Sign In Request Access
U
Dashboard
ARCHITECTURE GOVERNANCE AS CODE

Enforce your architecture
at pull request time

ArchRails verifies PRs against your CALM architecture graph — checking node boundaries, allowed connections, and interface contracts deterministically. Every violation is traceable to a CALM node or relationship. No generic "best practices" guesses.

Request Access Try CALM Visualizer — free
No code stored FINOS CALM 1.2 Zero-config setup Deterministic verification CALM Visualizer — free
Pull Request #847 — feature/order-refactor
AR
ArchRails Bot
commented 1 minute ago

🏗️ CALM Architecture Review

  • Relationship violation: OrderService calls PaymentService directly. CALM node rel-connects-order-payment requires routing via service-api-gateway.
  • Interface breach: OrderDatabase accessed via HTTP. Node db-orders declares JDBC:5432 only.
  • Node boundary respected: InventoryService changes scoped to service-inventory — no cross-node leakage detected.
CALM sources: calm.json · rel-connects-order-payment calm.json · db-orders config.yaml · mapping
<1 day
Setup to first review
CALM 1.2
FINOS open standard
PR-time
Enforcement, not post-mortems
0
Source files stored
Generic AI review bots
Trained on open-source patterns. Suggests "best practices." Comments are confident but untraceable — no source, no context, no connection to your team's actual decisions.
ArchRails
Enforces your declared CALM architecture from Git. Every comment links back to the exact node, relationship, or interface it was derived from. Violations are provable — not guesses.
Built on CALM

ArchRails uses CALM (Common Architecture Language Model) as its structured backbone — giving you deterministic structural verification of your architecture. On top of that, ArchRails' PR-enforcement and LLM explanation layer delivers contextual, readable guidance directly in the PR. The result: machine-verifiable constraint checking and human-readable explanations in the same review comment.

Guarantees

Architecture reviews you can trust

ArchRails doesn't invent standards. It enforces what your team defines in a CALM document, and cites every node it used.

No undocumented rules enforced

If a node, relationship, or interface constraint isn't in your calm.json, ArchRails won't enforce it. Full stop.

Every comment is CALM-traceable

Feedback cites the exact CALM node ID, relationship ID, or interface that triggered it — so teams align faster and argue less.

PR-scoped bounded context

Reviews resolve only the CALM nodes touched by the PR diff. Less noise, fewer false positives, no cross-service contamination.

Live Demo — Fully Interactive

Every PR shows exactly what it touched — and what it broke

This is the architecture graph ArchRails renders for every pull request. Drag nodes. Hover for details. Click any node to see how violations trace back to your CALM definition.

Architecture Graph · PR #847 — feature/order-refactor
2 violations detected · drag nodes · scroll to zoom
Service
Database
Actor
System
Violation
External
⚡ 2 violations
✓ 1 passed
🏗️ CALM Architecture Review
Relationship violation
OrderService calls PaymentService directly — must route via service-api-gateway
rel-connects-order-payment
Interface breach
OrderDatabase accessed via HTTP — node declares JDBC:5432 only
db-orders · iface-orders-sql
Node boundary respected
InventoryService changes scoped to service-inventory — no leakage
CALM sources: calm.json · rel-connects-order-payment calm.json · db-orders
Click any node above to inspect it Validate your own architecture
CALM Visualizer — Free

Validate and visualize your CALM architecture before it ships

Paste your calm.json to instantly check for interface violations, missing controls, and structural issues — then render your architecture graph interactively. No account required.

