Automatically enforce product requirements, detect security vulnerabilities, and eliminate code redundancy on every pull request.
Quick Start β’ Features β’ Architecture β’ Configuration β’ API Reference β’ Contributing
FeaturePulse is an intelligent GitHub App that acts as an automated product manager and security auditor for your codebase. It analyzes every pull request against your project's defined intent rules (PRD/requirements) and provides:
- π Intent Score β Measures how well code changes align with your product requirements
- π‘οΈ Security Scanning β Detects vulnerabilities in dependencies using the OSV database
- β‘ Redundancy Detection β Identifies duplicate or conflicting file names using Levenshtein distance
- π€ AI-Powered Decisions β Leverages Gemini/OpenRouter AI for intelligent compliance analysis
Think of it as having a tireless product manager and security engineer reviewing every PR 24/7.
|
Compares code changes against your |
Automatically scans new dependencies for known vulnerabilities using the OSV Database. |
||||||||
|
Uses Levenshtein distance to detect:
|
Choose how FeaturePulse enforces decisions:
|
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β FeaturePulse β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β βββββββββββββββ Webhook βββββββββββββββββββββββββββββββββββ β
β β GitHub ββββββββββββββββΆβ Node.js Backend β β
β β Pull Requestβ β β β
β βββββββββββββββ β βββββββββββ ββββββββββββββββ β β
β β β github β β ai.js β β β
β βββββββββββββββ β β .js β β Gemini/ β β β
β β intent.md ββββββββββββββββββββ β β OpenRouter β β β
β β (Your PRD) β β βββββββββββ ββββββββββββββββ β β
β βββββββββββββββ β β β
β β ββββββββββββ ββββββββββββββ β β
β βββββββββββββββ β β security β β redundancy β β β
β β OSV.dev ββββββββββββββββββββ .js β β .js β β β
β β Database β β ββββββββββββ ββββββββββββββ β β
β βββββββββββββββ β β β
β βββββββββββββββββββββββββββββββββββ β
β β β
β βΌ β
β βββββββββββββββββββββββββββββββββββ β
β β React Dashboard (Vite) β β
β β β’ PR Analysis Stats β β
β β β’ Feature Subscriptions β β
β β β’ Authority Mode Settings β β
β βββββββββββββββββββββββββββββββββββ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Click the button below to install FeaturePulse on your repositories:
Add an intent.md file to your repository (preferably at .featurepulse/intent.md):
# Project Intent Rules
## Supported Features
1. User authentication via OAuth
2. Dashboard with real-time metrics
3. REST API with rate limiting
## Quality Standards
- All endpoints must have error handling
- Unit test coverage > 80%
- No hardcoded secrets
## Security Requirements
- HTTPS only
- Input validation on all forms
- SQL injection preventionFeaturePulse will automatically:
- β Analyze your code changes
- β Compare against your intent rules
- β Scan for security vulnerabilities
- β Check for code redundancy
- β Post results as a GitHub Check and PR comment
FeaturePulse/
βββ Frontend/ # React Dashboard (Vite)
β βββ src/
β β βββ components/
β β β βββ Dashboard.jsx # Main dashboard with stats & settings
β β β βββ Pricing.jsx # Subscription plans
β β β βββ IntentRules.jsx # Intent rules editor
β β β βββ Header.jsx # Navigation header
β β βββ services/
β β β βββ api.js # Backend API client
β β βββ App.jsx # Main application component
β β βββ main.jsx # Entry point
β βββ package.json
β
βββ Node Backend/ # Express.js API Server
β βββ index.js # Main server & webhook handler
β βββ ai.js # AI analysis (Gemini/OpenRouter)
β βββ security.js # CVE scanning via OSV
β βββ redundancy.js # File redundancy detection
β βββ github.js # GitHub API interactions
β βββ db.js # JSON file database
β βββ package.json
β
βββ intent.md # Example intent rules template
βββ README.md # This file
Create a .env file in the Node Backend directory:
# GitHub App Configuration (Required)
APP_ID=your_github_app_id
PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----"
WEBHOOK_SECRET=your_webhook_secret
# AI Provider (At least one required)
GEMINI_API_KEY=your_gemini_api_key
# OR
OPENROUTER_API_KEY=your_openrouter_api_key
# Payment Integration (Optional)
RAZORPAY_KEY_ID=your_razorpay_key_id
RAZORPAY_KEY_SECRET=your_razorpay_key_secretCreate a .env file in the Frontend directory:
VITE_API_BASE_URL=http://localhost:3000
VITE_RAZORPAY_KEY_ID=your_razorpay_key_id- Node.js v18 or higher
- npm v8 or higher
- GitHub App credentials (for full functionality)
cd "Node Backend"
npm install
npm run dev # Starts with nodemon for hot-reloadcd Frontend
npm install
npm run dev # Starts Vite dev server# Terminal 1 - Backend (Port 3000)
cd "Node Backend" && npm run dev
# Terminal 2 - Frontend (Port 5173)
cd Frontend && npm run devPOST /webhookHandles GitHub webhook events for pull requests and app installations.
