Goal
Add CI/PR AI review that classifies change risk and supports routing or blocking decisions later in the lifecycle.
User value
Teams get stronger AI review where latency and enforcement belong: CI and PRs, not every local push.
Implementation notes
- Run against PR diffs in CI.
- Produce risk levels and categories such as security, logic, migrations, auth, data loss, test gaps, and size.
- Support policy config for advisory vs blocking PR outcomes.
- Emit artifacts or check summaries for auditability.
Risks / tradeoffs
- AI risk labels can be noisy or overconfident.
- Blocking PRs with AI findings requires strong policy language and escape routes.
Suggested priority
P1
Milestone
M4: PR/CI AI review
TBD considerations
- Blocking thresholds for PR AI findings.
- Privacy and secret-redaction policy for CI AI payloads.
- Whether risk routing should integrate with CODEOWNERS or labels in the first version.
Acceptance criteria
- CI AI review can run independently from local pre-push AI.
- Risk summary is machine-readable and human-readable.
- Blocking policy is explicit and testable.
Goal
Add CI/PR AI review that classifies change risk and supports routing or blocking decisions later in the lifecycle.
User value
Teams get stronger AI review where latency and enforcement belong: CI and PRs, not every local push.
Implementation notes
Risks / tradeoffs
Suggested priority
P1
Milestone
M4: PR/CI AI review
TBD considerations
Acceptance criteria