  • Validates against FINOS CALM 1.2 schema
  • Interactive architecture graph with node detail panel
  • Flags relationship and interface violations inline
  • Free to use — no login, no limits
Open CALM Visualizer
Architecture Graph
● 6 nodes · 9 relationships
👤 Customer
⚡ API Gateway
📦 Order Service
⚠ Inv. Service
💳 Payment
🗄 Order DB
🗄 Inventory DB
■ Service ■ Database ■ Actor ■ Violation
1
Install GitHub App
We provision your account and install the ArchRails GitHub App on your repo. No workflow files needed.
2
ArchRails scans your repo
ArchRails detects your CALM files, infers service-to-node mappings, and opens a PR with a generated archrails.yml.
3
Merge & enforce
Merge the generated PR. Every subsequent pull request is validated against your CALM architecture automatically.
Get Access View Setup Guide
✓ Best for self-hosted runners
Use GitHub Actions CI mode when your org uses self-hosted runners, GitHub Enterprise Server, or requires all traffic to stay in-network. No GitHub App installation required.
ℹ No GitHub App install needed
Tenant resolution uses ARCHRAILS_TENANT_ID and auth uses X-ArchRails-Token. GITHUB_TOKEN is auto-provisioned by Actions.

Drop this file into .github/workflows/archrails.yml. Set three repository secrets — GITHUB_TOKEN is provided automatically by GitHub Actions.

.github/workflows/archrails.yml
Add to your repo 
# ArchRails Architecture Governance — GitHub CI Mode
# Required secrets:  ARCHRAILS_TENANT_ID · ARCHRAILS_TOKEN · ARCHRAILS_WEBHOOK_URL
# GITHUB_TOKEN is auto-provisioned by Actions — no configuration needed.

name: ArchRails Architecture Check
on:
  pull_request:
    types: [opened, synchronize, reopened, ready_for_review]

jobs:
  archrails-check:
    name: Architecture Governance
    runs-on: ubuntu-latest
    permissions:
      contents: read         # read repo contents for diff fetch
      pull-requests: write   # post review comments
      statuses: write        # write commit status

    steps:
      - name: Send PR event to ArchRails
        env:
          ARCHRAILS_TENANT_ID: ${{ secrets.ARCHRAILS_TENANT_ID }}
          ARCHRAILS_TOKEN:     ${{ secrets.ARCHRAILS_TOKEN }}
          ARCHRAILS_URL:       ${{ secrets.ARCHRAILS_WEBHOOK_URL }}
          GITHUB_TOKEN:        ${{ secrets.GITHUB_TOKEN }}
          PR_EVENT:            ${{ toJson(github.event) }}
          RUN_ID:              ${{ github.run_id }}
          RUN_ATTEMPT:         ${{ github.run_attempt }}
        run: |
          # Inject archrails_tenant_id and github_token into the PR event payload.
          # github_token lets downstream Lambdas fetch the diff and post review
          # results without a GitHub App installation token.
          PAYLOAD=$(echo "$PR_EVENT" | jq \
            --arg tenant_id    "$ARCHRAILS_TENANT_ID" \
            --arg github_token "$GITHUB_TOKEN" \
            '. + {archrails_tenant_id: $tenant_id, github_token: $github_token}')

          HTTP_STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
            --max-time 30 \
            -X POST "$ARCHRAILS_URL" \
            -H "Content-Type: application/json" \
            -H "X-GitHub-Event: pull_request" \
            -H "X-GitHub-Delivery: ${RUN_ID}-${RUN_ATTEMPT}" \
            -H "X-ArchRails-CI: github" \
            -H "X-ArchRails-Token: $ARCHRAILS_TOKEN" \
            -d "$PAYLOAD")

          echo "ArchRails response: $HTTP_STATUS"

          # 202 = queued  |  204 = ignored (draft, disabled, etc.)
          # 4xx/5xx = configuration problem — surface it.
          if [[ "$HTTP_STATUS" -ge 400 ]]; then
            echo "::error::ArchRails rejected the payload (HTTP $HTTP_STATUS). Check ARCHRAILS_TOKEN and ARCHRAILS_TENANT_ID."
            exit 1
          fi
          echo "ArchRails review queued successfully."
Repository Secrets to configure
ARCHRAILS_TENANT_ID Your tenant ID — from the dashboard after provisioning.
ARCHRAILS_TOKEN Per-tenant shared secret — provided during provisioning.
ARCHRAILS_WEBHOOK_URL Your endpoint, e.g. https://api.archrails.io/webhook
GITHUB_TOKEN ✓ Auto-provisioned  No setup needed.
Get GitHub Actions Access

GitLab integration runs via CI pipeline. Add the job below to your .gitlab-ci.yml and set three CI/CD variables.

