<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: JinHyuk Sung</title>
    <description>The latest articles on DEV Community by JinHyuk Sung (@sjh9714).</description>
    <link>https://dev.to/sjh9714</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3979231%2Fa135da54-2755-404b-b652-4d80d7565c16.jpg</url>
      <title>DEV Community: JinHyuk Sung</title>
      <link>https://dev.to/sjh9714</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/sjh9714"/>
    <language>en</language>
    <item>
      <title>Would you block a PR that changes GitHub Actions contents permission from read to write?</title>
      <dc:creator>JinHyuk Sung</dc:creator>
      <pubDate>Tue, 30 Jun 2026 05:52:53 +0000</pubDate>
      <link>https://dev.to/sjh9714/would-you-block-a-pr-that-changes-github-actions-contents-permission-from-read-to-write-27hm</link>
      <guid>https://dev.to/sjh9714/would-you-block-a-pr-that-changes-github-actions-contents-permission-from-read-to-write-27hm</guid>
      <description>&lt;p&gt;A sandbox PR changed one GitHub Actions workflow permission:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight yaml"&gt;&lt;code&gt;&lt;span class="na"&gt;permissions&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="na"&gt;contents&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;write&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The base branch had:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight yaml"&gt;&lt;code&gt;&lt;span class="na"&gt;permissions&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="na"&gt;contents&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;read&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;That is the concrete case I am trying to calibrate.&lt;/p&gt;

&lt;p&gt;Agent Gate reported:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Agent Gate: NEEDS HUMAN DECISION
Decision: warn
Why: contents permission increased from read to write.
Path: .github/workflows/demo-release.yml
Recommended next step: review the workflow permission change before merging.
Policy status: warning today; eligible to become a merge gate after tuning.

Rule: workflow/permission-escalation
Policy source: built-in default
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Live PR comment proof:&lt;br&gt;
&lt;a href="https://github.com/sjh9714/agent-gate-install-smoke-20260617/pull/13#issuecomment-4828248162" rel="noopener noreferrer"&gt;https://github.com/sjh9714/agent-gate-install-smoke-20260617/pull/13#issuecomment-4828248162&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;What matters to me is that this did not depend on an LLM noticing the change.&lt;/p&gt;

&lt;p&gt;The Action did not:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;checkout PR code&lt;/li&gt;
&lt;li&gt;run repository scripts&lt;/li&gt;
&lt;li&gt;call an LLM at runtime&lt;/li&gt;
&lt;li&gt;load policy from the PR head branch&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The first-run repo config was also absent. Agent Gate used its built-in default policy and recorded:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;configSource: default
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;I am not trying to claim that the PR is automatically bad. A permission increase can be intentional.&lt;/p&gt;

&lt;p&gt;The question is what CI should do when it sees this kind of boundary change.&lt;/p&gt;

&lt;p&gt;My current default is:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;warn on first run&lt;/li&gt;
&lt;li&gt;keep the report human-readable&lt;/li&gt;
&lt;li&gt;let teams promote this finding to block after tuning&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;For AI-generated PRs, I think deterministic CI evidence is useful because agent changes can touch workflow and security boundaries as part of ordinary work.&lt;/p&gt;

&lt;p&gt;But this specific finding is broader than AI: any PR that raises GitHub Actions permissions may deserve deliberate review.&lt;/p&gt;

&lt;p&gt;Question:&lt;/p&gt;

&lt;p&gt;In your repo, is this block, warn, or noise?&lt;/p&gt;

&lt;p&gt;What extra evidence would make it actionable?&lt;/p&gt;

&lt;p&gt;Repo:&lt;br&gt;
&lt;a href="https://github.com/sjh9714/Agent-Gate" rel="noopener noreferrer"&gt;https://github.com/sjh9714/Agent-Gate&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Disclosure: I used AI assistance to help draft and edit this article, and I reviewed the technical claims before publishing.&lt;/p&gt;

</description>
      <category>cicd</category>
      <category>discuss</category>
      <category>github</category>
      <category>security</category>
    </item>
    <item>
      <title>I made Agent Gate installable in 30 seconds for AI PR checks</title>
      <dc:creator>JinHyuk Sung</dc:creator>
      <pubDate>Fri, 26 Jun 2026 10:51:38 +0000</pubDate>
      <link>https://dev.to/sjh9714/i-made-agent-gate-installable-in-30-seconds-for-ai-pr-checks-140f</link>
      <guid>https://dev.to/sjh9714/i-made-agent-gate-installable-in-30-seconds-for-ai-pr-checks-140f</guid>
      <description>&lt;p&gt;One problem with security-ish developer tools is that the install path can ask for trust before it has earned any.&lt;/p&gt;

&lt;p&gt;Agent Gate is a GitHub Action for AI-generated pull requests. It does not review code with an LLM. It checks repeatable CI evidence such as workflow permission changes, agent control-plane drift, package lifecycle script drift, and missing test-file evidence.&lt;/p&gt;

