Triage for AI-written pull requests

Know which pull requests are safe to merge.

GitAlert is an automatic check for GitHub. It reads every pull request — including the flood from AI coding agents — and posts one clear label. It never blocks your merge.

Looks solid Worth a closer look Likely needs attention
Works with GitHub GitLab Bitbucket soon

Create a free account

Continue with the Git provider you already use. No password to set, free for open source.

Sign up with Google Sign up with Digitalocean Sign up with GitHub Sign up with BitBucket Sign up with GitLab Sign up with SSO

By signing up, you accept our Terms of Use.

BETA: GitAlert is new and improving fast. Triage on public repositories is free while we grow — your feedback shapes what we build next.

See it in action

This is all your reviewers see

One neutral check on the pull request, sitting beside your existing CI — with the exact file:line evidence. No noise, no comments, no blocked merges.

Add token refresh for OAuth providers #482
feature/oauth-refresh main
Open
build 2m 14s
unit-tests 1m 03s
GitAlert Worth a closer look Details

tests/test_auth.py:42 — assertion weakened to assert True

requirements.txt:7 — package reqests not found on PyPI

.github/workflows/ci.yml — sensitive file changed

Neutral check — informational only. You and your reviewers always decide what merges.

Illustrative example. GitAlert never fails your build or comments on your PR.

How it works

Connected in two clicks. A clear answer on every PR.

No pipeline to configure, no script to write. Install once and GitAlert starts checking pull requests on its own.

  1. 01

    Install the GitHub App

    Add GitAlert to the repositories you choose. It only asks for read access — no write permissions on the free plan, and never your secrets.

  2. 02

    Someone opens a pull request

    Whenever a teammate or an AI coding agent opens or updates a PR, GitAlert reads the diff in seconds — automatically, every time.

  3. 03

    Read one clear label

    GitAlert posts a single check with the exact file:line reasons — one of three labels. You stay in charge of the merge.

    Looks solid Worth a closer look Likely needs attention
pull request #517 · checks
GitAlert Looks solid

tests/payments_test.py — assertions strengthened, 12 cases added

package-lock.json — every dependency resolves on the registry

no sensitive files — CI, auth and secrets untouched

Neutral check · never blocks the merge

What it catches

The three mistakes AI-written code makes most

Most agent PRs are fine. GitAlert reads every diff the same way, every time, and flags the few that aren't — with the exact file:line.

Gamed tests

Weakened assertions, skipped or disabled tests, always-true checks, and empty "fixes" — the shortcuts agents take to make a suite pass.

Made-up dependencies

Every new package in requirements.txt, package.json, or pyproject.toml is checked against the real registry — before a typosquatter can exploit a name that doesn't exist.

Sensitive-file changes

CI config, secrets, auth, and other high-risk files are surfaced so a quiet change to your pipeline or permissions never slips through unreviewed.

Triage, not proof

A label to help you prioritise — never a score or a red ✗ on the PR.

Evidence, not opinions

Every flag points to a real file:line you can verify yourself.

Works with every Git host

GitHub today, GitLab and Bitbucket next — one consistent result.

Free for open source

Triage stays free for public repos, forever. Upgrade for private repos & sandbox runs.

See it on your next pull request — free

Install the GitAlert app on a public repository, then open or update a pull request.
You'll get a clear triage check within seconds. No credit card, and no surprise comments on your PRs.

Get started for free

FAQ

Frequently asked questions

Everything you need to know before installing GitAlert.

Still have a question? Contact us.

GitAlert is a check that runs on your pull requests. Whenever someone — a teammate or an AI coding agent — opens or updates a PR, GitAlert reads the changes and posts one plain-English label: Looks solid, Worth a closer look, or Likely needs attention. It helps you decide which pull requests to review carefully first.

No. GitAlert only posts a neutral, informational check. It never fails your build, never forces a red X that blocks merging, and never leaves comments on your PR. You and your reviewers always stay in control of what gets merged.

The three mistakes AI-written code makes most often: tests that were quietly weakened or disabled just to pass, dependencies that do not actually exist on the package registry, and changes to sensitive files such as CI config, secrets, or authentication code. Every flag points to the exact file and line.

On the free plan, no — triage is based purely on reading the diff. On paid plans you can turn on sandbox runs, where we build your project and run its tests inside an isolated, throwaway environment that has no access to your secrets and is fully separated from our own systems.

Yes. Triage on public repositories is free forever, with no credit card required. Paid plans add private repositories, sandbox test runs, and higher monthly limits.

GitAlert works with GitHub today. GitLab and Bitbucket run on the same engine and are next, so you get the same consistent result wherever your code lives.

Sign in with your Git provider, install the GitAlert app on the repositories you choose, then open or update a pull request. You will see your first triage check within seconds.

Contact

Questions? Talk to us.

Tell us what you're working on and we'll help you get GitAlert running. We reply within 1–2 business days.

Send us a message

Prefer email? [email protected]

By continuing to use this site you consent to the use of cookies in line with our Cookies Policy.