From AI keystroke to governed merge — in one Git flow.
Verity runs entirely inside your existing Git and GitHub workflow. No new toolchain. No agent proxy. Just a policy layer that intercepts every AI-generated PR and enforces your standard before anything merges.
Five steps. Zero friction.
A developer uses an AI coding agent (Cursor, GitHub Copilot, Devin, or any other tool) to write or modify code, then opens a pull request as normal. No change to their workflow.
Verity's GitHub App receives the PR webhook. It reads the diff, detects AI authorship signals (commit metadata, coding agent signatures), and begins policy evaluation.
Verity creates a Developer Execution Object — a signed, structured record of the change. The DEO is then evaluated against your ISO 42001-aligned policy rules. Deterministic: not an LLM judgement call.
GitHub status check is set to "pending". The designated reviewer receives a notification with the DEO summary — risk signals, policy verdict, and AI attribution. The PR cannot merge until they act.
Once the reviewer approves the DEO, the PR is unblocked and can merge. The signed DEO is committed to the repository's git history as a permanent, tamper-evident record. Available to compliance, legal, and security teams forever.
Works inside your existing stack.
Install via the Verity GitHub App. No infrastructure to run. Verity connects to your repositories via webhook and GitHub status checks.
Define your rules in a verity.yaml file committed to your repository. Version-controlled, reviewable, and auditable just like any other config.
See all DEOs, policy verdicts, and reviewer actions in one place. Export compliance reports for audits. Filter by repository, AI tool, or risk level.
Assign reviewer roles per repository or team. Escalation paths for blocked PRs. Audit log of every approval, rejection, and override.
Ready to govern your AI-generated code?
Verity is in early access. Join the waitlist to be first in line.