&lt;p&gt;The important constraint is that the Action should be safe to try first:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;no checkout of PR code&lt;/li&gt;
&lt;li&gt;no runtime LLM calls&lt;/li&gt;
&lt;li&gt;no repository script execution&lt;/li&gt;
&lt;li&gt;no policy loaded from the PR head branch&lt;/li&gt;
&lt;li&gt;warn mode by default for first runs&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;I recently changed the onboarding flow so the first install is basically one pinned workflow download.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;mkdir&lt;/span&gt; &lt;span class="nt"&gt;-p&lt;/span&gt; .github/workflows &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; curl &lt;span class="nt"&gt;-fsSL&lt;/span&gt; https://raw.githubusercontent.com/sjh9714/Agent-Gate/v0.2.5/templates/agent-gate-observe.yml &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-o&lt;/span&gt; .github/workflows/agent-gate.yml
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This downloads a tag-pinned GitHub Actions workflow YAML file. It is not &lt;code&gt;curl | bash&lt;/code&gt;, and it does not execute a remote script.&lt;/p&gt;

&lt;p&gt;The downloaded workflow uses:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight yaml"&gt;&lt;code&gt;&lt;span class="na"&gt;uses&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;sjh9714/Agent-Gate@v0.2.5&lt;/span&gt;
&lt;span class="na"&gt;with&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="na"&gt;mode&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;warn&lt;/span&gt;
  &lt;span class="na"&gt;fail-on-block&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="kc"&gt;false&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;It also uses only:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight yaml"&gt;&lt;code&gt;&lt;span class="na"&gt;permissions&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="na"&gt;contents&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;read&lt;/span&gt;
  &lt;span class="na"&gt;pull-requests&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;read&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The other change is that first runs no longer require &lt;code&gt;agent-gate.yml&lt;/code&gt;.&lt;/p&gt;

&lt;p&gt;If the default config file is confirmed missing on the PR base branch, Agent Gate uses its built-in default policy and records:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;configSource: default
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;That means a maintainer can install the workflow first, see what the default warnings look like, and only add repo-specific policy later.&lt;/p&gt;

&lt;p&gt;I also verified the README install path in a sandbox PR. The run:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;loaded &lt;code&gt;sjh9714/Agent-Gate@v0.2.5&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;used no &lt;code&gt;actions/checkout&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;had no &lt;code&gt;agent-gate.yml&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;fell back to the built-in default policy&lt;/li&gt;
&lt;li&gt;finished successfully&lt;/li&gt;
&lt;li&gt;produced a &lt;code&gt;warn&lt;/code&gt; decision for package lifecycle script drift&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The compact log looked like this:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Agent Gate: NEEDS HUMAN DECISION
Decision: warn
Why: preinstall script added in package.json.
Path: package.json
Policy status: warning today; eligible to become a merge gate after tuning.

- warn agf_2ac4687b2f8f712a dependency/lifecycle-script-added package.json
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This is the first-run model I want:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;install quickly
observe warnings
understand the report
then tune policy
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;It still does not prove semantic correctness. A deterministic CI gate should not pretend to know whether a PR is “good.” The goal is narrower: surface repeatable evidence that a maintainer can inspect before merge.&lt;/p&gt;

&lt;p&gt;If you maintain a GitHub Actions-heavy repo or use coding agents to open PRs, I would like feedback on one thing:&lt;/p&gt;

&lt;p&gt;Does this first-run path feel safe and clear enough to try in a real repo?&lt;/p&gt;

&lt;p&gt;Repo:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://github.com/sjh9714/Agent-Gate" rel="noopener noreferrer"&gt;https://github.com/sjh9714/Agent-Gate&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ai</category>
      <category>github</category>
      <category>security</category>
      <category>showdev</category>
    </item>
    <item>
      <title>CI gates for AI-generated PRs need re-derivable evidence</title>
      <dc:creator>JinHyuk Sung</dc:creator>
      <pubDate>Sun, 21 Jun 2026 01:08:59 +0000</pubDate>
      <link>https://dev.to/sjh9714/ci-gates-for-ai-generated-prs-need-re-derivable-evidence-2g4e</link>
      <guid>https://dev.to/sjh9714/ci-gates-for-ai-generated-prs-need-re-derivable-evidence-2g4e</guid>
      <description>&lt;p&gt;When a CI gate flags an AI-generated PR, the important question is not only "what did it flag?"&lt;/p&gt;

&lt;p&gt;It is also:&lt;/p&gt;

&lt;p&gt;"Could someone else come back later and re-derive why this finding fired?"&lt;/p&gt;

&lt;p&gt;That is the reason I added evidence snapshots to Agent Gate v0.2.1.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Agent Gate is
&lt;/h2&gt;

&lt;p&gt;Agent Gate is a GitHub Action for AI-generated pull requests.&lt;/p&gt;

&lt;p&gt;It does not review code with an LLM. It checks deterministic merge evidence in CI:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;PR scope escapes&lt;/li&gt;
&lt;li&gt;GitHub Actions permission escalation&lt;/li&gt;
&lt;li&gt;AGENTS.md / .mcp.json drift&lt;/li&gt;
&lt;li&gt;missing test-file evidence&lt;/li&gt;
&lt;li&gt;high-risk path changes&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The Action does not checkout PR code, call LLMs at runtime, or execute repository scripts.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why finding IDs were not enough
&lt;/h2&gt;

