The Platform

Scan. Fix.Improve. Govern.

Scan every file, fix what is broken, surface what to improve, and govern every merge. You review and approve. Hyrax handles the rest.

No credit card required.

Hyraxbilling-api / Connect
LIVE
Repository
Overview
Scan
Discovery
Benchmark
Self-ImprovementTEAM
Fix
Easy Wins7
Findings47
Completed38
Improve
Suggestions6
Advisories3
Govern
PR ReviewsPRO
Workspace
Repositories
Members
Activity
Settings
S
Sarah Chen
@sarah
github.com · install app
Hyrax
Install Hyrax on your org
Scoped permissions · selected repositories only
Read · Code (audit context · never stored)
Read · Metadata · webhooks · pulls
Write · Pull requests (Hyrax-opened only)
Write · Check runs (status on every PR)
Installing Hyrax · scoped GitHub permissions
How It Works

Four pillars.
Zero drift.

Scan

Profile once.
Audit continuously.

Discovery runs once, reads every file, maps your architecture, commits context to your repo. Audit scans continuously against that profile: six parallel domain agent groups plus a deterministic scanner.

Discovery

runs once per repo
  • -Reads every file, maps architecture and conventions
  • -Commits a .hyrax/ context bundle to your repo - architecture, conventions, and how-to guides for every agent
  • -Writes HYRAX.md - every IDE AI (Cursor, Copilot, Claude Code) loads codebase context automatically

Audit

runs continuously
  • -Pre-flight generates repo-specific analysis protocol
  • -Six parallel agent groups plus a deterministic scanner
  • -Findings categorized: critical / high / medium / low
Scanning codebase0%
Security

Auth, hardening, privacy

Correctness

Logic errors, edge cases

Maintainability

Dead code, naming, tests

Performance

Bottlenecks, memory, queries

Architecture

Patterns, contracts, coupling

Operations

Deps, config, logging

Findings: 12
Ready for Fix phase
Fix

13 steps.
All must pass.

Fix resolves a detected finding. Task resolves a directive you write. Either way: isolated worktree, 13 verification steps, PR opened, ticket closed.

Fix

per issue
  • -Targets bugs and security issues from Audit
  • -Isolated Git worktree - failure leaves main untouched
  • -Independent reviewer step must approve

Task

on demand
  • -Plain-English input instead of detected finding
  • -Refinement step converts directive to structured plan
  • -Same 13-step verification as Fix
13-Step Verification
1Isolated worktree
2Baseline tests
3Agent executes
4Diff size guard
5Regression gate
6Build verify
7Format + lint
8Scanner loop
9Reviewer step
10Post-fix audit
11PR opened
12CI confirmation
13Ticket close
Progress0/13
Improve

Consider this.
Beyond must-fix.

Beyond the findings that trigger a fix, Hyrax surfaces suggestions and advisories: architectural guidance and broader recommendations scoped to the repository. They need a human decision, so they stay out of the fix queue.

Suggestions

alongside the findings

Targeted architectural guidance on a specific file or module - refactors worth weighing, not defects to patch.

Advisories

broader guidance for the repo

Repository-wide guidance Hyrax flags when a pattern, dependency, or boundary warrants attention before it becomes a problem.

Suggestions & advisories
SUGGESTION
Extract payment retry logic into a policy module
src/api/payment/retry.ts · Architecture
SUGGESTION
Adopt a shared error envelope across the API
src/api/* · Correctness
ADVISORY
Pin the Postgres driver to a maintained major
package.json · Operations
ADVISORY
Split the auth module before it grows further
src/lib/auth.ts · Maintainability
Govern

Review every PR.
Automatically.

Every change ships as a PR with the [Hyrax] prefix. Review runs on every push, the comment updates as code changes, and merge is blocked on must-fix findings. No manual trigger needed.

Automated PR Review

on every push
  • -Reviews every PR automatically - no manual trigger
  • -Updates comments as code changes on each push

Merge Control

configurable
  • -Can block merge on must-fix findings
  • -Configurable severity thresholds per repo

Self-Improvement

learned from accepted findings
  • -Turns accepted findings into deterministic scanner patterns
  • -Patterns run instantly at zero added cost; skills guide the agents
  • -Repo skills apply only to one repo's conventions
Recent PRs
feat: add user dashboard
fix: resolve auth bug
refactor: api handlers
chore: update deps
feat: payment flow
0
PRs reviewed
3
approved
1
blocked
Pricing

Clear pricing.
No surprise bills.

Start free. Upgrade when you need more. No credit card required.

AI runs on AWS Bedrock with SOC 2 compliance. Your code is processed securely and never used for model training.

