Hexguard

Hexguard is an AI-assisted dependency maintenance task for Elixir projects. It analyzes Hex package diffs for security and compatibility risk, runs compile and tests, and can open PRs automatically.

What it does

• Picks a dependency (mix hexguard ash or --random)
• Fetches package diffs with mix hex.package diff
• Runs a restricted security evaluation in Docker
• Runs a compatibility evaluation with workspace context
• Verifies your project with compile and tests
• Creates a branch, commit, PR, and issue (when blocked)

Install

Add Hexguard to your target project:

def deps do
  [
    {:hexguard, "~> 0.1", only: :dev, runtime: false}
  ]
end

Then install deps:

mix deps.get

Usage

Update one dependency:

mix hexguard ash

Pick a random updatable dependency:

mix hexguard --random

Dry-run mode (no branch/commit/push/PR/issue):

mix hexguard ash --dry-run

Help:

mix help hexguard

Key options

• --random pick one dependency with update available
• --base base branch for PRs (default: main)
• --model override model for opencode
• --block-breaking-changes fail on compatibility/breaking concerns too
• --allow-dirty skip clean-tree check
• --dry-run disable branch/commit/push/PR/issue side effects

Requirements

• Elixir ~> 1.19
• gh authenticated for PR/issue operations
• opencode and Docker available
• API credentials for model provider (for example OPENAI_API_KEY)

Automation

• Scheduled and manual task runner: .github/workflows/daily-hexguard.yml
• Automated release PRs/changelog and Hex.pm package publish: .github/workflows/release-please.yml
• Release docs workflow (HexDocs publish on release): .github/workflows/release-docs.yml

Contributing

Contribution and maintainer workflow details are in CONTRIBUTING.md.