Latch
The independent merge gate for the agent era

Two AIs argue about your PR until it's mergeable. You click merge.

Latch is a bounded review⇄fix loop that converges any pull request — human- or agent-authored — to mergeable, then stops. The reviewer is independent of the agent that wrote the code. The loop never merges; a human always does.

npx github:nishantkumar1292/latch init
Star on GitHub

FSL-1.1-Apache-2.0 · self-host free forever · runs in your own GitHub Actions

latch/merge-gate review · run 1
#412 add math-drill generator
you checks passed
drills.py · L28 unresolved
choices = sorted([answer - 1, answer, answer + 1])
choices are sorted — the correct answer is always the middle tile.
fixer
test_drills.py · L11 unresolved
fixer
fixer randomize answer position per problem a3f9c1e
verdict DO-NOT-MERGE

simulated replay of a real run 00:00 elapsed
The problem

Coding agents open pull requests faster than anyone can review them.

Fifty PRs land by 7am with green CI on every one — and green CI never saw the answer tiles that always put the right answer in the middle. The one scarce thing left is judgment about whether a diff is safe to merge.

How it works

A loop that converges, then stops.

Two identities, one bounded cycle. Every hop is its own auditable run — nothing self-approves, and nothing merges itself.

R
Review

An independent reviewer attacks the PR.

It treats the PR description as claims to falsify, distrusts golden tests regenerated in the same commit, and checks every new field for a producer and a consumer. Findings post as inline comments with a concrete failure scenario; the run ends on a verdict.

identity: reviewer · verdict: MERGE / MERGE-WITH-FIXES / DO-NOT-MERGE

F
Fix — or refuse

A separate fixer addresses each finding.

It runs the real checks before it commits. And it has standing to refuse: when a finding is wrong, it replies with its reasoning and leaves the thread open for a human instead of blindly complying — which is what stops the loop thrashing on a bad comment.

identity: fixer ≠ reviewer · so nothing self-approves

R
Re-review

The reviewer runs again against the new head.

A fresh run re-verifies the earlier findings and looks for anything the fix introduced. Cycles are bounded by a hard cap; hit it and the loop escalates to a human rather than spinning.

every hop is a separate run on your audit trail

Converge

When the findings clear, it stops. The check goes green.

Latch converges the mechanically-verifiable debris and hands the judgment calls to you. It does not merge — you do. Any thread the fixer left open is yours to resolve.

0 human review cycles → 1 human action: merge

Why independent

The agent that wrote the code can't be the one that clears it.

Independence isn't a feature of this product — it's the whole product.

Correlated blind spots

Ask an agent to review its own PR and it runs on the same weights, the same context, and the same blind spots that produced the bug. Its errors are correlated with the code's errors, so it clears exactly the mistakes it was always going to make.

— model-independence knob —
Point the reviewer at a model unlike your author-agent. Independence isn't a slogan; it's a setting — and a catch-rate metric to measure the lift is on the roadmap.

A true story

A generated math drill sorted its answer choices, so the correct tile was always the middle one — and a five-year-old learned to just tap the middle every time. CI was green the whole time; a parent caught it, not the tests. An independent reviewer with the repo's doctrine catches exactly that class of bug.

6 + 1 = ? — the answer never moves.

Trust posture

A gate you can hand a probabilistic agent.

The defaults are the conservative ones. You turn up the enforcement yourself, once you trust your own false-positive rate.

Never merges

The loop converges to mergeable and stops. A human always presses merge. (Opt into GitHub's native auto-merge yourself if you want it.)

Anti-tamper

The fixer can never edit the workflows or the policy file that govern it. The loop can't rewrite its own rules.

Bounded cycles

A hard cap on review⇄fix rounds. Hit it and the loop escalates to a human instead of thrashing forever.

Non-blocking by default

The verdict ships as a non-blocking commit status. Mark it a required check yourself, per repo, once you've seen its false-positive rate.

We see nothing

The open-source loop runs in your own GitHub Actions, on your key, on your audit trail. Your code never leaves your repo.

Every hop is a run

Review, fix, re-review — each is a separate, directional, inspectable run. The automation can't self-trigger or self-approve.

Quickstart

Gate your first PR in a few minutes.

One command writes the workflows and a policy file. Add a key, open a PR, and watch it converge.

Run init in your repo

It writes the review and fix workflows plus a .latch/policy.yml (mined from your CLAUDE.md or AGENTS.md if you have one).

npx github:nishantkumar1292/latch init

Add your key as a repo secret

A Claude subscription token or an API key. Latch runs on your key, in your Actions — nothing is sent to us.

# Settings → Secrets and variables → Actions
CLAUDE_CODE_OAUTH_TOKEN=<your token>

Open a pull request

The reviewer runs, the fixer converges it, and the verdict lands as a commit status. When it's green, you press merge.

Pricing

Free where it runs on your compute. Paid where we run it for you.

The whole loop is open source and free forever. The hosted gate is a zero-config convenience, not a paywall around the product.

Open source
Free forever

Bring your own Claude subscription or API key.

  • The full loop: independent review, fix-or-refuse, re-review, converge
  • Anti-tamper guard, bounded cycles, human escalation
  • Runs in your Actions — your key, your audit trail
  • FSL-1.1-Apache-2.0
Get started
Hosted gateWaitlist
$49 / active repo / mo

Includes 25 gated PRs, then $8 / gated PR. BYOK discount.

  • Zero-config GitHub App — gates every PR, no YAML to commit
  • Our sandbox and inference — doesn't spend your Actions minutes
  • Check-run verdict with inline annotations and fix buttons
  • Code-retention-free by construction
Join the waitlist
Enterprise
Talk to us

For teams with a security review and a compliance bar.

  • SSO and audit export
  • Self-hosted license
  • Bring-your-own-model (Bedrock / Vertex)
  • Priority doctrine tuning for your repos
Talk to us
FAQ

The honest answers.

Isn't this just AI reviewing AI?

Yes — and that only helps if the reviewer is independent of the author. Latch runs the reviewer in a separate context with an adversarial doctrine, and lets you point it at a model unlike the one that wrote the code, so its errors don't correlate with the author's.

It also never claims a verdict it can't back. Latch converges the mechanically-checkable findings — the missing consumer, the un-randomized answer, the failing check — and escalates the judgment calls to you. It's triage and autofix with an outside opinion, not a rubber stamp.

Does it merge my code?

No. Ever. The loop converges the PR to mergeable and stops; a human always presses merge. That's the trust posture, not a limitation. If you want it, you can opt into GitHub's native auto-merge yourself — the default is a human merges.

Do you see my code?

Not in the open-source version — it runs entirely in your own GitHub Actions, on your key, on your audit trail. We never receive it. The hosted gate runs on an ephemeral, code-retention-free sandbox that clones, reviews, and is destroyed; we keep only metadata (verdicts, timings, cycle counts).

What if the reviewer is wrong?

The fixer can refuse a finding with reasoning and leave it open for a human, so the loop doesn't thrash on a bad comment. And the verdict is non-blocking by default — a false DO-NOT-MERGE can't stop your team from shipping until you decide to make the check required.

Which agents does it work with?

Any that open a pull request — Copilot, Codex, Devin, OpenHands, Cursor, Claude Code, or a human. Latch meets them at the PR, the one artifact they all emit, so nothing on their side changes.