VS Code Extension

Compliance in your editor — before you write a bad line.

The MergeGuide VS Code extension brings policy enforcement to the IDE layer. Violations appear as diagnostics — the same red squiggles you see for syntax errors — before you ever commit, push, or open a PR.

Zero workflow disruption

Developers don't learn new tools. MergeGuide integrates into VS Code's existing diagnostic system. Violations show up in the Problems panel, as inline squiggles, and as hover tooltips — exactly like TypeScript errors or ESLint warnings.

Each diagnostic includes: which compliance control was violated, why it matters, and an actionable fix. The developer doesn't need to know anything about SOC 2 or HIPAA — they just see: "this line has a problem, here's how to fix it."

  • Inline diagnostics — red/yellow squiggles on violating code
  • Hover tooltip with control reference and fix guidance
  • Problems panel integration — all violations in one place
  • Quick fix suggestions for common violations
  • Language-specific: 13 languages supported
  • Real-time evaluation — updates as you type

How it looks in practice

1 import  psycopg2
2  
3 conn = psycopg2.connect(password="admin123")
MG-CC6.1 Hardcoded credential
SOC 2 CC6.1 · HIPAA §164.312(a)(1) · PCI-DSS R8.2.1
Fix: Use environment variable or secrets manager
4  
5 # Compliant version:
6 conn = psycopg2.connect(
7   password=os.environ["DB_PASSWORD"]
8 )

Installation

Option 1: VS Code Marketplace

Search "MergeGuide" in the VS Code Extensions panel, or press Ctrl+P and run:

ext install mergeguide.mergeguide-vscode

Requires VS Code 1.85 or later. Compatible with VS Code Insiders.

Option 2: CLI install

Install from the command line:

code --install-extension mergeguide.mergeguide-vscode

After installation, set your API key in VS Code settings: mergeguide.apiKey

Real-time evaluation

Policy evaluation runs on every file save, with incremental analysis to keep it fast. No perceptible IDE slowdown.

🔗

Multi-framework diagnostics

Each diagnostic shows every compliance framework it violates. One hardcoded credential might violate SOC 2, HIPAA, and PCI-DSS simultaneously — all shown in the tooltip.

🎯

Severity levels

Critical violations appear as errors (red). High-severity as warnings (yellow). Medium/informational as hints. The Problems panel sorts by severity.

Ready to enforce compliance at the IDE layer?

Get started with the VS Code extension today — free tier available, no credit card required.

Get Started Free Read the docs