&lt;p&gt;In v0.2.0, Agent Gate added stable finding IDs.&lt;/p&gt;

&lt;p&gt;That gave every finding a short audit handle, for example:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;agf_987ab9ddb8c1b299
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;That is useful for references, comments, future override workflows, and log-based debugging.&lt;/p&gt;

&lt;p&gt;But an ID by itself is not proof. If someone sees the ID later, they still need to know what recorded material produced it.&lt;/p&gt;

&lt;h2&gt;
  
  
  What v0.2.1 adds
&lt;/h2&gt;

&lt;p&gt;v0.2.1 adds &lt;code&gt;evidenceSnapshot&lt;/code&gt; to public findings.&lt;/p&gt;

&lt;p&gt;The split is:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;findingId = short audit handle
evidenceSnapshot = canonical material used to derive that handle
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The snapshot is intentionally boring. It contains stable rule material such as:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;rule id&lt;/li&gt;
&lt;li&gt;severity&lt;/li&gt;
&lt;li&gt;path or line when present&lt;/li&gt;
&lt;li&gt;normalized evidence label/value pairs&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;It does not include timestamps, report order, risk score, version, commit SHA, or mutable display text.&lt;/p&gt;

&lt;h2&gt;
  
  
  A real report shape
&lt;/h2&gt;

&lt;p&gt;Example compact log output:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Agent Gate: NEEDS HUMAN DECISION
Decision: warn
Risk score: 49 / 100
Why: Agent-generated PRs must include an agent-gate contract.
Recommended next step: Add a PR contract before relying on scope checks.
Policy status: warning today; eligible to become a merge gate after tuning.

Findings:
- error agf_be0c2c2a66312aff contract/missing
- error agf_987ab9ddb8c1b299 risk/high-risk-path .github/workflows/agent-gate.yml
- warn agf_6016e753491255d7 workflow/dangerous-pattern .github/workflows/agent-gate.yml
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The compact log stays short, but the JSON and Markdown reports carry the fuller evidence.&lt;/p&gt;

&lt;p&gt;Example JSON shape:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"findingId"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"agf_987ab9ddb8c1b299"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"ruleId"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"risk/high-risk-path"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"severity"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"error"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"path"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;".github/workflows/agent-gate.yml"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"evidenceSnapshot"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"ruleId"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"risk/high-risk-path"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"severity"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"error"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"path"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;".github/workflows/agent-gate.yml"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"evidence"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
        &lt;/span&gt;&lt;span class="nl"&gt;"label"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"changed_file"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
        &lt;/span&gt;&lt;span class="nl"&gt;"value"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;".github/workflows/agent-gate.yml"&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Why this matters
&lt;/h2&gt;

&lt;p&gt;For me, the bar for promoting a finding from warning to blocking is:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;A third party should be able to re-derive the finding from recorded evidence.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;That does not mean the check is magically correct.&lt;/p&gt;

&lt;p&gt;It means the failure mode is visible, reproducible, and tunable.&lt;/p&gt;

&lt;p&gt;A repo can start in warn mode, observe which findings are useful, and only later promote low-noise findings into merge gates.&lt;/p&gt;

&lt;h2&gt;
  
  
  What this does not solve yet
&lt;/h2&gt;

&lt;p&gt;Agent Gate still does not prove semantic correctness.&lt;/p&gt;

&lt;p&gt;Matching test-file evidence is not proof that the tests cover the behavior. It is change evidence / self-consistency evidence.&lt;/p&gt;

&lt;p&gt;Maintainer override storage is also not implemented yet. That is probably the next hard design question: if someone bypasses a finding, where should that override live so it is durable enough to inspect later?&lt;/p&gt;

&lt;p&gt;CODEOWNERS / reviewer evidence and package dependency drift are also future work.&lt;/p&gt;

&lt;h2&gt;
  
  
  Try it
&lt;/h2&gt;

&lt;p&gt;If you maintain a repo where coding agents open PRs, I would love feedback on whether this kind of evidence is useful or too noisy in observe mode.&lt;/p&gt;

&lt;p&gt;Repo:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://github.com/sjh9714/Agent-Gate" rel="noopener noreferrer"&gt;https://github.com/sjh9714/Agent-Gate&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Disclosure: I maintain Agent Gate. v0.2.1 is still a prerelease; I would start in warn mode before treating any finding as a merge gate.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>cicd</category>
      <category>github</category>
      <category>security</category>
    </item>
    <item>
      <title>LLM reviewers are useful, but some PR checks should stay deterministic</title>
      <dc:creator>JinHyuk Sung</dc:creator>
      <pubDate>Tue, 16 Jun 2026 20:17:27 +0000</pubDate>
      <link>https://dev.to/sjh9714/llm-reviewers-are-useful-but-some-pr-checks-should-stay-deterministic-4k1e</link>
      <guid>https://dev.to/sjh9714/llm-reviewers-are-useful-but-some-pr-checks-should-stay-deterministic-4k1e</guid>
      <description>&lt;p&gt;AI coding agents are getting better at opening pull requests.&lt;/p&gt;

&lt;p&gt;That changes the review problem.&lt;/p&gt;

