{"id":48443995,"url":"https://github.com/santthosh/mergewatch.ai","last_synced_at":"2026-04-06T17:03:03.710Z","repository":{"id":342158933,"uuid":"1173050881","full_name":"santthosh/mergewatch.ai","owner":"santthosh","description":"AI-powered PR reviews running in your AWS account. Your models, your cloud, your rules. No code stored.","archived":false,"fork":false,"pushed_at":"2026-04-05T10:36:01.000Z","size":23245,"stargazers_count":4,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-05T11:23:33.899Z","etag":null,"topics":["ai-code-review","automated-code-review","bedrock","claude","code-review","github-actions","github-app","llm","multi-agent","open-source","pull-request","pull-requests","self-hosted"],"latest_commit_sha":null,"homepage":"https://mergewatch.ai","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/santthosh.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-05T00:45:01.000Z","updated_at":"2026-04-05T10:36:06.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/santthosh/mergewatch.ai","commit_stats":null,"previous_names":["santthosh/mergewatch.ai"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/santthosh/mergewatch.ai","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/santthosh%2Fmergewatch.ai","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/santthosh%2Fmergewatch.ai/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/santthosh%2Fmergewatch.ai/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/santthosh%2Fmergewatch.ai/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/santthosh","download_url":"https://codeload.github.com/santthosh/mergewatch.ai/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/santthosh%2Fmergewatch.ai/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31481238,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-06T14:34:32.243Z","status":"ssl_error","status_checked_at":"2026-04-06T14:34:31.723Z","response_time":112,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-code-review","automated-code-review","bedrock","claude","code-review","github-actions","github-app","llm","multi-agent","open-source","pull-request","pull-requests","self-hosted"],"created_at":"2026-04-06T17:03:00.538Z","updated_at":"2026-04-06T17:03:03.704Z","avatar_url":"https://github.com/santthosh.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"assets/wordmark-fit.png\" alt=\"mergewatch\" height=\"48\" /\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cstrong\u003eOpen-source AI code reviews for every pull request.\u003c/strong\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/santthosh/mergewatch.ai/actions/workflows/ci.yml\"\u003e\u003cimg src=\"https://img.shields.io/github/actions/workflow/status/santthosh/mergewatch.ai/ci.yml?style=flat-square\u0026label=tests\" alt=\"Tests\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/santthosh/mergewatch.ai/actions/workflows/docker-publish.yml\"\u003e\u003cimg src=\"https://img.shields.io/github/actions/workflow/status/santthosh/mergewatch.ai/docker-publish.yml?style=flat-square\u0026label=docker\" alt=\"Docker\"\u003e\u003c/a\u003e\n  \u003cimg src=\"https://img.shields.io/badge/coverage-85%25-brightgreen?style=flat-square\" alt=\"Coverage\"\u003e\n  \u003ca href=\"https://github.com/santthosh/mergewatch.ai\"\u003e\u003cimg src=\"https://img.shields.io/github/stars/santthosh/mergewatch.ai?style=flat-square\" alt=\"Stars\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/santthosh/mergewatch.ai/issues\"\u003e\u003cimg src=\"https://img.shields.io/github/issues/santthosh/mergewatch.ai?style=flat-square\" alt=\"Issues\"\u003e\u003c/a\u003e\n  \u003ca href=\"LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-AGPL--3.0-blue?style=flat-square\" alt=\"License\"\u003e\u003c/a\u003e\n  \u003cimg src=\"https://img.shields.io/badge/PRs-welcome-brightgreen?style=flat-square\" alt=\"PRs Welcome\"\u003e\n\u003c/p\u003e\n\n---\n\nMergeWatch is a GitHub App that reviews every pull request with a team of specialized AI agents running in parallel. Security, bugs, style, error handling, test coverage, and comment accuracy are each reviewed independently, then an orchestrator deduplicates findings and scores merge readiness from 1 to 5.