.gitlab-ci.yml
Add to your repo 
stages:
  - review

archrails_review:
  stage: review
  image: alpine:3.20
  rules:
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
  before_script:
    - apk add --no-cache curl
  script:
    - |
      curl --silent --fail -X POST "${ARCHRAILS_ENDPOINT}" \
        -H "X-Gitlab-Token: ${GITLAB_WEBHOOK_SECRET}" \
        -H "X-Gitlab-Event: Merge Request Hook" \
        -H "Content-Type: application/json" \
        -d "{
          \"archrails_tenant_id\": \"${ARCHRAILS_TENANT_ID}\",
          \"object_kind\": \"merge_request\",
          \"project\": {
            \"id\": ${CI_PROJECT_ID},
            \"path_with_namespace\": \"${CI_PROJECT_PATH}\"
          },
          \"object_attributes\": {
            \"iid\": ${CI_MERGE_REQUEST_IID},
            \"action\": \"update\",
            \"last_commit\": { \"id\": \"${CI_COMMIT_SHA}\" }
          }
        }"
CI/CD Variables to set
ARCHRAILS_ENDPOINT — provided on provisioning
GITLAB_WEBHOOK_SECRET — provided on provisioning
ARCHRAILS_TENANT_ID — your organization ID
Get GitLab Access
FAQ

Common questions

CALM (Common Architecture Language Model) is a FINOS open standard for describing architecture as machine-readable JSON. ArchRails uses it as its structural backbone because CALM defines nodes, relationships, and interface contracts precisely — enabling deterministic verification rather than probabilistic guessing. The LLM layer then translates those verified violations into readable PR comments.
No on both counts. ArchRails scans your repository automatically after setup — it detects existing CALM files, infers mappings between service paths and CALM nodes, and opens a pull request with a generated archrails.yml ready to merge. You never write config by hand. If you want to author or validate a calm.json directly, the free CALM Visualizer is available with no account required.
No. ArchRails retrieves PR diff events from GitHub or GitLab, processes them in memory, posts a review comment, and discards the data. Your source code is never copied, indexed, or stored. GitHub App permissions are scoped to PR comment write access only.
Copilot and generic AI review bots optimize for general best practices drawn from open-source training data. ArchRails enforces your declared CALM architecture — the specific nodes, allowed connections, and interface contracts in your calm.json. Every comment is traceable to a CALM node ID.
Yes. A single calm.json at the repo root describes your full system graph. The mapping section in config.yaml ties each service directory to its CALM node. ArchRails resolves only the nodes touched by the PR diff — a payment service change won't trigger inventory rules.
Contact us to get provisioned. We'll connect your GitHub or GitLab integration, walk through your first calm.json, and get you to your first enforced PR review. The CALM Visualizer is free to use immediately — no account needed.
No. After your repo is connected, ArchRails able to scans it automatically — detecting your CALM files, inferring which service paths map to which CALM nodes, and opening a pull request with a generated archrails.yml. You review it, merge it, and enforcement starts. The scan runs once on initial setup; after that, ArchRails enforces on every PR without any additional configuration.
Founder

Built by an engineer who's lived design drift

Marc Daniel Registre

Marc Daniel Registre

Founder & Engineer

ArchRails started as a practical system: keep architecture consistent as teams scale — without relying on tribal knowledge. By grounding reviews in a CALM architecture graph rather than generic training data, every violation is provable and every comment is traceable.

Make architecture review automatic — and provable

Start with one repo and one CALM document. ArchRails will enforce it on every pull request.

Request Access Try CALM Visualizer — free