How PatchPulse works under the hood
The core API service built with FastAPI. Handles change event processing, policy evaluation, and decision making. Integrates with AI services for advanced analysis and provides REST APIs for all operations.
Lightweight Go-based agent that runs in your cluster. Monitors Kubernetes resources in real-time, collects cluster signals, and sends snapshots to the backend for context-aware analysis.
Polling services that monitor GitHub and GitLab repositories for pull requests and merge requests. Extracts diffs, parses Kubernetes manifests, and sends change events to the backend.
Notification service that sends risk reports to Slack channels. Includes interactive buttons for approval workflows and detailed risk summaries.
When a PR/MR is created, the Git integration fetches the diff and sends a change event to the backend. The backend evaluates the change against guardrails, runs AI analysis, and creates a decision. Cluster signals from the agent provide context for risk scoring. Decisions are stored and notifications are sent via Slack.
All components follow security best practices: least-privilege access, encrypted communications, secret management via Kubernetes secrets, and comprehensive audit logging. API keys are never exposed in logs or responses.