\n\nInstall it on your repos and it just works. Every PR gets a structured review comment, a Check Run in the merge box, and optionally a Mermaid architecture diagram of the changes.\n\n## What you get\n\n- **6 review agents + 2 utilities** running in parallel (security, bug, style, error handling, test coverage, comment accuracy — plus summary and diagram generators)\n- **Merge readiness score** (1-5) on every PR so you know at a glance if it's safe to merge\n- **Any LLM** — Anthropic, AWS Bedrock, LiteLLM (100+ providers), or Ollama for fully local/air-gapped\n- **Smart skip** — auto-detects trivial PRs (lock files, docs, config) and skips them to save cost\n- **GitHub Checks integration** — pass/fail in the PR merge box\n- **Mermaid diagrams** — auto-generated architecture diagram of each PR's changes\n- **Codebase awareness** — agents can request and read source files beyond the diff for deeper context\n- **Re-review on demand** — comment `@mergewatch review` to re-run, `@mergewatch summary` for a summary, or ask questions with `@mergewatch \u003cyour question\u003e`\n- **Per-repo config** — drop a `.mergewatch.yml` to customize models, agents, rules, and tone\n- **Dashboard** — Next.js app with analytics, review history, settings, and light/dark themes\n\n## Quick start (Docker)\n\nThree services. One command. No cloud account required.\n\n```bash\ngit clone https://github.com/santthosh/mergewatch.ai.git \u0026\u0026 cd mergewatch.ai\ncp .env.example .env\n# Fill in your GitHub App credentials and LLM provider (see below)\ndocker compose up -d\n```\n\nVerify:\n\n```bash\ncurl http://localhost:3000/health\n# { \"status\": \"ok\", \"version\": \"0.1.0\", \"db\": \"connected\", \"llmProvider\": \"anthropic\" }\n```\n\nDashboard at **http://localhost:3001**. Sign in with GitHub and install the app on your repos.\n\n\u003e **No AWS. No IAM. No SAM.** Just Docker.\n\n| Service | Port | Image |\n|---------|------|-------|\n| **mergewatch** (server) | 3000 | `ghcr.io/santthosh/mergewatch:0.1.0` |\n| **dashboard** (Next.js) | 3001 | `ghcr.io/santthosh/mergewatch-dashboard:0.1.0` |\n| **db** (PostgreSQL 16) | 5432 | `postgres:16-alpine` |\n\nPre-built images are published to GHCR on pushes to `main` that change relevant source files, and on every GitHub Release. Upgrade with `docker compose pull \u0026\u0026 docker compose up -d`.\n\n### Environment variables\n\nCreate a [GitHub App](https://github.com/settings/apps/new) first (permissions: `pull_requests` rw, `contents` r, `checks` rw, `issues` rw; events: `pull_request`, `issue_comment`, `installation`).\n\n| Variable | Required | Notes |\n|----------|----------|-------|\n| `GITHUB_APP_ID` | Yes | From GitHub App settings |\n| `GITHUB_WEBHOOK_SECRET` | Yes | Set when creating the app |\n| `GITHUB_PRIVATE_KEY` | Yes* | Inline PEM with `\\n` escaping |\n| `GITHUB_PRIVATE_KEY_FILE` | Yes* | Path to `.pem` file (alternative) |\n| `GITHUB_CLIENT_ID` | Yes | GitHub App OAuth credentials |\n| `GITHUB_CLIENT_SECRET` | Yes | GitHub App OAuth credentials |\n| `NEXTAUTH_SECRET` | Yes | `openssl rand -base64 32` |\n| `LLM_PROVIDER` | Yes | `anthropic` / `litellm` / `ollama` / `bedrock` |\n| `ANTHROPIC_API_KEY` | If anthropic | |\n\n\\*Exactly one of `GITHUB_PRIVATE_KEY` or `GITHUB_PRIVATE_KEY_FILE` is required.\n\nSee `.env.example` for the full list including LiteLLM, Ollama, and Bedrock options.