Runtime
MergeGuard web and API services run on Railway with isolated containers, rolling deploys, and environment-scoped secrets.
Transparency
Security & infrastructure
What we run, who we call, and how we keep pull-request analysis predictable for security-minded teams.
Powered by
OpenAI
Anthropic
GitHub
Railway
GitHub App
Fine-grained installation permissions, per-repo access, and short-lived tokens. No broad OAuth password grants for org code.
AI providers
Reviews are generated through OpenAI and Anthropic APIs. Prompts include only the diff and metadata you send to MergeGuard—no unrelated corpus training on your behalf.
Encryption
TLS 1.2+ for every browser and GitHub webhook call. Secrets and keys live in managed secret stores, not in the repo.
Uptime
Hosted on the same regional edge patterns Railway recommends for production Node services. We monitor webhook success and API latency continuously.
Data handling
Review payloads are processed in memory for the request lifecycle. Retention policies follow your plan tier; contact us for DPA and enterprise controls.
At a glance
- Hosts
- Railway · managed TLS
- Integrations
- GitHub App + webhooks
- Models
- OpenAI · Anthropic (routed)
- Status
- Synthetic checks + delivery logs