Open-source GitHub Action

Stop AI agents from editing the wrong files.

Superbus checks whether Codex, Copilot, Cursor, or Claude Code changed files they weren't supposed to.

It comments directly on the PR and can block unsafe merges.

Runs inside GitHub Actions. No source code upload by default.

Superbus Contract Violated GitHub comment showing a blocked file and recommendation. — Contract Violated

The problem

AI PRs move faster than reviewers.

The first review question is not always whether the code is right. It is whether the agent was supposed to touch those files at all.

71%

self-merge

90%

massive PRs without review

PRs move faster than reviewers

Reviewers need a boundary before merge.

How it works

Issue to contract. PR to check. Violation to decision.

Three GitHub-native moments, with no new dashboard required.

Issue -> contract

The task becomes an Agent Contract with allowed and blocked paths.

GitHub issue describing authentication session policy work.

AI PR

The agent opens a pull request. Superbus reads changed file paths from GitHub.

Superbus Agent Contract comment on a GitHub pull request.

Contract Violated

If the PR touches blocked or out-of-scope files, the comment says exactly why.

Superbus scope compliance review showing a contract violation.

Rollout

Start in observe. Move to enforce.

Superbus can begin as a comment-only check, then become a merge gate once your team trusts the contract flow.

Observe

Comment on the PR without failing CI.

Warn

Flag risky paths like auth, payments, database, and CI.

Enforce

Fail CI when the PR violates its contract.

Superbus PR check showing approval required and blocked unattended. — Risky PRs blocked before merge

Why teams use this

A small check before a big review.

Superbus gives reviewers a fast scope answer before they spend time reading the diff.

Catch out-of-scope AI edits

See when an agent touches files outside the contract.

Protect auth, payments, and DB

Keep sensitive paths blocked unless explicitly approved.

Review AI PRs faster

Separate scope review from code review.

Block unsafe merges

Use enforce mode when violations should fail CI.

Superbus violations table showing files changed without human approval. — Files changed without human approval

Open source vs hosted

One contract model. Two ways to use it.

The open-source action stays narrow. Hosted Superbus adds the contract lifecycle around it.

Open source checks PRs.

Install the GitHub Action, provide a contract, and check PR changed-file paths.

GitHub Action

Agent Contract schema

Path-only PR checks

Observe or enforce mode

Install GitHub Action

Hosted Superbus manages contracts.

Generate contracts from issues, approve scope changes, and keep violation history.

Issue-to-contract generation

Approvals

Exception handling

Audit history

Join hosted beta

Start with one check

No AI PR without a contract.

Install the open-source GitHub Action, watch the first PR, and move to enforcement when your team is ready.

Install GitHub Action See Demo PR

View on GitHub README Docs Security Releases Issues