MergeGuard

VS Code quickstart

Install MG Lab, sign in, and run your first AI review from the editor.

Same account as GitHub & GitLab

Sign in with the MergeGuard account you use for pull request reviews. Editor reviews count toward the same monthly plan limits shown in the sidebar.

1. Install MG Lab

  1. Open Extensions in VS Code (Ctrl+Shift+X / ⌘⇧X).
  2. Search for MG Lab and click Install, or install from the Visual Studio Marketplace.

MG Lab also works in VS Code Insiders, VSCodium, Cursor, and Windsurf—any editor that supports VS Code extensions.

2. Open your project

Open a folder (File → Open Folder…), not just a single file. The extension needs a workspace root to resolve relative paths and run git diff.

3. Sign in

  1. Click the MergeGuard icon in the activity bar (left sidebar).
  2. Click Sign In. Your browser opens the MergeGuard sign-in page.
  3. Connect GitHub or GitLab with the same account you use for PR/MR reviews.
  4. When sign-in completes, the browser redirects back to your editor. The sidebar shows your plan and remaining reviews for the month.

If the redirect does not focus your original window, the extension also polls in the background—wait a few seconds and the sidebar should update automatically.

4. Run a review

Use the MergeGuard sidebar or the Command Palette (Ctrl+Shift+P / ⌘⇧P):

Review Current File

  1. Open the file you want reviewed in the editor.
  2. Click Review Current File in the sidebar, or run MergeGuard: Review Current File from the Command Palette.
  3. Findings appear as editor diagnostics (squiggles), in the sidebar list, and in the output panel.

Review Git Diff

  1. Make local changes in a git repository.
  2. Click Review Git Diff in the sidebar, or run MergeGuard: Review Git Diff.
  3. MergeGuard reviews your working-tree changes (compared to HEAD). Large diffs are truncated to the first 40 files.

Security Scan

  1. Click Security Scan in the sidebar, or run MergeGuard: Security Scan.
  2. The extension scans lockfiles (package-lock.json, etc.), Dockerfiles, Terraform, YAML, and .env files in your workspace.

5. Read findings and apply fixes

  • Sidebar — click a finding to jump to the file and line.
  • Output — open View → Output and select MergeGuard for the full risk score, severity, and suggestions.
  • Explain Issue — select a finding in the sidebar, use the lightbulb quick fix on a diagnostic, or run MergeGuard: Explain Issue for a plain-language explanation. When a fix is available, choose Apply Fix to patch the file in place.
  • Clear findings — use the trash icon in the sidebar title bar or run MergeGuard: Clear Findings.

Editor shortcuts

Right-click in an open file for context-menu actions:

  • MergeGuard: Review Current File
  • MergeGuard: Explain Issue (after a review)

Troubleshooting

  • “Sign in to MergeGuard” — run MergeGuard: Sign In from the Command Palette.
  • “No git changes to review” — save files and confirm you have uncommitted changes in the opened folder.
  • “No lockfiles / IaC files found” — add scannable files (e.g. package-lock.json or a Dockerfile) or open the repo root as the workspace folder.
  • Review limit reached — check remaining reviews in the sidebar or plans & limits. Limits reset at the start of each UTC month.

Next steps