The last line of defense before production

Is this PR safe to merge?

PRMergeSafe reads every pull request and flags what actually breaks production — breaking changes, data risks, security holes. No style nits. No noise.

Install on GitHubSee how it works

0

risk categories

0%

high risks re-checked

0

style nits, ever

your-org/checkout · PR #142 · auth.ts

Live analysis

0

risk / 100

Waiting for diff…

PRMergeSafe / Analysis —in progress

▲ A real catch, replayed — this exact class of bug ships to production every day.

Caught before merge

Hardcoded AWS secret in config.tsDROP COLUMN users.email in migrationverifyJwt() removed from middlewareSQL built by string concatenationlodash 4 → 5 major bump, 3 breaking callersUnhandled rejection in payment webhookHardcoded AWS secret in config.tsDROP COLUMN users.email in migrationverifyJwt() removed from middlewareSQL built by string concatenationlodash 4 → 5 major bump, 3 breaking callersUnhandled rejection in payment webhook
CORS wildcard added to prod configFloat arithmetic on currency amountsMissing await on transaction commitAPI key logged at info levelExported type removed — 7 dependentsRetry loop without backoff or capCORS wildcard added to prod configFloat arithmetic on currency amountsMissing await on transaction commitAPI key logged at info levelExported type removed — 7 dependentsRetry loop without backoff or cap

Built for signal

We comment on what breaks production.
Not what your linter already caught.

Most AI review tools generate noise. PRMergeSafe is opinionated about what merge safety actually means.

We flag

  • Removed exports & breaking API changes
  • Schema migrations & data corruption risks
  • Hardcoded secrets & SQL injection
  • Dependency conflicts (package.json, go.mod, etc.)
  • Missing test coverage on changed code
  • Auth & security boundary changes

We ignore

  • Naming, formatting, code style
  • "Consider using" suggestions
  • Stylistic preferences
  • Comments / documentation improvements
  • Minor refactor opportunities
  • Anything your linter already catches

Branch-protection ready

Wire the PRMergeSafe status check into required checks. Risky merges get blocked before a human even looks.

Custom rules

Teach it your conventions — "flag missing feature-flag wraps", "no raw SQL in controllers". Plain English.

Protected paths

auth/, payments/, migrations/ — your most dangerous paths always get the deepest pipeline with adversarial verification.

Your code, handled safely

It reads your PRs. It never keeps them.

The honest answer to the first question every team asks before installing a tool that touches private code.

🔒

Your code is never stored

We fetch the diff and changed files with your install’s short-lived GitHub token, run the analysis, then discard them. We keep only the verdict and PR metadata — never your source at rest.

🔁

Findings are double-checked

Every HIGH and CRITICAL finding is re-verified by a second AI pass that actively tries to disprove it. You get real risks — not false alarms.

🎛️

You stay in control

We post findings and a status check. Whether to merge is always your call — PRMergeSafe advises, it never silently blocks you.

The pipeline

How a PR travels through.

Stage 1 · ~1ms

PR opened

A webhook hits our API about a millisecond after you click "Create pull request". Nothing to configure, no CI changes.

Stage 2 · fast pass

Instant triage

A fast first pass asks one question: is this change obviously safe? Most PRs stop here — quick, cheap, zero noise.

Stage 3 · full read

Deep analysis

Risky diffs get the full read: breaking changes, data-loss paths, security holes, and the blast radius of every change.

Stage 4 · double-checked

Adversarial verify

Every CRITICAL and HIGH finding is re-checked by a second pass that tries to prove it wrong. False positives die here.

Stage 5 · <60s

Verdict lands

Comment + status check on the PR, usually under a minute. Wire it into branch protection and risky merges block themselves.

Risk levels

From green check to red gate.

Every PR gets a clear verdict. Configure the threshold to match how cautious your team wants to be.

Risk score (0–100)

0100
8Safe
38Medium
67High
92Critical

What you see on the PR

PRMergeSafe / Analysis

In progress — analyzing pull request…

⏳ pending

PRMergeSafe / Analysis

HIGH · score 67/100 — review before merging

action required

Status check appears at the bottom of the PR within ~1 second of opening it. Updates to the final verdict once analysis finishes. Wire it into your branch protection rules to block risky merges automatically.

🟢

Safe

Merge with confidence

🟢

Low

Minor observations

🟡

Medium

Review recommended

🟠

High

Significant risks

🔴

Critical

Do not merge

🟣

Needs Review

Uncertain — ask a human

Pricing

The same trustworthy core review on every plan.

Every plan gets the same core analysis. Team and Scale add Deep Impact Analysis — a deeper pass that traces a change's full cross-file blast radius. Cancel anytime.

Free

$0/mo

15 PR credits / month

  • Unlimited repos
  • Breaking-change detection
  • Community support
Get started

Starter

$29/mo

125 PR credits / month

  • Unlimited repos
  • Custom rules + protected paths
  • $0.25/credit overage
Get started
Most Popular

Team

$79/mo

450 PR credits / month

  • Everything in Starter
  • Deep Impact Analysis
  • Email support
  • $0.20/credit overage
Get started

Scale

$249/mo

2,000 PR credits / month

  • Everything in Team
  • Priority analysis
  • Slack support
  • $0.15/credit overage
Get started

Credits track analysis depth — safe PRs cost about 1 credit, risky PRs that trigger the full verification pipeline cost more.

Stop merging surprises.

Start free in under 30 seconds — no credit card required.

Install on GitHub

Free plan included · Cancel anytime · hello@prmergesafe.com