Outputs

Status Check

In addition to the PR comment, PRMergeSafe posts a status check that branch protection rules can use to block risky merges.

What it is

At the bottom of every PR, GitHub shows a list of checks (status checks, like the ones CI systems post). PRMergeSafe adds one called PRMergeSafe / Analysis.

Unlike the comment (which is informational), the status check can be made required in your repo's branch protection settings — meaning the merge button is disabled until PRMergeSafe says it's safe.

States

The check goes through two visible states:

1. ⏳ In progress (immediate)

Posted within ~1 second of the PR opening. Shows a spinner and the text "Analyzing pull request…". This is your signal that PRMergeSafe received the webhook and is working — no more guessing whether the bot is alive.

2. Final state (after analysis)

Once analysis finishes (usually 30–90 seconds), the check updates to one of these final states:

  • ✅ Success — risk level is SAFE or LOW. Merge with confidence.
  • ⚠️ Action required — risk level is MEDIUM, HIGH, CRITICAL, or NEEDS_HUMAN_REVIEW. Review the comment before merging.
  • ⚪ Neutral — skipped PR (e.g. [skip-prmergesafe]in the title, empty diff). Doesn't block merge.
  • ❌ Failure — PRMergeSafe encountered an error during analysis. Re-push to retry.

Branch protection (the real value)

The status check on its own is informational. Where it becomes powerful is when you wire it into branch protection rules — then GitHub will actually block the merge button until PRMergeSafe passes.

How to set it up

In your repository on GitHub:

  1. Go to Settings → Branches
  2. Find your default branch (usually main) under Branch protection rules and click Edit (or Add rule if none exist)
  3. Enable Require status checks to pass before merging
  4. In the search box, type PRMergeSafe and select it
  5. Save changes

Note: the PRMergeSafe check only appears in this dropdown after at least one PR has been analyzed on the repo. If you don't see it, open a test PR first.

Recommended: require the check on your default branch. Allow other branches (feature/dev, staging) to merge without it during development. This blocks risky merges into production while keeping fast iteration on side branches.

What "Action required" means

When the check shows Action required, the merge button is disabled (assuming branch protection is on). To unblock the merge, you have three options:

  1. Fix the issue — push a new commit that addresses the finding. PRMergeSafe re-analyzes on push and may flip to Success.
  2. Override — admins on the repo can bypass branch protection if the finding is a false positive. Use sparingly.
  3. Raise the risk threshold — if your team is fine with MEDIUM-risk merges, change the threshold in dashboard settings (paid plans only).
The PR CommentDashboard