runlit
get started
live · free to start

AI code,
cleared to ship.

The eval layer below your AI IDE. Catches hallucinated APIs, intent mismatches, security issues, and compliance violations before they reach production.

install the github app → view on github

30 seconds to install · no credit card required

46%
of Copilot code is AI-generated
GitHub, 2024
1.7×
more issues in AI vs human code
CodeRabbit, 2025
45%
of AI code fails security tests
Veracode, 2025
$4.88M
average cost of a data breach
IBM, 2024
$2.1M
HIPAA max fine per incident
HHS
how it works

Invisible infrastructure.
Visible results.

01

install once

Install the GitHub App in 30 seconds. No config required. runlit immediately starts scanning every PR that contains AI-generated code.

supports: github · gitlab (soon) · azure devops (soon) · bitbucket (soon)
02

evals run automatically

On every PR open and push, runlit scores the AI-generated diff across four signals: hallucination, intent match, security, and compliance.

p99 latency: < 4s per eval
03

score posted. merge gated.

The eval score appears as a PR review comment. Merges are blocked when score drops below your threshold. No developer action required.

configurable threshold per repo or org
eval signals

Four signals.
One score.

Not just syntax. runlit evaluates the semantics — what the code is supposed to do, whether it does it, and whether it'll break production.

hallucination

Hallucination detection

Cross-references every API call against real documentation. Catches phantom methods, deprecated signatures, and non-existent packages before they fail in production.

→ stripe.charges.create() ✗ method removed in v9
intent

Intent match

Compares the diff against the original issue, PR description, or prompt. Catches code that technically works but doesn't do what was asked.

→ intent: add pagination ✗ cursor not exposed in response
security

Security scanning

Runs OWASP top-10 patterns, injection checks, secrets detection, and unsafe deserialization — patterns that standard linters miss in AI-generated code.

→ sql query uses f-string interpolation ✗ injection risk
compliance

Compliance enforcement

Activates PCI-DSS and HIPAA rule packs per-repo. Flags violations before they become audit findings. Full eval trail for every AI-touched PR.

→ PCI 6.2.4: card data logged in plaintext ✗ blocked
works with your stack
GitHub
Cursor
VS Code
GitHub Copilot
Windsurf
GitHub Actions
GitLab soon
Azure DevOps soon
Bitbucket soon
pricing

No guessing.
No surprises.

Free
$0

For individual developers.

  • 1 repo
  • 50 evals/month
  • Hallucination + intent signals
  • GitHub App
get started →
most popular
Team
$399 /month

For engineering teams shipping AI code at scale.

  • Unlimited repos
  • 2,000 evals/month
  • All 4 signals
  • GitHub App + VS Code extension
  • Merge gate config
  • Team dashboard
start 14-day trial →
Enterprise
custom

For regulated industries and large orgs.

  • Unlimited everything
  • PCI-DSS + HIPAA rule packs
  • Full audit trail
  • SSO / SAML
  • SLA + dedicated support
  • Custom compliance packs
talk to us

Your AI writes fast.
runlit keeps score.

30 seconds to install. No config. Cancel any time.

install the github app →