&lt;p&gt;A normal review asks whether the code looks correct, whether the design makes sense, and whether the edge cases were considered.&lt;/p&gt;

&lt;p&gt;Those questions still matter.&lt;/p&gt;

&lt;p&gt;But an AI-generated pull request also raises a different kind of question:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Did the agent change something outside the intended task, and is there enough repeatable evidence to merge?&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;I have started thinking about this as a split between &lt;strong&gt;judgment&lt;/strong&gt; and &lt;strong&gt;evidence&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;LLM reviewers help with judgment. Agent Gate verifies deterministic merge evidence.&lt;/p&gt;

&lt;p&gt;I do not think every review question should become a hard CI gate. Some parts of code review need human context. Some parts benefit from an LLM noticing suspicious patterns. But a few checks are mechanical enough that I want them to be deterministic, repeatable, and visible before merge.&lt;/p&gt;

&lt;p&gt;This is the checklist I currently use when thinking about AI-generated PRs.&lt;/p&gt;

&lt;h2&gt;
  
  
  1. Did the PR stay in scope?
&lt;/h2&gt;

&lt;p&gt;The first question is not whether the code is good.&lt;/p&gt;

&lt;p&gt;It is whether the PR changed the files it was supposed to change.&lt;/p&gt;

&lt;p&gt;For a human PR, an unrelated edit may be easy to explain in review. For an agent PR, unrelated edits are more suspicious because they may reflect an instruction drift, a tool mistake, or a broad refactor the maintainer did not ask for.&lt;/p&gt;

&lt;p&gt;A simple contract can help:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;This PR is allowed to touch:
- src/auth/**
- tests/auth/**
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Then the review can ask a deterministic question:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Did the PR touch anything outside those paths?
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;That does not prove the code is correct. It only proves the PR stayed inside its declared boundary.&lt;/p&gt;

&lt;p&gt;That boundary still matters.&lt;/p&gt;

&lt;h2&gt;
  
  
  2. Did workflow permissions escalate?
&lt;/h2&gt;

&lt;p&gt;GitHub Actions workflows are one of the highest-risk places for an agent to edit.&lt;/p&gt;

&lt;p&gt;A small source change and a workflow permission change do not have the same risk profile.&lt;/p&gt;

&lt;p&gt;For example, I would want a very visible warning if a PR adds or changes this:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight yaml"&gt;&lt;code&gt;&lt;span class="na"&gt;permissions&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="na"&gt;contents&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;write&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;or starts using &lt;code&gt;secrets.*&lt;/code&gt; in a new workflow path.&lt;/p&gt;

&lt;p&gt;This is not a semantic code review problem. It is a policy boundary problem.&lt;/p&gt;

&lt;p&gt;The question is deterministic:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Did this PR increase workflow privileges or introduce a dangerous workflow pattern?
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;That kind of check should not depend on whether an LLM happened to notice it in a comment.&lt;/p&gt;

&lt;h2&gt;
  
  
  3. Did agent-control-plane files change?
&lt;/h2&gt;

&lt;p&gt;AI coding agents often depend on files that shape future behavior:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;AGENTS.md
CLAUDE.md
.github/copilot-instructions.md
.cursor/rules/**
.mcp.json
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;A change to these files can affect future agent runs, tool access, or repo-specific instructions.&lt;/p&gt;

&lt;p&gt;That makes them different from normal documentation changes.&lt;/p&gt;

&lt;p&gt;If an AI-generated PR edits &lt;code&gt;.mcp.json&lt;/code&gt; or &lt;code&gt;AGENTS.md&lt;/code&gt;, I want that surfaced clearly before merge, even if the source code diff looks harmless.&lt;/p&gt;

&lt;p&gt;The deterministic question is:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Did the PR change files that control future agent behavior?
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This is especially important for teams adopting coding agents across repositories, because the control plane can drift quietly.&lt;/p&gt;

&lt;h2&gt;
  
  
  4. Is there matching test evidence?
&lt;/h2&gt;

&lt;p&gt;Test evidence is tricky.&lt;/p&gt;

&lt;p&gt;A changed test file does not prove the behavior is correct. It does not prove the test is meaningful. It does not prove coverage.&lt;/p&gt;

&lt;p&gt;But for risky areas, the absence of any matching test change is still useful evidence.&lt;/p&gt;

&lt;p&gt;If a PR changes auth logic, payment handling, session middleware, or a migration, I want to know whether the PR also changed a related test file.&lt;/p&gt;

&lt;p&gt;The check should be phrased carefully:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;There is no matching test-file evidence.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Not:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;This PR is untested.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;That distinction matters. Deterministic checks should say exactly what they know, and no more.&lt;/p&gt;

&lt;h2&gt;
  
  
  5. Did package scripts or dependencies drift?
&lt;/h2&gt;

&lt;p&gt;This is not always the first rule I would add, but it is one I keep coming back to.&lt;/p&gt;

&lt;p&gt;Package manifests and lockfiles can hide meaningful risk:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;package.json
pnpm-lock.yaml
yarn.lock
package-lock.json
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Some changes are normal dependency maintenance. Others deserve more attention:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"scripts"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"postinstall"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"node scripts/setup.js"&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;For AI-generated PRs, I would want to know:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Did a lifecycle script appear?
Did an existing package script change?
Did dependencies change without an expected lockfile change?
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Again, not every finding should block. But these changes should be easy to see.&lt;/p&gt;

