AI ships code at 3 a.m. Reading all of it is still a human job. DevHive watches the places where accidents happen — payment limits, auth settings — and stops only the changes that touch them. A human approves, and the decision leaves a record.
AI raised the speed of writing. The exit is still a single door — human review and approval. The queue in front of it keeps growing.
PR growth at Spotify in one year. Their answer: "merge the safe ones automatically, focus review where it matters most."
Spotify Engineering · Code with Claude 2026Commits grew 180%, but deploys grew only 30%. The rest is waiting in review.
NBER Working Paper 35275Deciding which changes need a human in front of them — that is what DevHive does.
Put a lock on files like payment rates or auth settings. Any change that touches them stops at merge, notifies the owner, and passes only with a designated person's approval.
The approval stamp goes on the code itself, not on paperwork. If a single line changes after approval, the approval is void and must be given again on the new code.
If a tool wrote it and a tool approved it, it does not ship. DevHive enforces an accountable human approval.
"Working today" means verified by automated tests. Live measurements come with the pilot.
Built in order, on top of what already works.
Exactly what you saw above. It guards locked files, binds approvals to the code, and seals decisions into records.
A new rule starts in shadow, recording verdicts without blocking anything. After reviewing the records you raise it to notify, then enforce. One rule can never halt the whole organization.
Changes that pass automatically still record why they were safe. You can verify it later from the records alone.
Lock coverage, bypass attempts, and approval lead time, aggregated weekly. The formula is fixed — recompute it any time and you get the same numbers.
Fixing a blocked change is the job of your tools and agents. DevHive hands over what was caught and why, then judges the fixed change again when it returns. It never touches your code.
Whether a change is blocked is decided by your rules, not by an AI. The same input always produces the same verdict, reproducible in front of an audit.
Authors and approvers are kept separate. A rule-matched change does not ship without a human approval.
Every verdict and approval is hash-linked to the previous record. Alter one and the chain verification fails.
We're taking a small number of teams into early pilots — teams whose code is expensive to get wrong: payments, auth, permissions, data paths. Point the gate at your locked files and run it on your real PRs. The lock gate and fingerprint-bound approval work today; your pilot produces the first live numbers.
We reach out to teams in the order they apply.