PRGuard

Code governance for the AI era

Govern your codebase.
Auto-fix the violations.

Define your standards in plain-language context files. PRGuard audits every diff against them, catches the violations, and opens a PR with the fix.

01 · What you get

Native GitHub Integration

Runs on pull requests, pushes, or both — posting status checks, inline comments, and developer-approved fix PRs

Choose Your
Model

Pick Anthropic or Google Gemini for your organisation, tuning review depth against cost on every audit

Deep-Context
Retrieval

Reviews and fixes are grounded in your real code and the governance rules you define in PRGuard

Consistent,
Rule-Based Reviews

Your Markdown rules are applied the same way to every commit and PR, across repos and teams

Audit-Grade
Traceability

Each finding is traced end to end — from first flag, to fix PR, to the re-audit that closes it

02 · See it run

One Vision. Every Commit.

Your whole team — not just engineers — defines the standards, in one shared place. PRGuard checks every PR and push against them, shows the violations, and proposes fixes you approve before merge — with a full audit trail of every decision.

Scenario: A developer opens a PR to add Stripe payments — and PRGuard checks it against the team’s standards, line by line.

Architect Security SRE Product Compliance QA AppSec
PRGuard
PRGuard Audit Example

Add Stripe Webhook Handler

25 /100
Verdict
Non-Compliant
Type
Pull Request
Repository
payments
Author
j.doe
Analysis Provider
Gemini

Summary

This pull request introduces multiple critical security and compliance issues, plus a few quality warnings.

Overview

The diff adds a Stripe webhook handler in billing/webhooks.py, wiring payment events directly into the API view layer. The code processes events without verifying the signature, logs the full card number, and writes to the database outside the service layer — with reliability and test-coverage gaps on top.

Key Findings

  • Errors billing/webhooks.py: unverified Stripe signature, full PAN written to logs, a raw exception leaked in the 400 response, a direct DB write bypassing the service layer, and no idempotency guard — risking double charges.
  • Warnings billing/webhooks.py: no customer payment-confirmation email, and zero test coverage on the new payment path.

Recommendations

  1. Verify the Stripe-Signature header with stripe.Webhook.construct_event(...) before processing.
  2. Move the database write into PaymentService.record_charge(event) — no direct ORM calls from the view.
  3. Stop logging the full PAN; log only the last four digits if a reference is needed.
  4. Return a generic message in the 400 response and log the exception server-side only.
  5. Guard duplicate events with ProcessedEvent.objects.get_or_create(stripe_id=event.id).
  6. Send the confirmation email via notify_customer_payment(charge).
  7. Add tests for success, signature failure, duplicate event, and missing payload.

Findings

7 Click to expand
Service layer violation Architect Direct database write bypasses the service layer. All mutations must go through PaymentService.
Webhook signature not verified Security Stripe payload processed without verifying the Stripe-Signature header. Any caller can trigger payment events.
Full PAN written to logs Compliance Full card number (PAN) written to logs in plain text. PCI-DSS v4.0 requires the PAN to be unreadable anywhere it is stored — including application logs.
Raw exception in 400 response AppSec Exception message returned verbatim in the HTTP 400 body — leaks internal stack details to potential attackers.
No idempotency key SRE No duplicate event check. Stripe retries on timeout — without idempotency this will double-charge customers.
Payment confirmation not sent Product Charge recorded but no receipt email dispatched. Per spec, every successful payment must trigger a confirmation.
No test coverage QA 0% test coverage on this file. Team standard requires tests for all payment code paths before merge.

03 · Why a governance layer

More Than a Reviewer.

AI writes more of your codebase every week. Bolting on a tool that leaves review comments is easy. The hard part is governing what ships: enforcing your standards the same way every time, screening for risk, keeping a human in control, and proving what happened.

Enforcement, not suggestions

Your rules are applied identically to every pull request and push. Leave it in comment-only mode, or turn it into a merge gate that blocks on a failure — your call, per repository.

Risk screening built in

Before any audit runs, a gatekeeper screens every change for prompt-injection attempts — instructions hidden in a diff trying to manipulate the reviewer.

