Skip to main content

How Hyrax works

Hyrax connects to your GitHub repositories, reads them, finds real problems, opens pull requests to fix them, and writes AI-agent context back into each repo. There's no CLI to install and nothing to self-host — you work through the web app.

The loop

Hyrax runs the same loop over every repo you connect:

  1. Connect. Sign in (continue with GitHub, Google, or an email code) — that gives you a workspace. Then connect your GitHub organization by installing the Hyrax GitHub App on the repositories you want covered, which links your repos and grants read access (and, for fixes, the ability to open pull requests).
  2. Discover. Hyrax profiles each repo — its architecture, conventions, and engineering principles — automatically when you connect it. See Discovery & AI agent context.
  3. Audit. Hyrax reads your code and produces findings (problems to fix) and suggestions (ideas to consider). See Audit tools & languages.
  4. Triage. You review findings, dismiss what doesn't apply, and decide what to act on. Each one has a stable reference like HYRAX-42. See Findings & suggestions.
  5. Fix. Point Hyrax at a finding and it opens a pull request for you to review. See Fixes.
  6. Review. When enabled, Hyrax reviews your incoming pull requests automatically.
  7. Publish. Hyrax opens a pull request that writes the discovered context into your repo, so the AI coding tools your team already uses pick it up.

The loop is continuous. You re-run audits on a cadence, fix as you go, and re-publish context after big changes.

What happens during an audit

When an audit runs, Hyrax clones your repo at a specific commit into isolated, throwaway compute, analyzes it there, and deletes everything when the job ends — so your source is never retained. See Security for the full posture.

Inside that run, Hyrax combines fast, deterministic pattern matching with reasoning AI that reads your code the way a careful reviewer would, across security, correctness, maintainability, performance, architecture, and operations. The result is a set of prioritized findings, each pointing at the exact file and lines, plus a few higher-level architectural suggestions. See Audit tools & languages for what's covered and which languages are supported.

Re-running merges — it doesn't duplicate

Re-running an audit doesn't pile up duplicates. Hyrax recognizes findings it has seen before and merges new results onto the existing ones, so your list stays clean and your triage is respected: if you dismissed something, re-running won't resurrect it. You can audit as often as you like. See Findings & suggestions for the lifecycle.

Fixes open pull requests

By default, acting on a finding produces a pull request — never a silent edit. Hyrax makes the change in an isolated copy, runs your repo's own tests to verify it, double-checks the diff, and opens a pull request against your repo. A finding closes as fixed only when that pull request is merged. (A repo can opt into a commit-direct mode that skips the PR step — see Fixes.)

Where to go next