MergeGuard - AI Protection for every Pull Request

Documentation

Install, architecture, and how MergeGuard routes AI safely from GitHub to your merge queue.

Getting started

Platform

Guides & reference

Powered by

  • OpenAI
  • Anthropic
  • GitHub
  • Railway

Control plane

GitHub App architecture

Security detail →

GitHub delivers organization and repository events to MergeGuard over HTTPS webhooks. The app installation carries only the scopes you approve; we never clone your full repository history for review—just the pull request payload, file list, and patches GitHub exposes for that event.

GitHub

App + webhooks

PR opened / sync / comment

MergeGuard API

Validate · queue · respond

Hosted on Railway

AI router

OpenAI · Anthropic

Model + tier selection

Back to GitHub

Review + inline threads

Posted on the PR

Railway deployment

MergeGuard's hosted control plane runs as containerized Node services on Railway: separate build and runtime images, per-environment variables, and zero-downtime deploy hooks. Webhook endpoints are pinned behind TLS termination at the edge; you can self-host the same stack using our Docker images if your policy requires a private region.

  • One-click rollbacks and build logs live in your Railway dashboard.
  • Secrets never ship to the browser—only short-lived session tokens for the marketing app.

AI routing

MergeGuard selects models based on risk tier, diff size, and product configuration. Fast passes use efficient endpoints; high-risk or large-blast-radius diffs can escalate to larger context windows. Traffic stays over TLS to provider APIs; prompts are scoped to the PR under review plus your configured policies.

Ingress

Normalize webhook + fetch patches

Router

Pick provider, model, and token budget

Egress

Format GitHub review + inline anchors

Quickstart

Connect MergeGuard to your repository in under 2 minutes.

  1. 1. Sign up at /signup.
  2. 2. Install the GitHub App from your dashboard.
  3. 3. Add a default policy or accept the recommended defaults.
  4. 4. Open a PR — MergeGuard comments with risk scoring instantly.

Guides & reference

Repository setup & operations

From first install through compliance exports and programmatic hooks—everything below lives in this panel so you can scan it in one pass.

Connect a repository

Choose orgs and repos during GitHub App installation. MergeGuard only sees events for repos you enable.

Configure policies

Set risk thresholds, required reviewers, and merge rules from the dashboard. Policies apply per default branch unless you scope them per repo.

Writing custom rules

Compose guardrails in YAML—lint gates, CODEOWNERS sync, and custom checks.

Audit trails for SOC 2

Export delivery IDs, review outcomes, and policy evaluations for your compliance pack.

Team approvals

Layer MergeGuard findings on top of native GitHub approval rules.

REST API

Programmatic access for enterprise orchestration—contact sales for keys.

Webhooks

Subscribe your SIEM to MergeGuard delivery webhooks for secondary alerting and analytics.

CLI

Local validation and dry-run reviews—shipping in a future release.