Opinionated PR governance checks. Config-driven, no LLM. Runs as a CLI, pre-commit hook, or GitHub Action.

Built by the author of sql-sop. Same naming, same philosophy: catch real drift fast, skip the ceremony.

• GitHub
• PyPI
• Download stats
• Install: pip install pr-sop
• Contributing: CONTRIBUTING.md · GOVERNANCE.md · CODE_OF_CONDUCT.md · SECURITY.md · NOTICE

Teams keep shipping PRs with broken CHANGELOG.md, pyproject.toml versions that do not match the __init__.py, or rev: pins in READMEs that still point at a tag three releases behind. Every repo hits these. Every review catches some and misses others.

pr-sop is a tiny, config-driven checker that runs before merge and surfaces the drift that review forgets. No LLM, no opinions beyond what you turn on in .prsop.yml. Three checks today, each optional, each under 100 lines.

Every check is optional and configured in .prsop.yml. A missing section means the check is off.

pip install pr-sop

Drop a .prsop.yml at the repo root:

checks:
  changelog_required:
    severity: error
    paths:
      - "src/**/*.py"

  version_consistency:
    severity: error
    sources:
      - file: pyproject.toml
        pattern: '^version\s*=\s*"([^"]+)"'
      - file: src/mypkg/__init__.py
        pattern: '^__version__\s*=\s*"([^"]+)"'

  precommit_rev_matches_tag:
    severity: warning
    files:
      - README.md
      - .pre-commit-config.yaml

Run:

pr-sop check --base origin/main

Exit code is 1 if any error fired, 0 otherwise. Warnings never fail CI.

Example terminal output:

ERROR    changelog-required  src/myapp/api.py  3 changed paths match but CHANGELOG.md was not updated.
       -> Add a line under `## [Unreleased]` in CHANGELOG.md.
WARNING  precommit-rev-matches-tag  README.md:134  `rev: v0.3.2` does not match latest git tag `v0.4.1`.
       -> Update the rev to `v0.4.1`.

1 error(s), 1 warning(s) across 2 check(s).

name: pr-sop
on:
  pull_request:
    branches: [main]

permissions:
  contents: read

jobs:
  prsop:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
          fetch-tags: true

      - uses: Pawansingh3889/pr-sop@v0.1.1

Findings surface as native ::error:: and ::warning:: workflow commands (visible in the Files tab of the PR) plus a table in the workflow summary. No API calls, no token setup beyond the default GITHUB_TOKEN.

Consumer inputs on the action:

Danger is great when you want to write repo-specific rules in JavaScript. pr-sop is the opposite: three opinionated rules you turn on with a YAML block, no Dangerfile to maintain. If you need custom logic, reach for Danger. If you keep forgetting to bump the CHANGELOG, reach for pr-sop.

• Checks are plugins (see pr_sop/checks/base.py). Each has an id, a pydantic config model, and a run(ctx) -> list[Finding].
• No network calls. Reads your files, shells out to git.
• Config validated by pydantic v2. Typos in .prsop.yml fail fast at load, not mid-scan.
• Output: Rich terminal locally, workflow commands in Actions.
• Single source of version truth via importlib.metadata, no hardcoded version string to drift.

• sql-guard (aka sql-sop on PyPI), as the first external consumer since v0.1.0.

If you wire pr-sop into your repo and want to be listed, open a PR adding a bullet here.

v0.1.1, alpha. The config schema and rule IDs are the parts most likely to stay stable across 0.x. Internal APIs in pr_sop/checks/ may move before v1.0. Check CHANGELOG.md before upgrading between minor versions.

MIT. See LICENSE and NOTICE for the reasoning.