&lt;h2&gt;
  
  
  6. Did the right human reviewer approve?
&lt;/h2&gt;

&lt;p&gt;This is where deterministic evidence meets human ownership.&lt;/p&gt;

&lt;p&gt;A PR can stay in scope, avoid workflow escalation, and include test evidence, but still need the right reviewer.&lt;/p&gt;

&lt;p&gt;Examples:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;src/auth/** changed -&amp;gt; security reviewer expected
.github/workflows/** changed -&amp;gt; platform reviewer expected
.mcp.json changed -&amp;gt; maintainer/platform approval expected
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;I do not think this should always block by default, especially for solo maintainers. But for teams, reviewer evidence may be one of the most useful signals.&lt;/p&gt;

&lt;p&gt;The question is:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Did the right human approve the risky part of this PR?
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;That is not a replacement for review. It is a way to make ownership visible.&lt;/p&gt;

&lt;h2&gt;
  
  
  What should stay human?
&lt;/h2&gt;

&lt;p&gt;A lot.&lt;/p&gt;

&lt;p&gt;I would not want deterministic CI to answer questions like:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Is this design good?
Is this abstraction worth it?
Will users understand this behavior?
Is this bug fix actually correct?
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Those are judgment questions.&lt;/p&gt;

&lt;p&gt;LLM reviewers can help with judgment. Human reviewers own judgment. Deterministic gates should focus on evidence that can be checked the same way every time.&lt;/p&gt;

&lt;h2&gt;
  
  
  What should be deterministic?
&lt;/h2&gt;

&lt;p&gt;The best candidates are checks that are:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;explainable&lt;/li&gt;
&lt;li&gt;repeatable&lt;/li&gt;
&lt;li&gt;hard to miss&lt;/li&gt;
&lt;li&gt;tied to merge risk&lt;/li&gt;
&lt;li&gt;not dependent on executing PR code&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;For me, that currently includes:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;PR scope boundaries&lt;/li&gt;
&lt;li&gt;workflow permission escalation&lt;/li&gt;
&lt;li&gt;dangerous workflow patterns&lt;/li&gt;
&lt;li&gt;agent-control-plane drift&lt;/li&gt;
&lt;li&gt;missing test-file evidence for high-risk paths&lt;/li&gt;
&lt;li&gt;package script and dependency drift&lt;/li&gt;
&lt;li&gt;reviewer evidence for sensitive paths&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;These checks do not make an AI-generated PR safe.&lt;/p&gt;

&lt;p&gt;They make the risk easier to inspect before merge.&lt;/p&gt;

&lt;h2&gt;
  
  
  Start in warn mode
&lt;/h2&gt;

&lt;p&gt;The safest adoption path is not to block everything on day one.&lt;/p&gt;

&lt;p&gt;I would start with warnings:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;mode: warn
fail-on-block: false
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Then observe real PRs.&lt;/p&gt;

&lt;p&gt;Which findings are useful?&lt;br&gt;
Which ones are noisy?&lt;br&gt;
Which ones would you trust as merge gates?&lt;/p&gt;

&lt;p&gt;Only after that would I promote low-noise findings to blocking checks.&lt;/p&gt;

&lt;h2&gt;
  
  
  Closing thought
&lt;/h2&gt;

&lt;p&gt;I think AI-generated PR review will need both judgment and evidence.&lt;/p&gt;

&lt;p&gt;LLM reviewers can help with judgment.&lt;/p&gt;

&lt;p&gt;Deterministic CI checks should verify merge evidence.&lt;/p&gt;

&lt;p&gt;I’m exploring this idea in Agent Gate, a small GitHub Action for deterministic merge evidence in AI-generated PRs.&lt;/p&gt;

&lt;p&gt;Disclosure: I used AI assistance to help draft and edit this article, and I reviewed the technical claims before publishing.&lt;/p&gt;

</description>
      <category>devtools</category>
      <category>ai</category>
      <category>security</category>
      <category>github</category>
    </item>
    <item>
      <title>I built a deterministic CI firewall for AI-generated pull requests</title>
      <dc:creator>JinHyuk Sung</dc:creator>
      <pubDate>Mon, 15 Jun 2026 15:22:57 +0000</pubDate>
      <link>https://dev.to/sjh9714/i-built-a-deterministic-ci-firewall-for-ai-generated-pull-requests-4o3c</link>
      <guid>https://dev.to/sjh9714/i-built-a-deterministic-ci-firewall-for-ai-generated-pull-requests-4o3c</guid>
      <description>&lt;p&gt;AI coding agents are getting good enough to open pull requests.&lt;/p&gt;

&lt;p&gt;That is useful.&lt;/p&gt;

&lt;p&gt;It also changes the review problem.&lt;/p&gt;

&lt;p&gt;A normal code review asks:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Does this code look correct?&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;An AI-generated PR also raises a different question:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Did this agent change something I did not intend, and does this PR have enough evidence to merge?&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Agent Gate is still a prerelease, so I am starting with a narrow goal: make AI-generated PRs easier to inspect before merge.&lt;/p&gt;

