![I built a GitHub Action that auto-reviews PRs with LLM — risk assessment + evidence mapping [alpha, OSS]](/_next/image?url=https%3A%2F%2Fres.cloudinary.com%2Fdrrvltkaz%2Fimage%2Fupload%2Fv1775343631%2Fberu%2Fblog%2Feb4f4b78-1ec2-4b96-bbd8-f6f0ac29d248.webp&w=3840&q=75)
I built a GitHub Action that auto-reviews PRs with LLM — risk assessment + evidence mapping [alpha, OSS]
April 24, 20261 min read
I built a GitHub Action that analyzes pull requests automatically and posts structured comments.
What it does
- Risk assessment (low/medium/high) based on file patterns and diff analysis
- Maps evidence to specific line numbers in the diff
- Detects security patterns: CVEs, broad exception handling, TLS misconfigurations
- Posts comment automatically on every PR
Example comment it leaves on a PR
🟢 Risk: LOW
What: mypy upgraded from 1.3 to 1.5.1 in pyproject.toml
Why: Address bugs in mypy 1.5.1Evidence:
- pyproject.toml:L117 — mypy==1.5.1
Install (~2 minutes)
Just add the workflow file and two secrets to your repo. Full instructions in the README.
Repo: https://github.com/mordecaiusm922-create/devmind
Still alpha. Looking for feedback on what's useful and what's noise.
Source: Dev.to
