Read Anthropic’s case study about Graphite Reviewer
Graphite Protections (beta)
Graphite Protections offers fine-grained control over PR mergeability based on file path, language, team, and more. It is a drop-in replacement for branch protection rules, rulesets, and CODEOWNERS.

Compared to GitHub Branch Protection Rules and Rulesets, Graphite Protections are designed from the ground up to support fast development in monorepos while remaining compliant.

The biggest difference for dev tools and security teams is the ability to control merge requirements at the individual PR level instead of mandating blanket policies for entire code repositories.

  1. Require at least 2 reviewers for high risk changes (e.g. to specific table schemas)

  2. Allow product teams to approve changes to your marketing website without modifying CODEOWNERS files. Or allow growth teams to merge their own PRs.

  3. Only allow the security team to approve security-related config changes

  4. Define required passing CI based on directory in a monorepo to reduce blast radius for flaky tests, and to have teams own their own CI (e.g. frontend tests must pass for frontend changes).

  5. Easily override PR merge requirements when an engineer is OOO.

Graphite continuously evaluates PRs in repos where you have Protections enabled. PRs become mergeable when they meet all their conditions to merge.

The pull request page in Graphite has native support for Protections, and will show the code author and reviewers the next steps required for the PR to be mergeable.

Orgs can use Graphite Protections regardless of their preference for GitHub or Graphite for code review.

Graphite users will see the mergeability requirements in the pull request side panel.

GitHub users looking at the same pull request will see a status check with the mergeability requirements that prevents them from merging until their PR meets these conditions.

Graphite Protections integrate seamlessly with GitHub’s concepts of Branch Protection Rules, Rulesets, and CODEOWNERS. If you have both Graphite Protections and GitHub Branch Protection Rules / Rulesets enabled in a repo, Graphite will enforce both sets of requirements for PRs to merge.

This integration lets you gradually move your merge requirements to Graphite Protections.

Your org must have the Graphite GitHub app installed. You can verify this in your Graphite settings.

Visit the Protections page in Graphite to start enforcing merge requirements with Graphite. The visual editor will guide you through creating your merge protections.

At launch, Graphite Protections supports three types of merge requirements:

  1. Required CI checks

  2. Number of required approvals

  3. Required file approvers

You can configure these to apply on all PRs in a repo, or just PRs that match specific criteria. This is what lets you enforce merge requirements based on PR author, affected file paths, title, description, merge base branch, and labels.

You can optionally configure each Protection with an override. This is a set of conditions that make the individual Protection pass ✅ even if the merge requirements are not met ❌.

For example, you can configure a Protection with an override based on the oncall-override label. Or add an override for when the assigned reviewer is out of office.

Graphite
Git stacked on GitHub

Stacked pull requests are easier to read, easier to write, and easier to manage.
Teams that stack ship better software, faster.

Or install our CLI.
Product Screenshot 1
Product Screenshot 2