Free

$0
  • 1 private repo

    Installed via the GitHub App

  • 1 mini-audit per calendar month

    Capped scan, top findings only

  • Verified fixes

    Tested before every PR

  • No commitment, no card

    Start immediately

  • Full audit + scan

    The full pipeline (Pro)

  • PR reviews on every PR

    Upgrade to Pro

Start free

Pro

$30/mo
  • $30 of usage included each month

    No rollover

  • Up to 3 repos

    Public or private, via the GitHub App

  • Full audit + scan

    The full pipeline beyond Free's mini-audit

  • PR reviews on every opened PR

    Webhook-driven review comments

  • Auto-publish to Linear

    Findings become tickets in the workspace

  • Usage-based monthly volume

    Draws from included usage as you run

  • Opt-in on-demand overage

    Past the included usage, $15 chunks billed to card

  • Self-improvement learn loop

    Team-only

  • Public repos by URL

    Team-only

Start free
Most Popular

Team

$200/mo
  • $200 of usage included each month

    Shared across the workspace, no rollover

  • Unlimited repos and seats

    Connect every repo in the org

  • Every Pro workflow

    Audit, scan, discover, PR reviews, publish

  • Self-improvement learn loop

    Hyrax learns the patterns from accepted fixes

  • Public repos by URL

    Audit any public repo anonymously, no install

  • Opt-in on-demand overage

    Past the included usage, $100 chunks billed to card

Start free

All AI inference runs on AWS Bedrock. Credits do not roll over.

How overage works

  • -Optional. Off by default. Toggle on at signup or any time from billing settings.
  • -With overage off, work stops at the included usage until the next cycle.
  • -With overage on, keep running past the included usage. The card is billed in $15 chunks on Pro or $100 chunks on Team.
  • -Open balances must be paid before the next cycle renews.
FAQ

Frequently asked questions

Clean code in. Clean PRs out. Hyrax profiles your entire codebase, runs a multi-agent audit to surface bugs and security issues, executes the fix through 13-step verification, opens the pull request, and closes the Linear ticket.

PR review tools wait for a pull request and post comments. A developer still has to triage every comment, write the fix, push it, get another review, and close the ticket. Hyrax starts before the PR exists. It audits the full codebase, surfaces issues that have never appeared in a diff, executes the fix on the findings you select, and closes the loop. Comments are not the output. Closed tickets are.

Static analysis tools surface issues and generate a report. A developer triages every finding and does the work. Hyrax audits issues, creates the ticket, executes the fix, and closes the ticket. Static analysis is a reporting layer. Hyrax is an execution layer.

Hyrax runs AI inference on AWS Bedrock with SOC 2 compliance. Your code is processed securely and never used for model training. All data is encrypted in transit and at rest. Full audit logs are available for compliance review.

Every fix runs through 13 verification steps before the PR opens: isolated Git worktree, baseline tests established, agent executes fix, diff size guard, regression gate, build verification, format and lint, scanner quality loop, reviewer step, post-fix audit, PR opened, CI confirmation, and ticket close. If any step fails, nothing ships. You retain review rights on every PR.

Discovery profiles your entire codebase (architecture, conventions, patterns) and commits HYRAX.md plus a .hyrax/ context bundle. This context powers every workflow that follows. Discovery profiles. It does not find issues. Audit finds issues.

Hyrax runs AI inference on AWS Bedrock with SOC 2 compliance. Your code is processed securely and never used for model training. Hyrax receives only structured finding data from LLM calls, not raw code content. No codebase content is stored by Hyrax beyond what is needed to execute the current workflow.

Every fix runs: (1) isolated worktree (2) baseline tests (3) agent executes (4) diff size guard (5) regression gate (6) build verify (7) format + lint (8) scanner loop (9) reviewer step (10) post-fix audit (11) PR opened (12) CI confirmation (13) ticket close. A failure at any step aborts the run. Nothing is skippable.

Hyrax works across 19 languages: Python, TypeScript, JavaScript, Go, Rust, Swift, Ruby, Java, Kotlin, C#, C++, C, PHP, Scala, Dart, Elixir, Shell, Lua, and MDX. It works with the frameworks built on them — React, Next.js, Vue, Svelte, Angular, Node.js, Django, Rails, Spring, FastAPI, Express, React Native, and Flutter.

Free is $0 with 1 private repo and 1 mini-audit per month. Pro is $30/month and includes $30 of usage and the full audit + scan pipeline. Team is $200/month and includes $200 of shared usage. Audits, scans, and fixes draw from the included usage; go past it with opt-in overage billed in $15 chunks on Pro or $100 chunks on Team.

Free is a permanent plan, not a trial. 1 private repo, 1 mini-audit per month, no card required.

If any verification step fails, nothing is pushed. Hyrax surfaces an escalation signal with the specific step that failed, the reason, and a suggested next step: retry, split into smaller scope, or route to a human reviewer. Control returns to you with a clear explanation.

Every change ships as a pull request with the [Hyrax] prefix. Automated review runs on every opened PR, posts a maintained comment that updates with each commit, uses domain-specific checklists based on changed files, and can block merge on must-fix findings. Available on Pro and Team.

Security is one of six audit domains. Hyrax's Security agent covers auth patterns, input validation, hardening, privacy, compliance, and vulnerability patterns. It is not a SAST tool. It is an AI audit-and-fix platform where security is a first-class domain alongside Correctness, Maintainability, Performance, Architecture, and Operations.

No. Overage is opt-in. With overage off, work stops at the included usage until the next cycle. With overage on, keep running past the included usage, billed to your card in $15 chunks on Pro or $100 chunks on Team.

No. The only payment at plan selection is the plan price. If you need more capacity, enable overage.

Pro runs the full audit + scan pipeline, PR reviews on every opened PR, and auto-publish to Linear across up to 3 repos. Team adds unlimited repos and seats, the self-improvement learn loop, and public repos by URL. All AI runs on AWS Bedrock.

Start free

Clean code you can merge.

5 free fixes a month. No credit card.