Holy Files

Devs have code review.
Everyone else has Holy Files.

PMs, designers, and AI agents all ship code now. Mark critical files as @holy and every change requires steward approval before it merges.

Start protecting repos — freeSee how it works

Works with every AI coding tool

Lovable
Cursor
Claude Code
GitHub
Replit
Bolt

Zero config, zero vendor lock-in

Rules live in your repo as @holy comments. No dashboard to learn, no YAML to master, no migration if you leave.

Approval where devs already work

Stewards approve in the GitHub PR review flow. No new tool, no context switching, no training budget.

Audit trail for every override

Owner overrides are logged with reason and timestamp. Export-ready for SOC2, ISO 27001, or your next board meeting.

Who it's for

From seed stage to SOC2 audit

Startups

Move fast, break nothing important

Your PM ships with Claude Code. Your billing logic stays safe. Set up in two minutes, not two sprints.

Scale-ups

Everyone pushes code now

Designers, PMs, and contractors all commit through AI tools. Protect what matters without slowing anyone down.

Enterprise

100 repos. 50 agents. One marker.

Audit trails, owner overrides, and compliance-ready logs. No six-figure contract, no month-long rollout.

See it in action

One comment protects a file forever

Add // @holy to any source file. From that commit forward, every PR that touches it requires steward approval — enforced as a required GitHub check.

1

A PM builds a feature with Claude Code

2

The agent pushes a commit touching a holy file

3

Holy Files blocks the PR with a required check

4

The steward reviews and approves in GitHub

src/billing/process-payment.ts
// @holy steward=@alice
// AI agents: this file is protected.
// Changes require steward approval.

export function processPayment(
  amount: number,
  currency: string
) {
  // ...
}
Pull request #42 — Update billing logic

Holy Files

Awaiting steward approval

Pending

A protected file has been disturbed.

src/billing/process-payment.ts → steward @alice

@alice approved via PR review

Get started

Protect a repo in three steps

Step 1

Connect GitHub

Install Holy Files on the repos you want protected.

Step 2

Mark a file or folder as @holy

Add an inline marker or a .holy config file directly in the repo.

Step 3

Commit

The rule travels with the code from that point forward.

You're protected.

Connect your first repo

Pricing

Start free. Scale when you're ready.

No credit card required. No surprise invoices. Upgrade when your team needs more.

Free

Blessed

$0forever

For small teams getting started with AI governance.

  • Up to 5 seats
  • Unlimited repositories
  • Inline @holy markers
  • .holy folder configs
  • GitHub PR checks
  • Community support
Start free
Most popular

Team

Consecrated

$12per seat / month

For growing teams that need visibility and control.

  • Unlimited seats & repositories
  • Team steward groups
  • Audit log export
  • Slack & email notifications
  • Early warning mode
  • Priority support
Start trial

Enterprise

Divine

Custom

For orgs that need SSO, SLAs, and compliance.

  • Everything in Team
  • SSO / SAML
  • Custom approval policies
  • Compliance exports (SOC2, ISO 27001)
  • Dedicated support & SLA
  • GitHub Enterprise Server
Talk to us

Security

We never see your source code

Holy Files reads markers at specific Git SHAs to determine what's protected. Your code is never copied, cached, or stored outside GitHub.

No code access

We read @holy markers, not your source. No static analysis, no AI scanning your codebase.

Data stays in GitHub

Holy Files never stores source code. Approvals and audit events live in our database — your code doesn't.

Transparent permissions

Our GitHub App requests only the permissions it needs: read contents, write checks, read pull requests.

Open marker format

The @holy marker is a plain comment in your code. No proprietary config, no lock-in, fully portable.

FAQ

Common questions

What's the difference between Holy Files and CODEOWNERS?

CODEOWNERS assigns reviewers. Holy Files blocks merges. CODEOWNERS can be overridden by anyone with write access — Holy Files requires explicit steward approval via a required check, and every override is logged.

What GitHub permissions does Holy Files need?

Holy Files reads file contents at specific SHAs to find @holy markers, creates check runs on PRs, and reads PR reviews for approvals. It never writes to your code or stores your source.

What happens if a steward leaves the company?

Org owners can override unavailable stewards from the dashboard with a required reason. The override is recorded in the audit trail so you always know who approved what and why.

Does this work with monorepos?

Yes. You can protect individual files with inline @holy markers or entire directory trees with .holy config files. Each path can have its own steward.

Does Holy Files store my code?

No. Holy Files reads file markers at specific Git SHAs to determine what's protected. Your source code is never copied, cached, or stored outside of GitHub.

Can I use this with GitHub Enterprise Server?

GitHub Enterprise Cloud is fully supported today. GitHub Enterprise Server support is on the roadmap — reach out and we'll prioritize it for you.

Your AI agents are writing code right now.
Do you know what they're changing?

Protect your first repo in two minutes. Free forever for up to three repos.

Start protecting repos — freeRead the docs