Three Blind Spots. One GitHub App.
Integrity Gate catches what no one else does: AI-generated code hiding in your PRs, breaking API changes rippling across repos, and untrusted build pipelines shipping to production. Install once, protect everything.
Product 1: AI Code Provenance
Know who β or what β wrote every line before it merges
7-Signal AI Detection
Shannon entropy, stylometric analysis, n-gram profiling, token frequency, bracket consistency, and model fingerprinting. Identifies Copilot, Cursor, Claude, and GPT patterns.
Immutable Attestation Chain
Every commit gets a cryptographic attestation linked in an append-only hash chain. Third parties can independently verify any commit's AI provenance.
SB-942 & EU AI Act
Auto-generates California AI Transparency Act (SB-942) disclosures and EU AI Act metadata. Audit-ready from day one.
Product 2: Cross-Repo Contract Guardian
Catch breaking API changes before they cascade across your org
OpenAPI Diff Engine
Detects endpoint removals, method deletions, required parameter additions, response schema changes, and deprecations across OpenAPI specs.
Protobuf Breaking Changes
Catches field removal without reservation, type changes, field number reuse, cardinality changes, and reserved number violations.
GraphQL Schema Guard
Detects type removals, enum value deletions, field removals, nullability changes, and required argument additions.
Dependency Graph
Builds a live map of which repos consume which APIs. When repo A pushes a breaking change, instantly knows repos B, C, D will break.
Compatibility Matrix
NxN verification across your org. Every producer-consumer pair gets a compatibility score. See your entire API surface at a glance.
Edge-Powered <100ms
All engines run on Cloudflare Workers at the edge. D1 database, R2 archival, zero latency impact on your CI/CD pipeline.
Product 3: Unified Pipeline Trust
Verify every build, sign every artifact, trust every deployment
SLSA L1-L4 Compliance
Automatic Supply-chain Levels for Software Artifacts scoring. Tracks source, build, and provenance levels. Reaches L4 with reproducible builds.
SBOM Generation
CycloneDX 1.5 and SPDX 2.3 Software Bill of Materials on every build. Auto-detects lockfile changes across npm, pip, Go, Cargo, Maven, and more.
Artifact Signing
Register build artifacts with cosign/Sigstore/GPG signatures. Append-only trust chain links each artifact to its predecessor and source hash.
Pipeline Anomaly Detection
Detects timing spikes, suspiciously fast builds, streak breaks, and manual triggers. Catches supply chain attacks hiding in CI/CD.
6-Component Trust Score
Composite trust from build reproducibility, dependency health, SLSA compliance, signing coverage, vulnerability score, and pipeline consistency.
Supply Chain Audit Log
Every dependency change, vulnerability, artifact signing, and anomaly recorded in an immutable event log. Full audit trail for compliance.
How It Works
Install Once
Add Integrity Gate to your org from GitHub Marketplace. All three engines activate automatically. Zero config.
Push Code
Every push triggers AI provenance, contract scanning, AND pipeline trust in parallel. All three complete in <100ms.
Get Reports
Three commit status checks: AI provenance, breaking changes, and pipeline trust. PR comments with full analysis. SBOMs generated automatically.
Protect Your Org
Block unauthorized AI models. Block breaking APIs. Require SLSA compliance. Auto-notify consumers. Full supply chain governance.
Simple, Transparent Pricing
Free
For open source and small teams
- Up to 8 repositories
- AI detection on every push
- OpenAPI contract scanning
- Pipeline trust scoring
- 3 commit status checks
- Public attestation chain
- Advisory mode only
Pro
All 3 engines, unlimited repos
- Unlimited repositories
- 7-signal AI detection + 4 model IDs
- OpenAPI + protobuf + GraphQL diffs
- SLSA L1-L4 + SBOM generation
- Pipeline anomaly detection
- SB-942 + EU AI Act + SLSA compliance
- Policy engine (advisory + warning)
- 3 PR reports per push
Enterprise
Full enforcement + supply chain governance
- Everything in Pro
- Blocking enforcement mode
- NxN compatibility matrix
- Artifact signing (cosign/Sigstore)
- CycloneDX + SPDX SBOM export
- Supply chain audit log
- Consumer notification system
- SIEM webhook integration
- R2 archival (7-year retention)
- Priority support (4hr SLA)
Stop Shipping Blind
41% of commits contain AI code. Breaking API changes cost $100K+ in downtime. Supply chain attacks are up 742% since 2019. Integrity Gate catches all three. Install in 2 minutes.