Accountability you can prove

Every finding, decision, and fix is recorded with a governance score and full history — an audit trail you can show an auditor rather than a comment in a thread that scrolls away.

Plenty of tools will review your pull requests. A governance layer answers the question a reviewer can’t: can you prove your standards were enforced — and who decided what?

04 · Governance

Govern Every PR and Push.

PRGuard enforces your team’s standards on every pull request — or every push, your choice — flagging or blocking what doesn’t comply and proposing fixes your team approves. Every finding and decision is logged, so you keep a full audit trail and stay in control of what ships.

PR or Push PRGuard Blocked Passed AI fix re-audited Compliant Codebase

Global Engineering Consistency

Your team in London and your team in Tokyo follow the same architectural rules — enforced automatically, on every change, around the clock.

Hierarchical Enforcement

Standardise rules across your entire organisation with global blocks, or allow repository-specific overrides. Tiered governance that scales with your business.

Usage-Linked Scaling

Transparent, credit-based pricing that aligns with your engineering output. Clear team and repository allocations support most project scenarios.

Every Decision, Logged

A complete, attributable record of what PRGuard found, flagged, and fixed — ready for your SOC 2 and PCI-DSS reviews, with clear visibility into your LLM usage and spend.

AI cost optimisation

A low-cost gate in front of expensive AI.

Already running premium AI reviewers or coding agents on every PR? Put PRGuard in front as a fast first pass, so they only spend tokens on changes that already clear your standards — never on code that was never going to merge.

PR or Push PRGuard Passed Premium AI Merged Blocked never reaches your premium AI — no tokens spent

Both run on your own engineering standards.

05 · AI-Assisted Remediation

Where the AI Can Fix It, PRGuard Writes the Patch.

Not every finding can be auto-fixed — and PRGuard never pretends otherwise.
For the ones where the AI is confident, you get the option — approve it, and PRGuard writes the patch.

1

Audit surfaces a finding

The finding is flagged at the exact file and line, with the matching rule, severity, and a suggested fix.

Webhook signature not verified

billing/webhooks.py · line 14 · Security

2

PRGuard ships the fix

By default the patch lands as a reviewable PR on a dedicated prguard/fix-* branch — or, if you prefer, a direct commit to a branch you choose. The delivery mode is yours to set.

fix: verify webhook signature before processing

Open · prguard/fix-webhook-signature · prguard-dev-app[bot]

+8 -2 billing/webhooks.py
3

Re-audit confirms the fix

PRGuard runs another audit on the fix branch. The finding is closed — you merge with confidence.

PRGuard / audit — passing

0 errors · 0 warnings · All findings resolved

billing/webhooks.py
@csrf_exemptdef stripe_webhook(request):    # Stripe POSTs a signed event on every billing change    payload = request.body    # no signature check — anyone can POST a forged event    event = json.loads(payload)    # Hand the event to the right service    if event["type"] == "invoice.paid":        handle_payment(event["data"]["object"])    return HttpResponse(status=200)
Exact patch generated from your context rules — not a generic suggestion.

Batch remediation

Many fixes, one clean PR.

Select several findings on a file and PRGuard resolves them in a single pull request — applying each fix in sequence, re-checking it against the file as it changes so they never clash, then re-auditing the batch to confirm the file's governance score improved, never regressed.

Automatic escalation

Escalation, on your terms.

When your primary model can't produce a clean patch, PRGuard automatically retries once with an escalation model you nominate — even one from a different provider. One more attempt, on your terms, before it reports back instead of forcing anything.

06 · Context Studio

Your Standards, Your Language.

Define governance rules in plain Markdown — no special syntax, no config files. Start from industry templates or write your own.

Context Studio

Manage the context files that define how your AI agents think and behave.

Context Files 9 files
Payments

Architect

service-layer.md

Security

owasp-top10.md

Compliance

pci-dss.md

AppSec

error-handling.md

SRE

idempotency.md

Product

payment-flows.md

QA

test-standards.md
change-validation.md

SysAdmin

network-addressing.md
security/owasp-top10.md v1

OWASP Top 10 Security Review

You MUST review every pull request for the following OWASP Top 10 risks:

Injection

Flag SQL, NoSQL, OS, or LDAP injection. Require parameterised queries.

