Security is a core design principle of PR Flow. Since you are trusting the application with access to your source code and internal company repositories, we want to be fully transparent about how it operates.
PR Flow is a native desktop application. All interactions with your version control platforms (GitHub, GitLab, Gerrit) happen directly between your machine and those services. There is no middleman, and we do not host any infrastructure that routes your data.
PR Flow reads your pull requests, review statuses, and CI checks. It only writes when you explicitly tell it to — a nudge, an inline comment, a thread reply, or a full review with a verdict (approve, request changes, or comment). Nothing is posted until you press Submit, and PR Flow never merges.
Every write PR Flow makes on your behalf is recorded in a local audit log (Settings → Logs): what it was, which provider, and a link to the result it created. That log lives on your machine and never leaves it, so you always have a complete, private record of everything the app has done for you.
PR Flow integrates with the tools you already use. It reads standard authentication from the GitHub CLI (gh) and GitLab CLI (glab). For Gerrit, passwords are encrypted and securely stored in your operating system's native keychain (Keychain on macOS, Credential Vault on Windows, Secret Service API on Linux).
All released binaries are built directly from source via automated CI pipelines. macOS builds are fully signed and notarized by Apple, and Windows builds are signed, ensuring that the binaries have not been tampered with.