Skip to main content
MergeGuide applies your policies at several points in your development workflow. Each point is an enforcement layer. They all enforce the same governance — the difference is when in your flow the check happens. The point of multiple layers is shift-left velocity: catch an issue at the earliest layer and it never has to be caught at a later one. A finding you fix in your IDE never reaches a commit, a pull request, or an auditor.

The layers

LayerWhen it runsWhat you do
IDE extensionAs you editFix findings inline before you commit. See Install the IDE extension.
MCP serverWhile an AI assistant worksThe assistant checks a change against your policies as part of its loop. See Install the MCP server.
Git hooksOn commit and pushStaged changes are checked before they leave your machine. See Install git hooks.
PR gateOn every pull requestEach PR is evaluated and reported inline; blocking findings hold the merge. See Set up the PR gate.

How they work together

You don’t have to use every layer, and they don’t duplicate work in a way that slows you down — each is a chance to resolve an issue earlier:
  1. The IDE gives you the fastest feedback, while you’re still writing the code.
  2. The MCP server keeps AI-written code in policy at the moment it’s generated.
  3. Git hooks are the last local checkpoint before code leaves your machine.
  4. The PR gate is the shared, enforced checkpoint for the whole team.
Adopt the layers that fit your team. Many teams start with the IDE extension and git hooks for fast local feedback, then add the PR gate to enforce policy for everyone.

Next steps

Running scans

The scan commands behind these layers.

Reading findings

Make sense of what a layer reports.