Broken Authentication

Reject hardcoded credentials, weak session management, or missing MFA enforcement.

Sensitive Data Exposure

Ensure secrets, tokens, and PII are never committed. Require encryption at rest and in transit.

Broken Access Control

Verify authorisation checks on every endpoint. No direct object references without ownership validation.

Cross-Site Scripting (XSS)

Require output encoding. Flag innerHTML or dangerouslySetInnerHTML without sanitisation.

Insecure Deserialisation

Flag pickle.loads, yaml.load, or unserialize on untrusted input.

You NEVER approve a PR that introduces any of these risks without a documented mitigation plan.

Details

File Info

Version v1
Source Manual
Scan Scan passed
Scope Payments
Size 2.4k / 50k chars
Updated 4 Apr 2026
Edited by J. Doe

Recent Activity

Last edited 4 Apr 2026
Version v1

Deep-Context Retrieval

The audit reads your real code, not a guess.

When a rule points at a file with @ref:, PRGuard fetches it at the PR’s commit and condenses it to a compact skeleton — its public API, types, key patterns, and any invariants documented in the code, not the whole file. That skeleton goes into the audit, so the AI reasons against your actual interfaces — and the fixes it proposes call them correctly — at a fraction of the token cost.

sre/idempotency.md

All Stripe events must flow through the canonical dispatcher — @ref:billing/webhook_dispatcher.py

fetched & condensed to a skeleton
webhook_dispatcher.py · skeleton
# condensed to its public surfaceclass WebhookDispatcher:    def dispatch(event: StripeEvent) -> None    def register(kind: str, handler: Handler)    seen_event_ids: set[str]

07 · Roles

Built for Every Role.

Whether you're shipping code, securing it, or accountable for it — PRGuard fits your workflow.

Engineers

Get fast, automated feedback on every change — PR or push. Catch architectural drift the moment it's introduced, and spend less time waiting on review.

Architects

Scale your technical vision. Define your patterns in plain Markdown and have them enforced consistently across every repository — automatically.

Security & AppSec

Enforce OWASP standards and catch hardcoded secrets on every PR and push. Keep a detailed audit trail for your SOC 2 and PCI-DSS reviews.

SRE & QA

Automatically enforce idempotency, error-handling patterns, and test coverage standards. Prevent unreliable code from reaching production before it becomes an incident.

Product & Compliance

Ensure every change respects core product flows and regulatory requirements. Transform complex compliance constraints into automated, enforceable safeguards.

CTOs, VPs & Executives

Track governance scores and finding trends across every team from one dashboard — full visibility into code quality, compliance posture, and your AI spend.

08 · Workflow

From Finding to Fix.

Every audit produces structured, actionable findings — not just a wall of text. Assign them to teammates, copy the exact AI prompt, or pipe the remediation bundle straight into your toolchain.

1

Findings surfaced at the exact line

Every failing audit produces structured findings with file path, line number, severity, and the context rule that triggered it — not a vague summary.

Webhook signature not verified

billing/webhooks.py:14 · signature-verification

Error
2

Assign it to the right teammate

Assign each finding straight from the audit report and set its priority and due date. It lands in their My Tasks inbox with the full context — file, line, the rule it broke, and the suggested fix — plus a comment thread to discuss it, a link to the related ticket, and status tracked from Open to Fixed.

Assigned to a teammate

P2 · due in 3 days

Open
3

AI prompt included — ready for your coding tool

Every finding ships with a precise, copy-paste ready instruction for GitHub Copilot, Cursor, or any AI tool. No interpretation needed.

AI prompt

Edit billing/webhooks.py line 14: verify the Stripe-Signature header with stripe.Webhook.construct_event() before processing.

remediation.prguard.json
{
  "schema": "prguard.remediation/v1",
  "verdict": "FAIL",
  "findings": [
    {
      "file":       "billing/webhooks.py",
      "line":       14,
      "severity":   "ERROR",
      "rule":       "signature-verification",
      "suggestion": "Verify the Stripe-Signature before processing",
      "ai_prompt":  "Edit billing/webhooks.py line 14: verify the
Stripe-Signature header with
stripe.Webhook.construct_event() before processing"
, "fix_kind": "patch" } ] }
The same bundle PRGuard’s auto-fix runs on

09 · Safety & Control

You Stay in Control. Always.

