How PR data flows
When a pull request triggers a review, the PR diff is fetched by the ReviewAgent Lambda function running in MergeWatch’s AWS account (us-east-1). The diff is held in-memory for the duration of the review and is not persisted to disk, S3, or any database after the review completes.
Bedrock model calls
All LLM inference runs on Amazon Bedrock within MergeWatch’s AWS account. The default model isus.anthropic.claude-sonnet-4-20250514-v1:0. Model inputs (diff content, agent prompts) and outputs (review findings) exist only for the duration of the API call and are not logged or stored by MergeWatch beyond the review lifecycle.
What is stored
Review metadata is written to DynamoDB in MergeWatch’s AWS account. This includes:- Timestamps (review started, completed)
- Repository name and PR number
- Merge-readiness score
- Per-agent latency data
- Review status (success, error, skipped)
Credential storage
GitHub App credentials (private key, webhook secret, app ID) are stored as SecureString parameters in AWS SSM Parameter Store within MergeWatch’s AWS account, encrypted with AWS KMS.Configuration file
Your.mergewatch.yml configuration file stays in your GitHub repository. MergeWatch reads it at review time via the GitHub API but never copies or stores it.
What MergeWatch sees vs. does not see
| Data | MergeWatch sees? | Details |
|---|---|---|
| PR diff | Temporarily | In-memory during review only. Not persisted. |
| Source code (full repo) | No | Only the diff for the PR under review is fetched. |
| Review metadata | Yes | Stored in DynamoDB with 90-day TTL. |
| GitHub credentials | Yes | Stored encrypted in SSM Parameter Store. |
Your .mergewatch.yml | Temporarily | Read at review time via GitHub API. Not copied. |
| Secrets in your code | No | MergeWatch does not scan or store secrets. If a secret appears in a diff, it is processed in-memory like any other diff content and not persisted. |
| Other repos / branches | No | Only the PR’s head and base branches are diffed. |