Metadata-Version: 2.4
Name: mergeguide
Version: 2.1.3
Summary: AI-assisted code governance: prevent policy violations the moment AI generates code — across the IDE, AI assistants, Git hooks, and the PR gate. Embrace AI velocity without sacrificing control.
Author: Chuck McWhirter, MergeGuide, Inc.
License: Proprietary
Project-URL: Homepage, https://mergeguide.ai
Project-URL: Documentation, https://docs.mergeguide.ai
Project-URL: Repository, https://github.com/MergeGuide/mergeguide
Project-URL: Issues, https://github.com/MergeGuide/mergeguide/issues
Keywords: ai-code-governance,ai-assisted-development,prevent-at-generation,policy-enforcement,compliance,devsecops,sast,supply-chain-security,sbom,code-governance,mcp,mergeguide
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: Other/Proprietary License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Requires-Python: >=3.11
Description-Content-Type: text/markdown
Requires-Dist: pyyaml>=6.0.0
Requires-Dist: jsonschema>=4.21.0
Requires-Dist: sarif-om>=1.0.4
Requires-Dist: httpx>=0.26.0
Requires-Dist: boto3>=1.34.0
Requires-Dist: click>=8.1.0
Requires-Dist: rich>=13.7.0
Requires-Dist: PyJWT!=2.10.1,>=2.8.0
Requires-Dist: cryptography>=41.0.0
Requires-Dist: defusedxml>=0.7.0
Requires-Dist: semgrep<2.0.0,>=1.50.0
Requires-Dist: rfc8785>=0.1.2
Provides-Extra: semgrep
Requires-Dist: semgrep<2.0.0,>=1.50.0; extra == "semgrep"
Provides-Extra: cdk
Requires-Dist: aws-cdk-lib<2.254.0,>=2.238.0; extra == "cdk"
Requires-Dist: constructs>=10.3.0; extra == "cdk"
Provides-Extra: lite
Provides-Extra: dev
Requires-Dist: pytest>=8.0.0; extra == "dev"
Requires-Dist: pytest-cov>=4.1.0; extra == "dev"
Requires-Dist: pytest-asyncio>=0.23.0; extra == "dev"
Requires-Dist: ruff>=0.2.0; extra == "dev"
Requires-Dist: mypy>=1.8.0; extra == "dev"
Requires-Dist: black>=24.1.0; extra == "dev"
Requires-Dist: types-PyYAML>=6.0.0; extra == "dev"
Requires-Dist: types-requests>=2.31.0; extra == "dev"
Requires-Dist: boto3-stubs[dynamodb,lambda,s3,secretsmanager]>=1.34.0; extra == "dev"
Requires-Dist: python-dotenv>=1.0.0; extra == "dev"
Requires-Dist: watchdog>=4.0.0; extra == "dev"

# MergeGuide

**Embrace AI velocity. Without sacrificing control.**

MergeGuide is **AI-assisted code governance** — go all-in on AI-generated code while keeping
every change inside your security and compliance policy. Not a security tool that slows
developers down; a velocity enabler that makes compliant code the default.

## The third option

AI now writes a large share of the code in files where it's active. It's a brilliant,
reckless developer — it ships fast, and it guesses, cuts corners, and hallucinates to get
there. The old choice was "let AI run free and accept the risk" or "lock AI down and fall
behind." MergeGuide is the third option: governance that *enables* AI instead of restricting it.

## Prevent at creation — four graduated layers

Every change — human- or AI-written — is validated against your policy across four layers
that shift detection left (the **PolicyMesh**):

1. **AI assistants (MCP)** — inject policy into Claude Code, Cursor & Copilot so AI writes compliant code before it's generated.
2. **IDE** — real-time feedback as code is written.
3. **Git hooks** — pre-commit enforcement before code leaves the machine.
4. **PR gate** — server-side enforcement at merge, with signed, tamper-evident evidence.

A violation caught in the IDE costs seconds; the same one at the PR gate costs a review cycle.

## What you get

- **Compliant code by default** — deterministic policy at the moment of generation, not a report after the fact.
- **Govern your whole stack** — application code, infrastructure-as-code, dependencies, CI/CD, and supply-chain provenance.
- **The frameworks you answer to** — SOC 2, PCI-DSS, HIPAA, ISO 27001, NIST SSDF, OWASP ASVS, EU AI Act, and more — assessed once and deconflicted across frameworks (PolicyMerge).
- **Prove it automatically** — signed, tamper-evident compliance evidence, OSCAL output for your GRC stack, plus SBOMs (CycloneDX / SPDX).
- **Every SCM** — GitHub, GitLab, Bitbucket, Azure DevOps.

## Install

```bash
pipx install mergeguide      # recommended
# or: pip install mergeguide
```

Quick start:

```bash
mergeguide init              # set up your project
mergeguide hooks install     # add the pre-commit gate
mergeguide check             # scan your code against policy
```

**AI assistants (MCP):** `npx @mergeguide/mcp-server` — plug MergeGuide into Claude Code, Cursor, or Copilot.

## Pricing

Three plans — **Free / Builder / Enterprise** — with **no feature gating across tiers**.
You pay for scale and commitments, never for capability.

| Plan | For | Price |
|------|-----|-------|
| **Free** | Individual devs, OSS maintainers, evaluators | $0 |
| **Builder** | Power users, agencies, growing teams (self-serve) | $29/seat/mo ($24/seat/mo annual) |
| **Enterprise** | SLA, MSA, SSO/SCIM, audit & procurement | Custom |

See [mergeguide.ai](https://mergeguide.ai).

## Links

[mergeguide.ai](https://mergeguide.ai) · [docs.mergeguide.ai](https://docs.mergeguide.ai) · [portal.mergeguide.ai](https://portal.mergeguide.ai)

## License

Proprietary
