If you're building an AI-powered medical device, you already live in Git. Your source code, your model training pipelines, your CI/CD — it all runs through repositories, branches, and pull requests. So why does your Quality Management System live in a completely separate universe of PDFs, Word docs, and folder structures that nobody trusts?
Lightworks was built on a simple premise: Git is already a quality management system. You just need someone to connect the dots.
Version Control Is the Whole Point
The FDA cares about one thing above all else in your Design History File: traceability. They want to know who changed what, when, and why. They want to see that changes were reviewed and approved by the right people. They want an audit trail that can't be tampered with.
Sound familiar? That's literally what Git does.
Every commit is a timestamped, author-attributed, content-addressed record of change. Every branch is an isolated workspace where changes can be proposed without affecting the controlled baseline. Every merge into main is a deliberate act of acceptance — reviewed, approved, and recorded permanently in the commit history.
The problem is that traditional QMS platforms ignore this entirely. They force you to maintain a parallel system of controlled documents, manually track versions with filenames like SRS_v2.3_FINAL_reviewed_FINAL2.docx, and copy-paste between your actual engineering artifacts and the compliance paperwork. It's busywork that adds zero value and actively increases risk — because now you have two sources of truth that inevitably drift apart.
Pull Requests Are Your Change Controls
In a regulated environment, you can't just push changes to production. Every change needs to be proposed, reviewed, assessed for impact, and formally approved. Traditional QMS platforms call this a Change Control or a Change Order. It involves forms, routing, signatures, and usually a lot of waiting.
A pull request is already all of this.
When an engineer opens a PR, they're proposing a change. The diff shows exactly what's being modified. Reviewers can comment, request changes, and approve. The PR description captures the rationale. CI runs automated checks. And when it merges, the change is recorded permanently.
Lightworks wraps this workflow with the compliance layer it needs without replacing it. You don't learn a new tool. You don't context-switch to some QMS portal. You keep working the way you already work — and Lightworks ensures it meets regulatory requirements.
Merge Approvals Are Your E-Signatures
Here's where it gets interesting.
FDA 21 CFR Part 11 requires electronic signatures on quality records. These signatures must be attributable to an individual, include the date and time, and be bound to the record in a way that can't be separated or copied. The signature must also include the meaning of the signing — approval, review, authorship, responsibility.
In Lightworks, merge approvals are your e-signatures. When a designated reviewer approves a pull request, they authenticate via multi-factor authentication. That MFA-verified approval is captured as a compliant electronic signature — tied to the specific commit hash, timestamped, attributed to the individual, and permanently bound to the exact content being approved.
No wet signatures scanned to PDF. No DocuSign ceremony bolted onto a document management system. No separate signature page that references a document version that may or may not still match. The signature is cryptographically bound to the content through Git's own integrity model.
The Traceability Matrix Writes Itself
The real magic of a Git-native approach is what it makes possible downstream.
When your requirements, design documents, risk analyses, test protocols, and source code all live in the same repository (or linked repositories), traceability becomes a property of the system rather than a manual exercise. Lightworks automatically generates and maintains your traceability matrix by reading the relationships between artifacts — linking user needs to design inputs, design inputs to design outputs, design outputs to verification activities, and verification activities back to requirements.
Change one requirement and you can instantly see every downstream artifact that needs to be assessed. Complete a verification test and it automatically links back to the design output it verifies. This isn't a static spreadsheet that someone updates quarterly. It's a living document that reflects the actual state of your design history, generated directly from the repository.
Your Auditor Gets a Better Story
When the FDA walks in for an audit, they don't want to dig through a labyrinth of folders and cross-reference document numbers. They want to understand your development process and verify that you followed it.
With Lightworks, your audit trail is the commit history. Your change controls are pull requests. Your approvals are merge signatures. Your traceability matrix is auto-generated. Everything links together because it all comes from the same source — your Git repository.
Instead of spending weeks preparing for an audit by assembling binders and checking version numbers, you point the auditor at your Design History File and let the system tell the story. Because it's the same system your engineers use every day, it's always current. There's no gap between what you're actually doing and what your QMS says you're doing.
Built for How You Actually Work
We didn't build Lightworks for quality managers who happen to work at software companies. We built it for software teams who happen to need a QMS.
If you're an AI SaMD startup heading toward your first 510(k) or De Novo submission, you shouldn't have to choose between moving fast and being compliant. Your engineering workflow — Git, branches, PRs, code review — is already 80% of a compliant QMS. Lightworks fills in the remaining 20% so you can focus on building the product that actually matters.
Lightworks is a Git-native Quality Management System for AI medical device companies. Write your quality docs in Markdown. Store them in GitHub. Let Lightworks handle the compliance.