⏱️ Postgres · TypeScript · Python · runs in CI

Timezone bugs ship silently.
tz-guard catches them first.

A CLI + GitHub Action that scans your schema, migrations, and code for naive timestamps, missing timezone-awareness, and DST-unsafe date math — then tells you the exact production risk and the fix.

Start free See how it works →

bash

$ npx tz-guard scan ./db

schema.sql
  5:17  error   Naive TIMESTAMP column — same row means different
                instants in different sessions.  sql/naive-timestamp-column
           risk: Postgres stores TIMESTAMP with no offset. A server TZ
                 change silently shifts every value. DST makes 01:30 ambiguous.
           fix:  Use TIMESTAMPTZ — normalizes to UTC on write.

app.py
  9:12  warning datetime.now() with no tz returns naive local time.  py/naive-now
           fix:  datetime.now(timezone.utc)

3 error, 6 warning, 2 info  ·  scanned 142 files in 31ms
$ echo $?
1   # CI fails — the bug never reaches main

Built for the exact bug class that wrecks dates

Not a generic linter. Domain-specific timezone analysis with fixes you can paste.

🗄️

Schema & migrations

Flags TIMESTAMP where you meant TIMESTAMPTZ, *_at columns typed as DATE, and DST-unsafe + interval '1 day' math.

🐍

Python & JS/TS

Catches datetime.utcnow(), naive datetime.now(), new Date('YYYY-MM-DD') UTC traps, and millisecond day-math that breaks across DST.

🔒

CI gating, SARIF native

--fail-on error blocks merges. SARIF 2.1.0 output surfaces findings in GitHub's Security tab. One Action, done.

⚡

Fast & offline

Deterministic rules, no model calls. Hundreds of files in milliseconds. Nothing about your code ever leaves CI.

🤖

LLM-explained fixes

Opt-in --explain rewrites each risk + fix for your exact snippet, via a swappable model gateway. You stay in control of the model.

📦

Zero setup

npx tz-guard. No config, no account for public repos. Drop the Action in and you're gated in two minutes.

Three commands to a timezone-safe codebase

Run it locally, wire it into CI, fix what it finds.

1 · Scan

npx tz-guard

See every naive timestamp and DST trap in your repo, ranked by severity.

2 · Gate

uses: tz-guard/tz-guard@v0

Add the Action with fail-on: error. New timezone bugs can't merge.

3 · Fix

npx tz-guard --explain

Every finding ships with a concrete fix. Apply, re-run, green.

Simple, team-friendly pricing

Free gives you the same detection. Pro adds enforcement on private repos and unlimited seats.

Free

Forever

Unlimited public repos
1 private repo
Full CLI + JSON + SARIF
Bring-your-own-key --explain
CI gating on private repos