. Toggle any of them off in the ai: block of your Callahanfile.

01ARCHITECT
Pipeline Architect

Plain-English to Callahanfile.yaml.

Type what your pipeline should do. The Architect writes the YAML — jobs, steps, deploy stages, AI flags — and on save commits it back to the repo using your project's GIT_TOKEN.

PROMPT → "Build my Next.js app, run Playwright tests, scan with Trivy, deploy to Fly on green main pushes."
02DEBUGGER
Build Debugger

Why did this build fail?

Click AI Explain Failure on any failed build. The agent reads the failed job's logs and the Callahanfile, returns a short root cause and a concrete next step.

DIAGNOSIS → "Build failed: npm couldn't find package.json. The repo is Go — language detection fell through to the JS default. Replace the build step with go build ./...."
03REVIEWER
Code Reviewer

A second pair of eyes on every build.

Reads the diff for the build's commit and writes a structured review with severity, findings, and a fix suggestion. For PR builds, posts the review as a comment on the originating GitHub or GitLab PR.

FINDING → internal/auth.go:23 — password hashed with MD5. Use bcrypt or argon2id.
04ANALYST
Security Analyst

Scan results, parsed and explained.

Runs Trivy and Semgrep when they're on the runner; falls back to AI-only source review when they aren't. Findings are bucketed by severity and posted on PRs alongside the AI review.

FINDING → [CRITICAL] GitHub Personal Access Token — internal/auth/auth.go:14 · rotate the token, move it to project secrets.
§ 05 · COMPARISON

Where it fits in the landscape.

Callahan isn't a Jenkins replacement for a 200-engineer org. It's the local-first option for solo devs and small teams who want their CI on their machine, with AI parts that already work.

Capability Callahan Jenkins GH Actions Dagger
Runs locally Yes Yes~ Self-hosted runners Yes
Single binary, no DB or queue Go + SQLite JVM + plugins Cloud-managed~ Needs Docker
AI code review on every build Built in
NL → pipeline YAML Yes
Security scanning bundled Trivy + Semgrep Plugin Action
Dashboard UI Bundled~ Dated Web CLI only
Posts results to PRs GitHub + GitLab~ Plugin Native
Works without internet~ With Ollama Yes Yes
LicenseMITMITProprietaryApache 2.0
§ 06 · INSTALL

Two ways in. Pick one.

macOS, Linux, and WSL2. Docker is the quickest path if you just want to run it.

STEP 01 · CLONE

Grab the repo

Go + Next.js source. Everything runs from this one directory.

git clone https://github.com/Callahan-ci/Callahan
STEP 02 · KEY (OPTIONAL)

Drop in an LLM key

For AI features. Skip if you'll use Ollama locally.

echo 'ANTHROPIC_API_KEY=sk-ant-…' >> .env
STEP 03 · START

Boot both processes

Backend on :8080, Next.js on :3000. Tail both in one terminal.

cd Callahan && ./start.sh dev
STEP 04 · OPEN

Run a build

Add a repo, paste a personal access token, click Run.

open http://localhost:3000
→ TRY IT

Clone it. Run it.
Tell us what's broken.

$ git clone github.com/Callahan-ci/Callahan
$ cd callahan && ./start.sh dev
$ open http://localhost:3000