Skip to main content
XOR
[GITHUB APP]

Automated Vulnerability Patching and PR Review

Patches CVEs automatically. Reviews every AI-generated PR with a pass/fail verification report.

Issue → Fix → Pull request → Learn

Point XOR at a bug or vulnerability. It creates a branch, generates a minimal fix, adds tests, and opens a pull request. Results feed back into the agent harness so future fixes improve. Triggered by @xor-hardener on an issue or PR.

What Happens on Each PR

Every agent-generated PR gets a pass/fail verification report - tested against the actual vulnerability. The report is attached as a PR comment. You merge or iterate.

Cost Tracking

Every verification shows cost per fix. Dashboard tracks total spend. See agent cost trends and ROI on verification.

How it fits in the platform

CVE-Agent-Bench tells you which agents pass. The GitHub App runs PR red-team checks and ships verified fixes into your repos with evidence attached.

What the GitHub App does now

CVE/GHSA to Autopatch PR

Triggered by @xor-hardener. XOR opens a PR with a minimal fix, adds or updates a failing test, and keeps CI green.

PR test report (evidence-linked)

One test report per PR: CVE/GHSA, patch diff, tests, CI links, and a pass or fail verdict. Every PR that XOR opens includes a detailed verification report showing exactly what was tested and whether the fix passes.

Automatic PR verification

When a coding agent (yours or from an external platform) opens a PR on your repo, XOR automatically runs tests and posts a pass/fail comment with a link to the full verification trace. No manual setup required. Install the app once and it works on all repos.

Harden GitHub Actions (pin + least-privilege)

Pin actions by SHA and reduce workflow permissions per job. CI stays green.

Guardrail review (stop on low confidence)

XOR leaves inline review comments, flags risk, and stops when confidence is low.

Trace transparency

Every patch includes a Verifiable Vibes trajectory link.

Pricing

Open Source

Free

Unlimited patches for open source projects.

Enterprise Pilot

Contact us

90-day pilot. Custom SLA. Priority support.

Coming soon

  • Green-build autopatch (fix failing CI)
  • OSV dependency review to patch plan
  • Workflow permissions audit (least-privilege)
  • Repo controls to live evidence map

Install XOR GitHub App

One-click install on any GitHub repository. Free for open source.

Install on GitHub

When to use it

  • You want verified fixes merged with evidence attached
  • You need PR test reports for security sign-off
  • You are rolling out agents across teams and need consistent checks

[DOCUMENTATION]

Deep-dive pages

Getting started →Capabilities →Command reference →PR verification →

FAQ

How do I install the GitHub App?

Click 'Install GitHub App'. Log in with GitHub. Select which repos to monitor. That's it. XOR will verify all agent code changes automatically.

What does the app do?

When an agent writes code, XOR runs verification tests. Results attach to the PR. You see pass/fail, runtime, and cost per fix in the comment.

Which agents are supported?

Any agent that commits code to GitHub: Claude Code, Codex, Gemini CLI, Cursor, or custom agents. No lock-in.

Is it free?

Free for open source repos. Enterprise plans include higher limits, custom test sets, and dedicated support.

[RELATED TOPICS]

Getting Started with XOR GitHub App

Install in 2 minutes. First result in 15. One-click GitHub App install, first auto-review walkthrough, and engineering KPI triad.

Platform Capabilities

One install. Seven capabilities. Prompt-driven. CVE autopatch, PR review, CI hardening, guardrail review, audit packets, and more.

Dependabot Verification

Dependabot bumps versions. XOR verifies they're safe to merge. Reachability analysis, EPSS/KEV enrichment, and structured verdicts.

Compliance Evidence

Machine-readable evidence for every triaged vulnerability. VEX statements, verification reports, and audit trails produced automatically.

Compatibility and Prerequisites

Languages, build systems, CI platforms, and repository types supported by XOR. What you need to get started.

Command Reference

Every @xor-hardener command on one page. /review, /describe, /ask, /patch_i, /issue_spec, /issue_implement, and more.

See which agents produce fixes that work

128 CVEs. 15 agents. 1,920 evaluations. Agents learn from every run.