&lt;p&gt;That second question is why I built &lt;strong&gt;Agent Gate for AI PRs&lt;/strong&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  The core idea
&lt;/h2&gt;

&lt;p&gt;Agent Gate is a deterministic CI firewall for AI-generated pull requests.&lt;/p&gt;

&lt;p&gt;It is not an LLM reviewer.&lt;/p&gt;

&lt;p&gt;That distinction matters.&lt;/p&gt;

&lt;p&gt;LLM reviewers help with judgment. Agent Gate verifies deterministic merge evidence.&lt;/p&gt;

&lt;p&gt;An LLM reviewer can tell you whether code looks suspicious. Agent Gate checks whether the PR crossed policy boundaries that should be explainable and repeatable in CI.&lt;/p&gt;

&lt;p&gt;The mental model is:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Use your LLM reviewer for judgment.&lt;br&gt;&lt;br&gt;
Use Agent Gate for deterministic merge evidence.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Agent Gate checks questions that should not require an LLM:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;did the PR stay inside its declared scope?&lt;/li&gt;
&lt;li&gt;did workflow permissions escalate?&lt;/li&gt;
&lt;li&gt;did agent control-plane files drift?&lt;/li&gt;
&lt;li&gt;did high-risk code change without matching test-file evidence?&lt;/li&gt;
&lt;li&gt;did MCP config changes get surfaced?&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;These are not semantic code review questions. They are merge-boundary questions.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why I wanted this
&lt;/h2&gt;

&lt;p&gt;Imagine an agent is asked to fix an auth session bug.&lt;/p&gt;

&lt;p&gt;The expected scope might be:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight yaml"&gt;&lt;code&gt;&lt;span class="na"&gt;allowed_paths&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;src/auth/**&lt;/span&gt;
  &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;tests/auth/**&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;But the PR also changes:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;src/payments/webhook.ts
.github/workflows/release.yml
.mcp.json
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;A reviewer might catch that. An LLM reviewer might catch that. But I do not want this to depend only on someone noticing.&lt;/p&gt;

&lt;p&gt;I want CI to say:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;This PR crossed its declared scope.
This PR changed workflow permissions.
This PR changed the agent tool surface.
This PR needs human decision before merge.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;That is the shape of Agent Gate.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Agent Gate catches today
&lt;/h2&gt;

&lt;p&gt;The current &lt;code&gt;v0.1.2&lt;/code&gt; release is intentionally focused on deterministic checks.&lt;/p&gt;

&lt;p&gt;It can flag or block the following, depending on policy mode.&lt;/p&gt;

&lt;h3&gt;
  
  
  Out-of-contract edits
&lt;/h3&gt;

&lt;p&gt;Agent Gate can parse a small PR body contract:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight markdown"&gt;&lt;code&gt;&amp;lt;!-- agent-gate-contract
version: 1
agent: codex
task: update auth session handling
allowed_paths:
&lt;span class="p"&gt;  -&lt;/span&gt; src/auth/&lt;span class="ge"&gt;**&lt;/span&gt;
&lt;span class="p"&gt;  -&lt;/span&gt; tests/auth/&lt;span class="ge"&gt;**&lt;/span&gt;
required_evidence:
&lt;span class="p"&gt;  -&lt;/span&gt; matching auth tests changed
--&amp;gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;If the PR changes files outside &lt;code&gt;allowed_paths&lt;/code&gt;, Agent Gate reports that as a contract escape.&lt;/p&gt;

&lt;h3&gt;
  
  
  Workflow permission escalation
&lt;/h3&gt;

&lt;p&gt;GitHub Actions workflows are powerful. If a PR changes this:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight yaml"&gt;&lt;code&gt;&lt;span class="na"&gt;permissions&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="na"&gt;contents&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;read&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;to this:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight yaml"&gt;&lt;code&gt;&lt;span class="na"&gt;permissions&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="na"&gt;contents&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;write&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;that should be visible before merge.&lt;/p&gt;

&lt;p&gt;Agent Gate checks workflow-level permission escalation and dangerous workflow patterns such as:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;code&gt;write-all&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;&lt;code&gt;id-token: write&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;
&lt;code&gt;pull_request_target&lt;/code&gt; checking out PR head&lt;/li&gt;
&lt;li&gt;unpinned third-party actions&lt;/li&gt;
&lt;li&gt;added &lt;code&gt;secrets.*&lt;/code&gt; usage&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Agent control-plane drift
&lt;/h3&gt;

&lt;p&gt;Files like these can change how future agents behave:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;AGENTS.md
CLAUDE.md
.cursor/**
.github/copilot-instructions.md
.mcp.json
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;A PR that changes &lt;code&gt;.mcp.json&lt;/code&gt; is not just changing config. It may be changing which tools an agent can call.&lt;/p&gt;

&lt;p&gt;Agent Gate treats those files as an agent control plane and reports drift.&lt;/p&gt;

&lt;h3&gt;
  
  
  Missing test evidence
&lt;/h3&gt;

