I got tired of the same conversation happening
every single week.
"Why is there a hardcoded API key in this PR?"
"We talked about this."
"I know, I forgot."
Every team I've been around has standards
written somewhere — a Notion doc, a README,
a Confluence page nobody opens. And every
team watches those standards get ignored the
moment someone is under deadline pressure.
Human reviewers miss things. Not because
they're bad engineers. Because they're tired,
they're focused on business logic, and
they've already had the same conversation
ten times this month.
So I built Zaxion.
It's a GitHub App that enforces your custom
policies on every PR automatically. You write
the rule once — "no hardcoded secrets",
"all changes to /auth need tests", "no raw
SQL with user input" — and Zaxion checks
every PR against it. If a PR violates a rule,
it gets blocked and the developer gets a
clear explanation of exactly what to fix.
Not a linter. Not regex matching.
It uses Babel AST to actually understand
your code — variable scope, taint tracking,
data flow. Combined with an LLM evaluator
for higher level architectural rules that
are hard to express as code.
I'm a CS student and this is the first real
thing I've shipped publicly. It's free for
open source projects. Took about 30 seconds
to install on my own repos.
If you've ever felt the pain of the same
issue slipping through review for the
fifth time — this is what I built to stop
that.
Brutal feedback welcome.
zaxion.dev
Top comments (0)