Skip to main content

AI governance platform — policy enforcement for AI-assisted development. Four enforcement layers (IDE, MCP, Git hooks, PR Gate), 900+ detection rules, 24 compliance frameworks, 15 languages.

Project description

MergeGuide

AI Velocity. Enterprise Governance.

MergeGuide is the AI governance platform for enterprise development. We embed policy enforcement directly into the tools developers already use — IDE, AI assistants, Git hooks, and pull requests — so organizations get both AI velocity and enterprise governance.

Why MergeGuide

AI coding assistants now generate nearly half the code in files where they're active. That velocity is extraordinary — and it's creating a governance problem that traditional security tools were never designed to solve.

MergeGuide is the third option between "allow AI freely and accept the risk" and "restrict AI and fall behind." Governance that enables AI rather than restricting it.

Four Enforcement Layers

MergeGuide validates every code change — whether written by humans or AI — against your organization's security and compliance policies across four graduated layers:

  1. IDE — Real-time detection rule feedback as code is written (VS Code extension)
  2. MCP — Policy injection into AI assistants before code is generated (Model Context Protocol)
  3. Git Hooks — Pre-commit validation before code leaves the developer's machine
  4. PR Gate — Server-side enforcement at merge with tamper-evident evidence artifacts

Each layer shifts detection left for earlier, cheaper remediation. Violations caught in the IDE cost seconds to fix. The same violation caught at PR Gate costs a full review cycle.

Key Capabilities

  • 900+ detection rule IDs[^rules] across 15+ programming languages
  • 24 compliance frameworks[^frameworks] including SOC 2, HIPAA, PCI-DSS, NIST SSDF, OWASP ASVS, EU AI Act, and more
  • Tamper-evident evidence — SHA-256 hashed artifacts for every evaluation
  • 4 SCM platforms — GitHub, GitLab, Bitbucket, Azure DevOps
  • OSCAL export — integrate with GRC platforms (Vanta, Drata, and more)
  • SBOM generation — CycloneDX 1.5 + SPDX 2.3

Installation

VS Code Extension

VS Code extension — coming soon. Marketplace listing publication tracked in DEV-1932.

MCP Server (for AI assistants)

npx @mergeguide/mcp-server

Git Hooks

pipx install mergeguide
mergeguide hooks install

pipx is required on PEP 668 -- managed systems (modern macOS / Ubuntu / Fedora). See CLI Installation for OS-specific paths.

PR Gate

Install the MergeGuide GitHub App or configure webhooks for GitLab, Bitbucket, or Azure DevOps in the dashboard.

Getting Started

  1. Sign up at portal.mergeguide.ai
  2. Connect your repositories
  3. Install the enforcement layers you need
  4. Run your first policy check in under 5 minutes

Pricing

MergeGuide offers three tiers (the 3-SKU lock per controls/registries/tiers.yaml):

Tier Pricing model Description
Free $0 Unlicensed orgs; OWASP-bundle detection rules, local CLI scanning
Team Per-seat (Stripe self-serve) Paid per-seat tier; full framework coverage, dashboard evaluations, SBOM
Enterprise Custom contract (per-seat) Top tier; OSCAL export, SCIM/SSO, dedicated CSM

See the pricing page at mergeguide.ai for current dollar amounts and seat-tier breakpoints.

Links

Methodology Notes

The headline numbers above are deliberately conservative ("900+", "24") and refer to specific in-repo sources of truth so they can be re-verified independently. The footnotes below define what is being counted, point at the authoritative source, and give the exact shell command to reproduce the count locally.

[^rules]: "900+ detection rule IDs" counts discrete - id: entries inside YAML files under src/mergeguide/rules/**/*.yaml. As of 2026-05-22 the empirical count is 1053 rule IDs across 251 YAML files, with 5593 underlying pattern variants (- pattern:, - pattern-not:, - pattern-either:, - pattern-inside:, - pattern-not-inside:, - pattern-regex:, - pattern-not-regex:). "900+" is the floor we commit to in marketing copy. A rule ID is the unit Semgrep loads at scan time — one finding per matched id:, regardless of which YAML file it lives in. The 251 YAML file count is lower than the rule-ID count because many YAML files declare several rules under a single rules: block. The 5593 pattern count is higher because each rule typically composes 2-8 patterns to express one detection. Verify locally: find src/mergeguide/rules -name '*.yaml' | wc -l (files), find src/mergeguide/rules -name '*.yaml' -exec grep -hE '^\s*- id:' {} \; | wc -l (rule IDs), find src/mergeguide/rules -name '*.yaml' -exec grep -chE '^\s*- pattern(-not|-either|-inside|-not-inside|-regex|-not-regex)?:' {} \; | awk '{s+=$1} END{print s}' (patterns).

[^frameworks]: "24 compliance frameworks" is the count of - id: entries in controls/registries/frameworks.yaml, which is the canonical framework registry generated from mcp-server/data/control-mappings.json and consumed by mcp-server, the dashboard, and the CLI at runtime. The registry's own header (line 9) and footer (line 140) both attest "24 frameworks." The same number is published on the live marketing site (mergeguide.ai og:description meta). Verify locally: grep -cE '^\s*- id:' controls/registries/frameworks.yaml.

License

Proprietary

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mergeguide-2.1.2rc3.tar.gz (726.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

mergeguide-2.1.2rc3-py3-none-any.whl (935.6 kB view details)

Uploaded Python 3

File details

Details for the file mergeguide-2.1.2rc3.tar.gz.

File metadata

  • Download URL: mergeguide-2.1.2rc3.tar.gz
  • Upload date:
  • Size: 726.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.7 {"installer":{"name":"uv","version":"0.11.7","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for mergeguide-2.1.2rc3.tar.gz
Algorithm Hash digest
SHA256 6d2049b484b46e205028967604b9b278b55d45072837098920457c307f811210
MD5 4638baed5b95eee2e1622ab3a1432f97
BLAKE2b-256 5d1d49501ccaadef0795b27ef05bf685e4c441f15ddddd2d494c231492149399

See more details on using hashes here.

File details

Details for the file mergeguide-2.1.2rc3-py3-none-any.whl.

File metadata

  • Download URL: mergeguide-2.1.2rc3-py3-none-any.whl
  • Upload date:
  • Size: 935.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.7 {"installer":{"name":"uv","version":"0.11.7","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for mergeguide-2.1.2rc3-py3-none-any.whl
Algorithm Hash digest
SHA256 d417ec5c675d60a4c72fa4170dbf15b76a1927520a98c32378c8f7228b685613
MD5 781b5d070a475d928448a00b442e739e
BLAKE2b-256 63d46ad33ce28b163cfa4a00d6b8cc6349d63b175272c9f178f6b5a71dc35e1e

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page