&lt;p&gt;Agent Gate can define high-risk paths:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight yaml"&gt;&lt;code&gt;&lt;span class="na"&gt;high_risk_paths&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="na"&gt;auth&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
    &lt;span class="na"&gt;paths&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
      &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;src/auth/**&lt;/span&gt;
    &lt;span class="na"&gt;require_tests&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
      &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;tests/auth/**&lt;/span&gt;
    &lt;span class="na"&gt;severity&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;error&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;If auth code changes but no matching auth test file changes, Agent Gate reports missing test evidence.&lt;/p&gt;

&lt;p&gt;This does not prove semantic test coverage. It only checks deterministic file-pattern evidence.&lt;/p&gt;

&lt;p&gt;That limitation is intentional.&lt;/p&gt;

&lt;h2&gt;
  
  
  What a report looks like
&lt;/h2&gt;

&lt;p&gt;One piece of early feedback was that the report should not start with a wall of rule IDs.&lt;/p&gt;

&lt;p&gt;It should answer the maintainer's first question:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;What should I do with this PR?&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;So the Markdown report now leads with a human decision.&lt;/p&gt;

&lt;p&gt;Example shape:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Agent Gate: NEEDS HUMAN DECISION

Why:
This PR changed `.github/workflows/release.yml` and added `secrets.*` usage.

Recommended next step:
Review the workflow change before merging.

Policy status:
Warning today; eligible to become a merge gate after tuning.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The detailed rule findings still appear underneath.&lt;/p&gt;

&lt;p&gt;The machine-readable JSON decision remains simple:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"decision"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"warn"&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The human-facing report can say &lt;code&gt;NEEDS HUMAN DECISION&lt;/code&gt;, while the machine-readable result stays &lt;code&gt;pass&lt;/code&gt;, &lt;code&gt;warn&lt;/code&gt;, or &lt;code&gt;block&lt;/code&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  The trust boundary
&lt;/h2&gt;

&lt;p&gt;Agent Gate is designed around a conservative trust boundary.&lt;/p&gt;

&lt;p&gt;At runtime, the GitHub Action:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;does not checkout PR code&lt;/li&gt;
&lt;li&gt;does not execute repository scripts&lt;/li&gt;
&lt;li&gt;does not call LLMs&lt;/li&gt;
&lt;li&gt;does not execute MCP servers&lt;/li&gt;
&lt;li&gt;does not load policy from the PR head branch&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;It reads PR metadata and changed-file contents through GitHub APIs.&lt;/p&gt;

&lt;p&gt;It loads &lt;code&gt;agent-gate.yml&lt;/code&gt; from the PR base branch, not from the untrusted PR branch.&lt;/p&gt;

&lt;p&gt;That matters because a PR should not be able to weaken its own policy.&lt;/p&gt;

&lt;h2&gt;
  
  
  Installing it
&lt;/h2&gt;

&lt;p&gt;Agent Gate is available on GitHub Marketplace:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://github.com/marketplace/actions/agent-gate-for-ai-prs" rel="noopener noreferrer"&gt;https://github.com/marketplace/actions/agent-gate-for-ai-prs&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;A minimal workflow looks like this:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight yaml"&gt;&lt;code&gt;&lt;span class="na"&gt;name&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;Agent Gate&lt;/span&gt;

&lt;span class="na"&gt;on&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="na"&gt;pull_request&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
    &lt;span class="na"&gt;types&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
      &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;opened&lt;/span&gt;
      &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;synchronize&lt;/span&gt;
      &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;reopened&lt;/span&gt;
      &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;edited&lt;/span&gt;
      &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;labeled&lt;/span&gt;
      &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;unlabeled&lt;/span&gt;
      &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;ready_for_review&lt;/span&gt;

&lt;span class="na"&gt;permissions&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="na"&gt;contents&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;read&lt;/span&gt;
  &lt;span class="na"&gt;pull-requests&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;read&lt;/span&gt;

&lt;span class="na"&gt;jobs&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="na"&gt;agent-gate&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
    &lt;span class="na"&gt;runs-on&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;ubuntu-latest&lt;/span&gt;
    &lt;span class="na"&gt;steps&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
      &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="na"&gt;uses&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;sjh9714/Agent-Gate@v0.1.2&lt;/span&gt;
        &lt;span class="na"&gt;with&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
          &lt;span class="na"&gt;github-token&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;${{ secrets.GITHUB_TOKEN }}&lt;/span&gt;
          &lt;span class="na"&gt;mode&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;warn&lt;/span&gt;
          &lt;span class="na"&gt;fail-on-block&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="kc"&gt;false&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;I recommend starting with:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight yaml"&gt;&lt;code&gt;&lt;span class="na"&gt;mode&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;warn&lt;/span&gt;
&lt;span class="na"&gt;fail-on-block&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="kc"&gt;false&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;That gives you an observe path.&lt;/p&gt;

&lt;p&gt;First learn what Agent Gate finds in your repository. Then promote only the policies that are useful and low-noise into merge gates.&lt;/p&gt;

&lt;p&gt;A small starting policy could be:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight yaml"&gt;&lt;code&gt;&lt;span class="na"&gt;version&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="m"&gt;1&lt;/span&gt;
&lt;span class="na"&gt;mode&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;warn&lt;/span&gt;