AI-assisted fixes are a tool and not a takeover. The AI is screened for manipulation, a person triggers every change, and nothing lands without your say-so — these guardrails are baked in, not optional settings.

Prompt-injection screening

Before the AI reviews a single line, a gatekeeper pass screens every change for prompt-injection attempts — so malicious instructions hidden in a diff can’t hijack the audit.

A person triggers every fix

Nothing is fixed automatically. A developer assigns each finding to the AI by hand — it only acts when a human on your team decides it should.

On by default, yours to switch off

Auto-fix is enabled on every repository out of the box. An owner or admin can switch it off per repo at any time — your cost control. While it’s on, any developer can hand a finding to the AI, since they’re the one reviewing the result.

You decide what merges

Fixes land as a reviewable pull request by default — you read the diff and merge on your terms. Prefer direct commits? That’s a setting you can choose.

Conflicts skipped, never forced

If a patch can’t apply cleanly — the file moved, a conflict exists, or the diff is ambiguous — PRGuard skips that finding and reports it for human review. No force-push, no guesswork.

Every decision logged

Every finding, decision, and fix is recorded and attributable — a complete audit trail you control and can hand straight to a reviewer.

10 · Pricing

Simple, Transparent Pricing.

You set what AI review costs, up front. Pick your plan and your model, and spending stops at your credit allowance unless you top up. Every token and credit is logged — no surprises, just the price you signed up for.

Purchased top-up credits roll over Choose your LLM model to control cost per audit Full transactions, payments & usage history in-dashboard

Trial

$10 activation

Platform access

  • Up to 3 repositories
  • Up to 5 seats
  • Standard processing
  • Context Studio
  • GitHub integration
Get started

Starter

$30 / month

Platform access

  • Up to 10 repositories
  • Up to 15 seats
  • Priority processing
  • Context Studio
  • GitHub integration
Get started

Pro Team

$300 / month

Platform access

  • Up to 50 repositories
  • Up to 100 seats
  • High-priority processing
  • Context Studio
  • GitHub integration
Get started
Enterprise

Enterprise Governance

Custom deployment and migration support for large-scale engineering orgs.

Unlimited repositories & seats Custom credit allocation & volume discounts Dedicated onboarding & Context Studio setup Priority support & Enterprise SLA
Talk to sales →

Talk to our enterprise team

Tell us a bit about your organisation and we’ll be in touch within one business day.

LLM provider preference

Select all that apply.

Deployment preference

11 · FAQ

Frequently Asked Questions.

Everything you need to know before connecting your first repo.

