Metadata-Version: 2.4
Name: mergeguide
Version: 2.0.0
Summary: AI governance platform — policy enforcement for AI-assisted development. Four enforcement layers (IDE, MCP, Git hooks, PR Gate), 1,200+ detection rules, 24 compliance frameworks, 15 languages.
Author: Chuck McWhirter, MergeGuide, Inc.
License: MIT
Project-URL: Homepage, https://mergeguide.ai
Project-URL: Documentation, https://docs.mergeguide.ai
Project-URL: Repository, https://github.com/MergeGuide/mergeguide
Project-URL: Issues, https://github.com/MergeGuide/mergeguide/issues
Keywords: ai-governance,policy-enforcement,security,compliance,mergeguide,sast,devsecops,mcp
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Requires-Python: >=3.11
Description-Content-Type: text/markdown
Requires-Dist: pyyaml>=6.0.0
Requires-Dist: jsonschema>=4.21.0
Requires-Dist: sarif-om>=1.0.4
Requires-Dist: httpx>=0.26.0
Requires-Dist: boto3>=1.34.0
Requires-Dist: click>=8.1.0
Requires-Dist: rich>=13.7.0
Requires-Dist: PyJWT>=2.8.0
Requires-Dist: cryptography>=41.0.0
Requires-Dist: defusedxml>=0.7.0
Requires-Dist: semgrep<2.0.0,>=1.50.0
Provides-Extra: cdk
Requires-Dist: aws-cdk-lib<2.240.0,>=2.238.0; extra == "cdk"
Requires-Dist: constructs>=10.3.0; extra == "cdk"
Provides-Extra: lite
Provides-Extra: dev
Requires-Dist: pytest>=8.0.0; extra == "dev"
Requires-Dist: pytest-cov>=4.1.0; extra == "dev"
Requires-Dist: pytest-asyncio>=0.23.0; extra == "dev"
Requires-Dist: ruff>=0.2.0; extra == "dev"
Requires-Dist: mypy>=1.8.0; extra == "dev"
Requires-Dist: black>=24.1.0; extra == "dev"
Requires-Dist: types-PyYAML>=6.0.0; extra == "dev"
Requires-Dist: types-requests>=2.31.0; extra == "dev"
Requires-Dist: boto3-stubs[dynamodb,lambda,s3,secretsmanager]>=1.34.0; extra == "dev"
Requires-Dist: python-dotenv>=1.0.0; extra == "dev"
Requires-Dist: watchdog>=4.0.0; extra == "dev"

# MergeGuide

**AI Velocity. Enterprise Governance.**

MergeGuide is the AI governance platform for enterprise development. We embed policy enforcement directly into the tools developers already use — IDE, AI assistants, Git hooks, and pull requests — so organizations get both AI velocity and enterprise governance.

## Why MergeGuide

AI coding assistants now generate nearly half the code in files where they're active. That velocity is extraordinary — and it's creating a governance problem that traditional security tools were never designed to solve.

MergeGuide is the third option between "allow AI freely and accept the risk" and "restrict AI and fall behind." Governance that enables AI rather than restricting it.

## Four Enforcement Layers

MergeGuide validates every code change — whether written by humans or AI — against your organization's security and compliance policies across four graduated layers:

1. **IDE** — Real-time detection rule feedback as code is written (VS Code extension)
2. **MCP** — Policy injection into AI assistants before code is generated (Model Context Protocol)
3. **Git Hooks** — Pre-commit validation before code leaves the developer's machine
4. **PR Gate** — Server-side enforcement at merge with tamper-evident evidence artifacts

Each layer shifts detection left for earlier, cheaper remediation. Violations caught in the IDE cost seconds to fix. The same violation caught at PR Gate costs a full review cycle.

## Key Capabilities

- **739 detection rules** across 15+ programming languages
- **18+ compliance frameworks** including SOC 2, HIPAA, PCI-DSS, NIST SSDF, OWASP ASVS, EU AI Act, and more
- **Tamper-evident evidence** — SHA-256 hashed artifacts for every evaluation
- **4 SCM platforms** — GitHub, GitLab, Bitbucket, Azure DevOps
- **OSCAL export** — integrate with GRC platforms (Vanta, Drata, and more)
- **SBOM generation** — CycloneDX 1.5 + SPDX 2.3

## Installation

### VS Code Extension
Search "MergeGuide" in the VS Code Extensions panel, or visit the [VS Code Marketplace](https://marketplace.visualstudio.com/items?itemName=MergeGuide.mergeguide-vscode).

### MCP Server (for AI assistants)
```bash
npx @mergeguide/mcp-server
```

### Git Hooks
```bash
pip install mergeguide
mergeguide hooks install
```

### PR Gate
Install the [MergeGuide GitHub App](https://github.com/apps/mergeguide) or configure webhooks for GitLab, Bitbucket, or Azure DevOps in the dashboard.

## Getting Started

1. Sign up at [portal.mergeguide.ai](https://portal.mergeguide.ai)
2. Connect your repositories
3. Install the enforcement layers you need
4. Run your first policy check in under 5 minutes

## Pricing

| Tier | Price | Description |
|------|-------|-------------|
| Free | $0 | 739 detection rules, 1 repo, 50 PR Gate evals/month |
| Pro | $29/month | 20 repos, 1,000 evals, evidence export |
| Team | $39/seat/month | 2-9 seats, compliance reports, SSO, SBOM |
| Business | Contact Sales | 10-49 seats, OSCAL export, SCIM, custom roles |
| Enterprise | Contact Sales | 50+ seats, OSCAL webhook, dedicated CSM |

## Links

- **Website:** [mergeguide.ai](https://mergeguide.ai)
- **Documentation:** [docs.mergeguide.ai](https://docs.mergeguide.ai)
- **Blog:** [blog.mergeguide.ai](https://blog.mergeguide.ai)
- **Portal:** [portal.mergeguide.ai](https://portal.mergeguide.ai)

## License

MIT
