Getting Started

Visit github.com/apps/prmergesafe and click Install. GitHub will ask which account or organization you want to install on, and which repos PRMergeSafe should have access to.

We recommend starting with Only select repositories and picking one or two non-critical repos to test on. You can always add more later from the dashboard.

Once installed, GitHub redirects you to prmergesafe.com/auth/install. You'll be prompted to sign in via GitHub OAuth — this links your GitHub user to your PRMergeSafe organization so you can see your reviews and configure settings.

After OAuth, you land at prmergesafe.com/dashboard. Your installed repos are listed. By default, every repo you grant access to gets analyzed automatically when a PR opens.

Push code and open a pull request like you always have. No new commands, no CI changes, no workflow edits. PRMergeSafe listens for the pull_request.opened and pull_request.synchronize webhooks and analyzes every new PR or push automatically.

What happens after you open a PR:

1. ImmediatelyA "PRMergeSafe / Analysis · in progress" check appears at the bottom of the PR. This is your signal that PRMergeSafe got the webhook and is working.
2. 30–90 seconds laterA comment is posted on the PR with the full analysis: risk level, score, individual findings, and recommended actions. The status check updates from "in progress" to either "success" or "action required".
3. ThenThe review also shows up in your dashboard at /dashboard/reviews, where you can browse history, filter by repo or severity, and re-open any analysis later.

For teams that want to require PRMergeSafe to pass before a PR can merge: enable branch protection on your default branch and add PRMergeSafe as a required status check.

See Status Check → Branch protection for the exact setup. Most teams skip this on Day 1 and add it after they trust the analysis (it's the same trustworthy core review on every plan).