MergeProtect - AI review and tests for every pull request.

by
Most PR tools review the diff in isolation. MergeProtect builds a call graph of your whole codebase and works from impact. - Reviews each PR against the functions, routes, and DB models it actually affects downstream. - Generates tests (property, boundary, contract, mutation) scoped to the impacted code, with LLM self-healing. - Runs k6 smoke tests on impacted API routes to catch latency regression. - Sandboxed execution, PR-gating GitHub Action, optional prod traffic capture.

Add a comment

Replies

Best
Hey Product Hunt Honest confession: I get anxiety every time I hit merge. Since I started shipping with AI coding tools, PRs aren't 20-line diffs anymore — they're 800-line sprawls that touch six files I didn't ask them to touch. I read through, things look fine, tests pass, CI is green. But I have no idea what this is actually going to break three calls downstream. That's the gap I wanted to close: AI writes the code in minutes, but understanding what it impacts still takes hours, and most teams just skip that part and pray. MergeProtect parses your whole codebase into a call graph (functions, routes, DB models, the edges between them). When a PR opens, human-authored or vibe-coded, it traces the blast radius from the changed nodes, reviews the PR in the context of what those changes actually affect downstream, generates tests scoped to the impacted code, and runs a k6 smoke test on any affected API routes. All before merge, all sandboxed. What's in the box: - Intent-aware PR review:- comments cite the downstream functions, routes, and DB models a change affects, not just the lines that moved - Risk score (0–10):- composite signal from blast radius, test coverage of impacted nodes, change complexity, and historical hotspots, so you know where to actually look in a 40-file AI-generated PR - Impact graph visualization:- live dashboard view of the call graph with changed and impacted nodes highlighted, so you can see the blast radius. - AI-generated tests, 10 techniques:- property-based, boundary, mutation, contract, fuzz, and more scoped to impacted code, with a self-healing repair loop that fixes failing generations via LLM. - Performance smoke tests:- k6 scripts auto-generated for impacted API routes (5 VU / 30s), so latency regressions surface pre-merge. - Production traffic capture:- a pip-installable ASGI middleware streams real request shapes back into test generation, so tests match how the API is actually called. - Sandboxed execution:- Docker sandbox with hard CPU, memory, FS, and process limits — not on your CI runners, not against your prod. - GitHub-native:- webhook-triggered, auto PR comments, and a Composite Action that gates merge if risk crosses your threshold. Would love to hear from anyone else feeling this, what's your pre-merge ritual now that your PRs are AI-written?