AI compliance gate for GitHub

Stop risky PRs before they merge.

CompliPatch watches GitHub webhooks, scans changed code, scores compliance risk, and writes the exact PR comment your team can act on.

Open consoleSee workflow
Problem

AI can ship code at midnight. Compliance still needs evidence before merge.

github.com/aniketsdev/example-testblocking
Pull request #128Patient export route

3 changed files scanned from webhook delivery.

RULE-001Hardcoded secretpatient-export.ts:2
RULE-002Patient data loggingpatient-export.ts:11
RULE-004Unsafe SQL constructionpatient-export.ts:13
score12

Do not merge. Critical evidence requires remediation.

Why it exists

The review gap is no longer style. It is proof.

Agent-written code moves faster than human compliance review.

Sensitive evidence gets buried inside ordinary diffs.

Merge decisions need proof, not another vague warning.

01Webhook arrives

A PR opens from Codex, Claude, an IDE, or GitHub.

02Evidence is scanned

Secrets, PHI logs, auth gaps, SQL, cookies, and CORS are checked.

03Risk is scored

Deterministic findings become an AI-assisted merge signal.

04Review is posted

One GitHub-style comment gives evidence, impact, and fix guidance.

What ships

Webhook in. Evidence out. Merge decision clear.

Deterministic checks

Stable scanner rules catch the six risks this demo must not miss.

AI risk language

Optional AI turns findings into reviewer-ready context and priority.

GitHub-native output

Preview locally, then post or update the PR comment when credentials are enabled.

Start with a demo PR. Then connect the webhook.

Open console