runlit
get started
live · free to start

AI code,
cleared to ship.

The eval layer below your AI IDE. Catches hallucinated APIs, intent mismatches, security issues, and compliance violations before they reach production.

install the github app → view on github

30 seconds to install · no credit card required

1.7×
more issues in AI-generated code vs human code
CodeRabbit, Dec 2025
45%
of AI code tasks introduce security vulnerabilities
Veracode, Jul 2025
75%
of enterprise engineers will use AI coding tools by 2028
Gartner, 2024
$4.88M
average cost of a data breach - an all-time high
IBM, Jul 2024
$9.77M
average healthcare breach cost - highest of any sector
IBM, Jul 2024
how it works

Invisible infrastructure.
Visible results.

01

install once

Install the GitHub App in 30 seconds. No config required. runlit immediately starts scanning every PR that contains AI-generated code.

supports: github · gitlab (soon) · azure devops (soon) · bitbucket (soon)
02

evals run automatically

On every PR open and push, runlit scores the AI-generated diff across four signals: hallucination, intent match, security, and compliance.

p99 latency: < 4s per eval
03

score posted. merge gated.

The eval score appears as a PR review comment. Merges are blocked when score drops below your threshold. No developer action required.

configurable threshold per repo or org
eval signals

Four signals.
One score.

Not just syntax. runlit evaluates the semantics — what the code is supposed to do, whether it does it, and whether it'll break production.

hallucination

Hallucination detection

Cross-references every API call against real documentation. Catches phantom methods, deprecated signatures, and non-existent packages before they fail in production.

→ stripe.charges.create() ✗ method removed in v9
intent

Intent match

Compares the diff against the original issue, PR description, or prompt. Catches code that technically works but doesn't do what was asked.

→ intent: add pagination ✗ cursor not exposed in response
security

Security scanning

Runs OWASP top-10 patterns, injection checks, secrets detection, and unsafe deserialization — patterns that standard linters miss in AI-generated code.

→ sql query uses f-string interpolation ✗ injection risk
compliance

Compliance enforcement

Activates PCI-DSS and HIPAA rule packs per-repo. Flags violations before they become audit findings. Full eval trail for every AI-touched PR.

→ PCI 6.2.4: card data logged in plaintext ✗ blocked
works with your stack
GitHub
Cursor
VS Code
GitHub Copilot
Windsurf
GitHub Actions
GitLab soon
Azure DevOps soon
Bitbucket soon
pricing

No guessing.
No surprises.

Free
$0

For individual devs.

  • 500 evals/month
  • Hallucination + intent
  • GitHub PR comments
  • 1 seat
get started →
Pro
$79 /mo

For solo engineers & freelancers.

  • 5,000 evals/month
  • Security scan
  • Merge blocking
  • CLI + IDE + GitHub Action
  • GitLab support
  • 30-day history
start free trial →
most popular
Team
$349 /mo

For AI-first engineering teams.

  • 50,000 evals/month
  • Slack alerts
  • Up to 25 seats
  • Exportable reports
  • 90-day history
start free trial →
Business
$999 /mo

For scaling orgs with compliance needs.

  • 250,000 evals/month
  • Compliance packs (PCI, HIPAA, SOC2)
  • Custom rules
  • SSO / SAML
  • Unlimited seats
  • 2-year history
start free trial →
Enterprise
custom

For regulated industries & large orgs.

  • Unlimited evals
  • Fine-tuned domain signal
  • Air-gapped option
  • SLA + dedicated support
  • Custom contract
talk to us

Your AI writes fast.
runlit keeps score.

30 seconds to install. No config. Cancel any time.

install the github app →