foreman · v0 · pre-launch

The pull request that takes down prod always passed review.

A tired human skims the diff and hopes. Foreman doesn't — it treats every risky merge like an incident, and answers whatever you ask about what changed.

wakes on every risky PR·answers in plain English, cited·51s to verdict
Why merges bite

Code review catches typos. It misses the incident.

The change that breaks production rarely looks dangerous. It looks like a small edit to an auth handler, or a records endpoint three other repos quietly depend on. The reviewer can't see that. Neither can the diff.

  • 01 / blind spot

    Blast radius is invisible

    Nobody remembers which repos call this endpoint. So the Flutter app and the billing worker break on Monday, and everyone blames the deploy.

  • 02 / lost context

    The “why” left with the author

    The migration doc that explains the breaking change is buried in Confluence. The reviewer never reads it. Chesterton’s fence, torn down at 4pm on a Friday.

  • 03 / the bottleneck

    One senior engineer, every risky PR

    Deep review doesn’t scale. So it gets rushed, skipped, or stacked behind the one person who understands the system. That person is tired.

  • 04 / the 2am page

    You find out in production

    The first real signal that a merge was dangerous is the incident it causes. By then it’s a rollback, a war room, and a postmortem.

The crew

A crew shows up the moment a risky PR opens.

A Commander reads the change and dispatches specialists in parallel. They investigate against your team's real memory, not a generic model. Then the Commander scores the risk and decides.

  • Commander

    — orchestrates

    Reads the diff, assembles the crew, weighs every finding, and delivers the verdict in plain senior-engineer language.

  • Historian

    — pulls context from docs

    Recovers why the code exists from linked Jira, Slack, and Confluence, so a change is never judged blind.

  • Git Investigator

    — surfaces ownership

    Ownership, churn, and bus-factor risk. Who wrote it, how often it breaks, who should review it.

  • Architecture Specialist

    — maps cross-repo dependencies

    Maps the cross-repo blast radius from shared API endpoints. Names the exact repos that break on a contract change.

  • on-demand

    Security Specialist

    — spawned only when confidence drops

    Not on the roster. Spawned automatically when confidence drops below 45%, then runs a live web search for known advisories.

The same crew that reviews a PR also answers questions on demand — not just on new merges.

See it work

A risky PR opens. The crew takes 51 seconds.

Or just ask. Same investigation, answered in plain English — cited.

foreman · terminal
foreman ·pull-request #128·apis/record_auth.go
LIVE
  1. PR opened. Foreman wakes automatically. No one asked it to.+0.0s
  2. Commander assembles the crew. Historian, Git, Architecture — in parallel.+0.4s
  3. Architecture: cross-repo blast. flutter-onboarding + web-pocketbase break on a contract change.+3.6s
  4. Git: single-owner file. All commits by one author. Bus-factor risk.+12.7s
  5. Historian: found the migration doc. Confluence says this endpoint is a breaking v1→v2 change.+14.3s
  6. Confidence hits 35%. Security Specialist spawns. Below the 45% line. A role that did not exist a second ago.+14.3s
  7. Security runs a live web search. Pulls known advisories for the changed auth surface.+29.1s
  8. Verdict: BLOCK. Posted to the PR. Ticket filed. Channel alerted.+51.0s
running...
Early access

Stop shipping incidents. Start shipping code.

Foreman is opening to a small first crew of teams. Get in line for early access and lock in free beta.

early access · no spam · one launch email