SaaS · Case study

Pullminder

An autonomous verification layer for AI-assisted pull requests. It scores every PR for risk, enforces policy with merge gates, and hands reviewers a Claude-written brief, from the CLI, in CI, or through the GitHub App and dashboard, extensible with composable rule packs.

Founder & engineer 2025 → present Visit site ↗
GoReact 19TanStack RouterPostgreSQLAnthropic APIGitHub AppCLITurborepo

The problem

AI made writing code far faster and reviewing it far harder. Teams now drown in high-volume, low-trust pull requests. A diff reads fine at a glance but quietly ships broken logic, touches a sensitive path, or lands a feature with no tests. Human review does not scale to that volume, so reviewers either block development or rubber-stamp the risk. A one-off “LLM, is this PR okay?” prompt is neither reproducible nor something a team can govern. What was missing was an automatic verification layer that lets teams keep shipping AI-assisted code without quietly raising merge risk.

What I built

I conceived, built and shipped Pullminder on my own, from an empty repo to a live product with paying tiers. It is a full platform rather than a demo: a backend engine, a dashboard, a GitHub App, a CLI, a public rule-pack registry, billing, and the marketing site, all in one monorepo. It sits between the AI IDE and the production branch and checks every commit.

  • Risk scoring on every PR, from any source. Whether a diff comes from Copilot, Cursor, Claude Code or a person, Pullminder gives the PR a single risk score and explains what drove it, including whether the change looks AI-generated.
  • Reviewer briefs and fix suggestions. A concise, Claude-powered brief tells the reviewer where to look and why it is risky, along with suggested fixes. That is the judgement layer that sits on top of the score.
  • Policy enforcement with automatic merge gates. Teams codify their security, testing and merge guardrails as policy. PRs that do not clear are blocked automatically and posted as a GitHub check with inline comments.
  • Composable rule packs, plus your own registry. Community packs are free and open source. Teams can bring their own private registry, and premium compliance packs (HIPAA, SOC2, PCI-DSS, GDPR) extend detection for regulated industries.
  • A feedback loop for AI agents. The CLI emits agent-readable output, so Cursor, Copilot and Claude Code can read the findings and self-correct before a human opens the PR.
  • It meets teams where they work. One engine drives four surfaces: the GitHub App, the CLI (Homebrew and npm), a CI Action, and a React 19 dashboard for risk trends, coverage deltas, analytics and audit. Slack alerts cover high-risk PRs.
  • Privacy by design. Pullminder processes only changed-diff context. It never stores full source and never trains on customer code, and AI briefs can be turned off entirely. It is EU-based and GDPR-native.

Outcome

  • A complete commercial product, built solo and running in production, scoring thousands of real pull requests across live repositories.
  • One verification engine behind four surfaces and an open ecosystem, so teams adopt it without changing how they already work.
  • A real business around it, with per-author pricing, tiered features, and a free trial through to Team and Enterprise.

Proof

Pullminder is live at pullminder.com, with the product at app.pullminder.com. The supporting ecosystem is open source under github.com/pullminder: the rule-pack registry, the CLI, the GitHub Action, the npm wrapper and the Homebrew tap. It is built under Upmate.