| Event | Action | Description |
|---|---|---|
pull_request |
opened, synchronize, reopened |
Triggers PR analysis |
installation |
deleted |
Cleans up subscription data |
GET /api/installation-status/:idVerifies if a GitHub App installation is valid.
Response:
{
"valid": true
}GET /api/subscription/:idReturns subscription details and settings for an installation.
Response:
{
"features": ["intent", "security", "summary"],
"settings": {
"authorityMode": "gatekeeper"
}
}POST /api/settingsUpdates authority mode and other settings.
Request Body:
{
"installationId": "12345",
"settings": {
"authorityMode": "advisory"
}
}POST /api/create-orderCreates a Razorpay order for feature subscription.
Request Body:
{
"features": ["intent", "security", "summary"],
"installationId": "12345"
}FeaturePulse looks for intent.md in the following order:
.featurepulse/intent.md(recommended)- Any
intent.mdin the repository root or subdirectories
| Category | Risk Level | Default Decision |
|---|---|---|
| Documentation Update | Low | APPROVE |
| Bug Fix | Medium | APPROVE |
| New Feature | High | WARN |
| Refactor | Medium | APPROVE |
| Test Improvement | Low | APPROVE |
| General Improvement | Low | APPROVE |
BLOCK β Security HIGH/CRITICAL OR Intent Match < 50%
WARN β Intent Match < 80% OR Redundancy found
APPROVE β Intent Match > 80% AND Security LOW
FeaturePulse integrates with the OSV Database to scan npm dependencies added in pull requests for known CVEs.
The following patterns trigger security warnings:
- Authentication:
auth,login,password,secret,credential - Configuration:
.env,config.js,secrets - Payments:
payment,stripe,billing - Cryptography:
crypto,encrypt,decrypt - Database:
database,schema
We welcome contributions! Here's how to get started:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
- Follow existing code style and patterns
- Add tests for new functionality
- Update documentation for API changes
- Use conventional commit messages
When FeaturePulse analyzes a pull request, it provides:
β
FeaturePulse
Decision: APPROVE | Score: 85%
## π€ FeaturePulse Analysis
**π Intent Score:** 85%
**π‘οΈ Decision:** APPROVE
**β‘ Authority Mode:** GATEKEEPER
---
### π Executive Summary
This PR implements the user authentication feature as specified in the PRD.
### π PRD Compliance
* β
**Implemented:** OAuth login, session management
* β οΈ **Missing/Incomplete:** Rate limiting
* π **Out of Scope:** None
### π‘οΈ Security & Quality
* **Security Risk:** LOW
* **Vulnerabilities:** None detected
* **Redundancy:** No conflicts found
### π‘ Recommendations
Consider adding rate limiting before the next release.This project is licensed under the MIT License - see the LICENSE file for details.
- Google Gemini & OpenRouter for AI capabilities
- OSV Database for vulnerability data
- Octokit for GitHub API integration
- Razorpay for payment processing
Built with β€οΈ for developers who care about code quality