Does PRGuard review every push, or just pull requests?
Both, by default. Each repository has an audit trigger you control — review pull requests only, pushes (commits) only, or both. PRGuard runs the same audit pipeline either way, so you can guard your default branch against direct pushes as well as PR-based workflows.
Does PRGuard read or store my source code?
PRGuard never clones your repository or stores whole source files. It works from the file diffs it fetches from GitHub via the API and forwards the relevant changes to your chosen LLM provider for analysis. The diff is processed in memory for the duration of the audit and is never written to our database — once the audit completes, the underlying code is discarded. We keep a record of each audit’s findings, verdict, and metadata (such as PR number, author, and file count), so you have a complete, reviewable audit trail without retaining your code. Everything is scoped to your organisation. If Deep Context is enabled, PRGuard fetches referenced source files from GitHub to sharpen the analysis; only compact skeletons of those files are added to the prompt.
Can a malicious diff trick PRGuard with hidden instructions?
This is exactly what the gatekeeper is for. Before the main audit runs, every change passes through a separate prompt-injection screen that looks for instructions hidden in the diff — in comments, strings, or filenames — trying to manipulate the reviewer. If it detects an injection attempt, the audit is stopped before the main model ever sees the payload.
Doesn’t GitHub already scan for leaked secrets?
It does — for strings that match a known provider’s pattern, after they’re already in your history. When both systems flag the same key, that’s independent confirmation, not redundancy. But pattern-matching is one narrow tripwire: it won’t recognise an internal password or token with no famous format, and it will never see a SQL injection, a race condition, a money-handling bug, or a violation of your team’s own standards. PRGuard reads every change like a reviewer — it flags the exact line during review, applies the policies you set in Context Studio (a committed key is rotated, not just moved to an environment variable), and offers the fix. Secret scanning is a smoke alarm; PRGuard aims to stop the fire being merged in the first place.
What GitHub permissions does PRGuard need?
PRGuard installs as a GitHub App on only the repositories you select. It reads your code changes and pull requests to run audits, uses pull-request write access to post its reviews, and commit-status write to report each audit’s pass/fail on the commit. If you use auto-remediation, it also needs contents write access to open a fix branch or commit a patch you’ve approved. You can review its access on the GitHub App page and remove it from any repo at any time.
Which LLM providers can I use?
Anthropic and Google Gemini are both supported. You pick the model for your organisation from a curated list — each one verified to work with PRGuard’s audit pipeline — and can tune review depth against cost on every audit.
Will PRGuard block my PR from merging?
Not unless you ask it to. By default PRGuard runs in comment-only mode — it posts its findings as a review but never requests changes or blocks a merge. If you want it to gate merges, switch the repo to Full review mode and it will request changes on a FAIL, so the PR can’t merge until the issue is addressed. The choice is per repository.
How does pricing work? What does the $10 trial cover?
The $10 trial gives you full platform access and a block of credits to run real audits and explore every feature. After that, each plan includes a monthly credit allowance — larger on higher tiers. Every audit draws down credits based on the LLM tokens it uses, so you only pay for what you run. Need more before your next cycle? Top-up credits are available and roll over. There are no per-seat charges or hidden automation fees, and choosing a more efficient model stretches your credits further.
What happens if I run out of credits mid-cycle?
Nothing breaks. Before contacting any LLM, PRGuard runs a pre-flight credit check — if your balance is too low, it skips the audit cleanly rather than running up a charge or failing your pipeline. Top-up credits are available anytime and roll over, and your plan allowance refreshes at the start of each cycle.
Can I cancel anytime? What happens to my credits?
Yes. You manage your subscription through the billing portal — upgrade, downgrade, or cancel whenever you like, with no lock-in. Any top-up credits you’ve purchased will be refunded; your monthly plan allowance simply stops refreshing once the subscription ends.
Can I suppress findings on code I don't own or intentionally left in?
Yes — if the repo has skip markers enabled. Add [skip prguard] (or [skip ci]) to your PR title or commit message and PRGuard will bypass the audit entirely for that event.
Will PRGuard push commits to my main branch?
Only if you explicitly choose to. Auto-remediation never runs on its own — a developer assigns the finding first. By default, PRGuard creates a new prguard/… branch and opens a pull request for you to review and merge. You can opt in — via a confirmation step — to have a fix committed straight to your default branch instead, but that’s a deliberate choice you make each time; the default is always a pull request.
PRGuard flagged something I disagree with — can I tune it?
Yes — that’s what Context Studio is for. You can write custom rules and instructions — organised by category (roles, system facts, boundaries, and engineering standards) and scoped to your whole organisation or a single repository — that tell PRGuard what to care about and what’s acceptable in your codebase. The next audit picks up your changes automatically.
Where are my Context Studio rules stored?
Context rules (custom instructions, organised by category and scope) are stored in PRGuard's database, scoped to your organisation. They are never written back to your repository. You can edit them anytime in Context Studio, or download the full set with the PRGuard CLI (prguard pull <org-slug>).

Start Governing Your Code Today.

Set up in under 5 minutes.

Built and operated by Unifi Software Development Ltd, a software company registered in England & Wales, number 11054002. Security-first by design — every change is screened for prompt injection, your data stays scoped to your organisation, and every decision is captured in a complete audit trail.