\n\n## How it works\n\n```mermaid\nflowchart TD\n    A[\"PR opened / pushed\"] --\u003e|webhook| B[\"Webhook Handler\"]\n    B --\u003e C[\"Validate signature\"]\n    C --\u003e D[\"Review Agent\"]\n    D \u003c--\u003e|\"invoke\"| E[\"LLM Provider\"]\n    D --\u003e F[\"Security\"]\n    D --\u003e G[\"Bug\"]\n    D --\u003e H[\"Style\"]\n    D --\u003e I[\"Error Handling\"]\n    D --\u003e J[\"Test Coverage\"]\n    D --\u003e K[\"Comment Accuracy\"]\n    F \u0026 G \u0026 H \u0026 I \u0026 J \u0026 K --\u003e L[\"Orchestrator\u003cbr/\u003e\u003ci\u003ededuplicate, rank, score\u003c/i\u003e\"]\n    L --\u003e M[\"GitHub API\u003cbr/\u003e\u003ci\u003ePR comment + check run\u003c/i\u003e\"]\n    D \u003c--\u003e N[(\"Storage\u003cbr/\u003ereviews + config\")]\n\n    style A fill:#238636,color:#fff,stroke:none\n    style E fill:#ff9900,color:#fff,stroke:none\n    style M fill:#238636,color:#fff,stroke:none\n    style N fill:#3572A5,color:#fff,stroke:none\n```\n\n1. A PR is opened or updated. GitHub sends a webhook.\n2. The webhook handler validates the signature and dispatches the review job.\n3. The review agent fetches the PR diff and context, then runs all enabled agents in parallel.\n4. Each agent analyzes the diff through its specialized lens and returns structured findings.\n5. The orchestrator merges results, removes duplicates, ranks by severity, and assigns a merge score.\n6. A formatted comment is posted to the PR with findings, summary, diagram, and score. A Check Run is created in the merge box.\n\n## LLM providers\n\n| Provider | `LLM_PROVIDER` | Needs AWS? | Notes |\n|----------|----------------|------------|-------|\n| **Anthropic** | `anthropic` | No | Recommended default. Just an API key. |\n| **LiteLLM** | `litellm` | No | OpenAI-compatible proxy — 100+ providers (OpenAI, Azure, Gemini, Mistral...) |\n| **Amazon Bedrock** | `bedrock` | Yes | IAM-native, zero API keys. |\n| **Ollama** | `ollama` | No | Local/air-gapped. Experimental. |\n\n## Configuration\n\nDrop a `.mergewatch.yml` in your repo root:\n\n```yaml\nmodel: anthropic.claude-sonnet-4-20250514\n\n# Toggle built-in agents on/off\nagents:\n  security: true\n  bugs: true\n  style: true\n  errorHandling: true\n  testCoverage: false\n  commentAccuracy: true\n  summary: true\n  diagram: true\n\n# Add custom agents alongside built-in ones\ncustomAgents:\n  - name: tests\n    prompt: \"Suggest missing unit tests for new public functions.\"\n    severityDefault: info\n    enabled: false\n\nrules:\n  maxFiles: 50\n  ignorePatterns:\n    - \"*.lock\"\n    - \"vendor/**\"\n    - \"dist/**\"\n  autoReview: true\n  reviewOnMention: true\n  skipDrafts: true\n\nexcludePatterns:\n  - \"**/*.lock\"\n  - \"**/dist/**\"\n\n# Review tone: collaborative | direct | advisory\ntone: collaborative\n\nmaxFindings: 25\n```\n\nSettings can also be managed from the dashboard (per-installation).\n\n## Interacting via comments\n\n| Comment | What happens |\n|---------|--------------|\n| `@mergewatch review` | Re-run a full review on the current commit |\n| `@mergewatch summary` | Get a summary without detailed findings |\n| `@mergewatch \u003cquestion\u003e` | Ask a question about the PR — gets a conversational response using the review context |\n\n## Project structure\n\npnpm monorepo with Turborepo. Provider interfaces in `core/` enable pluggable storage and LLM backends.\n\n```\npackages/\n  core/              # Interfaces, review pipeline, agents, types. No cloud deps.