Documentation Index
Fetch the complete documentation index at: https://docs.mergeguide.ai/llms.txt
Use this file to discover all available pages before exploring further.
Understanding Your First Check
After running mergeguide check, here’s how to interpret and act on the results.
Check Output Explained
MergeGuide Check Results
========================
Repository: my-app
Branch: feature/user-auth
Commit: a1b2c3d (staged changes)
Files analyzed: 12
Policies Evaluated: 8
├── Passed: 6
├── Warnings: 1
└── Failed: 1
[PASS] no-hardcoded-secrets
No secrets detected in code changes
[PASS] no-sql-injection
No SQL injection vulnerabilities found
[WARN] require-error-handling
src/api/users.ts:45 - Consider adding error handling
Recommendation: Wrap async operations in try-catch
[FAIL] no-eval-usage
src/utils/dynamic.ts:23 - eval() usage detected
This is blocked by your organization's security policy
Overall: FAIL
Result Levels
| Level | Meaning | Action Required |
|---|
| PASS | Code meets policy requirements | None |
| WARN | Potential issue, not blocking | Review recommended |
| FAIL | Policy violation | Must fix before merge |
mergeguide check --verbose
- Full file path and line numbers
- Code snippet with violation highlighted
- Policy documentation link
- Suggested fix
Common First-Check Results
Hardcoded Secrets
[FAIL] no-hardcoded-secrets
src/config.ts:12 - Potential API key detected
Pattern matched: api_key = "sk-..."
// Before
const apiKey = "sk-abc123...";
// After
const apiKey = process.env.API_KEY;
SQL Injection
[FAIL] no-sql-injection
src/db/queries.ts:34 - String interpolation in SQL query
// Before
const query = `SELECT * FROM users WHERE id = ${userId}`;
// After
const query = `SELECT * FROM users WHERE id = $1`;
await db.query(query, [userId]);
Console Statements
[WARN] no-console-in-production
src/api/handler.ts:56 - console.log detected
// Before
console.log("User logged in:", userId);
// After
logger.info("User logged in", { userId });
Ignoring Specific Violations
For legitimate exceptions, use inline comments:
// mergeguide-ignore-next-line no-eval-usage
const result = eval(trustedCode); // Required for legacy plugin system
.mergeguide.yaml:
ignore:
- "**/*.test.ts"
- "scripts/migrations/**"
Re-running Checks
After fixing violations:
# Check again
mergeguide check
# Check specific files only
mergeguide check src/api/users.ts src/utils/dynamic.ts
Viewing Policy Details
To understand why a policy exists:
# List all policies
mergeguide policies
# Show policy details
mergeguide policies # View all active policies
Next Steps
