AI code review · GitHub App

Is this PR safe to merge?

PRMergeSafe reads every pull request and flags the things that actually break production. Breaking changes. Data risks. Security holes. No style nits. No noise.

Install on GitHubSee how it works →

Start free · No credit card · Install in 30 seconds

github.com/your-org/checkout · PR #142
prmergesafe-app·bot·42 seconds ago
CRITICAL— Do Not Merge Without Review

@taylor — please take a look 👇

This PR removes the verifyJwt() call from requireAuth middleware. All authenticated routes will now accept any value in the Authorization header.

Severity
Category
File
Issue
CRITICAL
Security
auth.ts:42
JWT verification removed
HIGH
Breaking
users.ts:8
Caller still expects auth

🎯 Risk: 87/100  ·  🎚 Confidence: 95%  ·  ⏱ 28s  ·  💳 1 credit

Built for signal

We comment on what breaks production.
Not what your linter already caught.

Most AI review tools generate noise. PRMergeSafe is opinionated about what merge safety actually means.

We flag

  • Removed exports & breaking API changes
  • Schema migrations & data corruption risks
  • Hardcoded secrets & SQL injection
  • Dependency conflicts (package.json, go.mod, etc.)
  • Missing test coverage on changed code
  • Auth & security boundary changes

We ignore

  • Naming, formatting, code style
  • "Consider using" suggestions
  • Stylistic preferences
  • Comments / documentation improvements
  • Minor refactor opportunities
  • Anything your linter already catches

How it works

Three steps. No new workflow.

01

Install on GitHub

One click. Pick the repos you want analyzed. Start free, no credit card required.

02

Open a PR as usual

Push code like always — from GitHub, your IDE, or gh CLI. No new tools to learn.

03

Read the verdict

Within ~30 seconds: comment on the PR + status check. Risk score 0-100 + exact findings.

Risk levels

From green check to red gate.

Every PR gets a clear verdict. Configure the threshold to match how cautious your team wants to be.

🟢

Safe

Merge with confidence

🟢

Low

Minor observations

🟡

Medium

Review recommended

🟠

High

Significant risks

🔴

Critical

Do not merge

🟣

Needs Review

Uncertain — ask a human

Pricing

Same AI quality on every plan.

You pay for volume, never for analysis quality. Cancel anytime.

Free

$0/mo

15 PR credits / month

  • Unlimited repos
  • Same AI quality
  • Community support
Get started

Starter

$29/mo

60 PR credits / month

  • Unlimited repos
  • Custom rules + protected paths
  • $0.20/credit overage
Get started
Most Popular

Team

$79/mo

200 PR credits / month

  • Everything in Starter
  • Email support
  • $0.15/credit overage
Get started

Scale

$249/mo

700 PR credits / month

  • Everything in Team
  • Priority analysis
  • Slack support
  • $0.12/credit overage
Get started

FAQ

Questions, answered.

How is this different from CodeRabbit / Cursor / GitHub Copilot review?+

Those tools comment on style, naming, and "consider using" patterns. PRMergeSafe ignores all of that. We only flag things that actually break production — breaking API changes, data risks, security holes, dependency conflicts. Less noise, higher signal.

How much does it cost?+

Free includes 15 PR credits per month. Starter is $29/mo for 60 credits. Team is $79/mo for 200 credits. Scale is $249/mo for 700 credits. Most small PRs use 1 credit; very large PRs (>10K lines) use up to 20 credits. Every plan gets unlimited repositories.

What happens when I hit my monthly credit limit?+

Free is hard-capped — new PRs are not analyzed until your cycle resets. Starter, Team, and Scale automatically continue at a per-credit overage rate ($0.20 / $0.15 / $0.12 respectively). You always stay in control — the dashboard shows live usage and projected overage.

Why are some features paid-only?+

Custom rules, protected paths, and blocking-level customization are available on Starter and up. Free covers the core experience — every PR analyzed with sensible defaults. Paid plans unlock the controls that teams with specific policies need.

What is a protected path and why does it cost more?+

Protected paths (e.g. src/auth/, migrations/) force our deepest analysis pipeline every time, skipping the fast first-pass triage and adding adversarial verification. PRs touching these paths consume 5× credits because they take 5–10× more compute to analyze thoroughly. It is the right trade for code where a missed bug is catastrophic.

What does PRMergeSafe actually see?+

Just the diff plus the current contents of changed files in the PR. We do not clone, mirror, or persist your full repository. Code is sent through our AI analysis pipeline and we store only the resulting analysis — never your source code.

Can I customize what it analyzes?+

Yes — on Starter and up. Add team-specific custom rules (e.g. "always flag missing input validation"), mark protected paths for deep analysis, and choose how strict the merge-blocking threshold should be. Configure once at the org level, or override per repository.

Does PRMergeSafe block my PRs from merging?+

Optionally. We always post a comment + a GitHub Check Run. The merge button is only actually blocked if your repo has GitHub branch protection requiring our check to pass. You configure your blocking threshold (CRITICAL only, HIGH+, MEDIUM+, etc.) in the dashboard.

What happens if the AI makes a mistake?+

Two safeguards: every HIGH/CRITICAL finding goes through a second-pass adversarial verification before being shown; uncertain calls get marked NEEDS_HUMAN_REVIEW rather than fabricating confidence. You can also re-run any analysis from the dashboard at no extra cost.

Can I switch or cancel plans?+

Yes — change plans anytime via the billing page (Stripe Customer Portal). Cancel anytime; you keep access until the end of the billing cycle. We never charge cancellation fees.

Stop merging surprises.

Start free in under 30 seconds — no credit card required.

Install on GitHub