\n  storage-dynamo/    # DynamoDB storage\n  storage-postgres/  # Postgres/Drizzle storage\n  llm-bedrock/       # Amazon Bedrock LLM\n  llm-anthropic/     # Anthropic direct API\n  llm-litellm/       # LiteLLM proxy (100+ providers)\n  llm-ollama/        # Ollama (local, experimental)\n  lambda/            # AWS Lambda handlers\n  server/            # Express server (self-hosted)\n  billing/           # Billing logic (SaaS)\n  dashboard/         # Next.js 15 dashboard\ninfra/               # AWS SAM template\nscripts/             # Setup \u0026 deploy scripts\n```\n\n## Development\n\n```bash\npnpm install            # Install all workspace dependencies\npnpm run build          # Build all packages (respects dependency order)\npnpm run test           # Run all tests (~380 tests across 8 packages)\npnpm run typecheck      # Type-check all packages\n\ncd packages/dashboard\npnpm run dev            # Dashboard local dev (localhost:3000)\n```\n\n## Testing\n\nThe project has comprehensive unit tests covering core review logic, all LLM providers, webhook handlers, billing, and the agent pipeline. Tests run on every PR via GitHub Actions.\n\n```bash\npnpm run test           # Run all tests (~1-2 seconds)\npnpm run test:coverage  # Run with coverage report\n```\n\n## Releasing\n\nMergeWatch uses [semantic versioning](https://semver.org/) with a single release script that updates all packages, Docker images, and changelog in one step.\n\n### Cutting a release\n\n```bash\n# 1. Make sure you're on main with a clean tree\ngit checkout main \u0026\u0026 git pull\n\n# 2. Run the release script (bumps versions, updates changelog, commits, tags)\n./scripts/release.sh 0.2.0\n\n# 3. Push the commit and tag\ngit push \u0026\u0026 git push --tags\n\n# 4. Create a GitHub Release (triggers Docker image builds)\ngh release create v0.2.0 --generate-notes\n```\n\n### What happens automatically\n\n| Trigger | Action |\n|---------|--------|\n| `gh release create` | Docker images built and pushed to GHCR with semver tags (`0.2.0`, `0.2`, `latest`) |\n| Push to `main` | SAM deploy to dev (auto), prod (manual approval via GitHub environment) |\n| Push to `main` | Docker `:latest` and SHA-tagged images published |\n\n### What the release script does\n\n`scripts/release.sh \u003cversion\u003e` automates:\n1. Updates `version` in root + all 11 workspace `package.json` files\n2. Updates the server health check version string\n3. Updates `docker-compose.yml` image tags to the new version\n4. Generates a changelog section from conventional commits (feat/fix/other)\n5. Commits as `chore: release vX.Y.Z` and creates an annotated git tag\n\n### Docker image tags\n\nImages are published to `ghcr.io/santthosh/mergewatch` and `ghcr.io/santthosh/mergewatch-dashboard`:\n\n| Tag | When |\n|-----|------|\n| `0.2.0` | On GitHub Release for `v0.2.0` |\n| `0.2` | On GitHub Release for `v0.2.x` (tracks latest patch) |\n| `latest` | On every push to `main` |\n| `abc1234` | On every push to `main` (commit SHA) |\n\n### Upgrading self-hosted\n\n```bash\n# Pin to a specific version in docker-compose.yml, then:\ndocker compose pull \u0026\u0026 docker compose up -d\n```\n\n## Why MergeWatch?\n\n| | MergeWatch | SaaS alternatives |\n|---|---|---|\n| **Deployment** | Self-hosted (Docker) or cloud | SaaS only |\n| **Model choice** | Any LLM provider | Vendor-locked |\n| **Data residency** | Your infra, your region | Vendor cloud |\n| **Review pipeline** | 6 parallel agents + orchestrator | Single-pass |\n| **Codebase awareness** | Agents fetch files beyond the diff | Diff-only |\n| **Config** | `.mergewatch.yml` per repo | Limited |\n| **Source** | AGPL-3.0 open source | Proprietary |\n| **Cost** | Pay your LLM provider directly | Per-seat pricing |\n\n## Contributing\n\nContributions welcome! Please open an issue first for larger changes so we can discuss the approach.\n\n```bash\ngit checkout -b feat/my-feature\n# Make your changes\npnpm run build \u0026\u0026 pnpm run test    # Verify everything passes\ngit push origin feat/my-feature     # Open a PR\n```\n\nMergeWatch will automatically review your PR.\n\n## License\n\n[AGPL-3.0](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsantthosh%2Fmergewatch.ai","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsantthosh%2Fmergewatch.ai","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsantthosh%2Fmergewatch.ai/lists"}