&lt;span class="na"&gt;contract&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="na"&gt;required_for&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
    &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;agent&lt;/span&gt;
  &lt;span class="na"&gt;allow_missing_in_observe_mode&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="kc"&gt;true&lt;/span&gt;

&lt;span class="na"&gt;agent_detection&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="na"&gt;labels&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
    &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;ai&lt;/span&gt;
    &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;agent&lt;/span&gt;
    &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;codex&lt;/span&gt;
  &lt;span class="na"&gt;branch_patterns&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
    &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="s"&gt;codex/**"&lt;/span&gt;
    &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="s"&gt;ai/**"&lt;/span&gt;

&lt;span class="na"&gt;high_risk_paths&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="na"&gt;workflows&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
    &lt;span class="na"&gt;paths&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
      &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="s"&gt;.github/workflows/**"&lt;/span&gt;
    &lt;span class="na"&gt;severity&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;error&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Local replay demo
&lt;/h2&gt;

&lt;p&gt;The repository includes an &lt;code&gt;unsafe-pr-zoo&lt;/code&gt; with deterministic fixtures.&lt;/p&gt;

&lt;p&gt;After cloning the repo and installing dependencies, you can run:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;pnpm &lt;span class="nb"&gt;install
&lt;/span&gt;pnpm &lt;span class="nt"&gt;--filter&lt;/span&gt; agent-gate build
node packages/cli/dist/main.js replay fixtures/unsafe-pr-zoo/workflow-permission-escalation
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Example output:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Agent Gate: BLOCKED

ERROR workflow/permission-escalation
contents permission increased from read to write.
Path: .github/workflows/release.yml

ERROR workflow/dangerous-pattern
.github/workflows/release.yml contains a dangerous GitHub Actions workflow pattern.
Path: .github/workflows/release.yml
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Other fixtures cover:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;agent control-plane drift&lt;/li&gt;
&lt;li&gt;out-of-scope agent edits&lt;/li&gt;
&lt;li&gt;missing test evidence&lt;/li&gt;
&lt;li&gt;MCP config drift&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  What Agent Gate is not
&lt;/h2&gt;

&lt;p&gt;Agent Gate is not a replacement for code review.&lt;/p&gt;

&lt;p&gt;It does not try to find every semantic bug.&lt;/p&gt;

&lt;p&gt;It does not know whether a function is logically correct.&lt;/p&gt;

&lt;p&gt;It does not prove that tests are sufficient.&lt;/p&gt;

&lt;p&gt;It does not replace a human reviewer, an LLM reviewer, or normal CI.&lt;/p&gt;

&lt;p&gt;It answers a narrower question:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Did this PR cross deterministic policy boundaries before merge?&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;That is the problem I want it to solve well.&lt;/p&gt;

&lt;h2&gt;
  
  
  Current limitations
&lt;/h2&gt;

&lt;p&gt;&lt;code&gt;v0.1.2&lt;/code&gt; is still a prerelease.&lt;/p&gt;

&lt;p&gt;Known limitations:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;APIs, rule names, reports, and config may change.&lt;/li&gt;
&lt;li&gt;CODEOWNERS and reviewer evidence are not implemented yet.&lt;/li&gt;
&lt;li&gt;Package and dependency drift rules are not implemented yet.&lt;/li&gt;
&lt;li&gt;GitHub Actions job-level permission escalation comparison is limited.&lt;/li&gt;
&lt;li&gt;Test evidence is file-pattern based and does not prove semantic coverage.&lt;/li&gt;
&lt;li&gt;PR comment upsert requires &lt;code&gt;issues: write&lt;/code&gt; and can warn on fork PRs with read-only tokens.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  What I want feedback on
&lt;/h2&gt;

&lt;p&gt;I am especially interested in feedback from people trying AI-generated PRs in real repositories.&lt;/p&gt;

&lt;p&gt;The main questions:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Which findings should block by default?&lt;/li&gt;
&lt;li&gt;Which findings should stay warning-only?&lt;/li&gt;
&lt;li&gt;What high-risk path patterns do you use?&lt;/li&gt;
&lt;li&gt;Would CODEOWNERS or reviewer evidence make this more useful?&lt;/li&gt;
&lt;li&gt;Should package script and dependency drift be part of the gate?&lt;/li&gt;
&lt;li&gt;What would make this too noisy to adopt?&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Feedback issue:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://github.com/sjh9714/Agent-Gate/issues/27" rel="noopener noreferrer"&gt;https://github.com/sjh9714/Agent-Gate/issues/27&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Repository:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://github.com/sjh9714/Agent-Gate" rel="noopener noreferrer"&gt;https://github.com/sjh9714/Agent-Gate&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Closing thought
&lt;/h2&gt;

&lt;p&gt;LLM reviewers are useful.&lt;/p&gt;

&lt;p&gt;But if AI-generated PRs become part of normal engineering workflows, teams will also need deterministic gates.&lt;/p&gt;

&lt;p&gt;Not every review question should be probabilistic.&lt;/p&gt;

&lt;p&gt;Some questions are simple:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Did this PR stay within scope?&lt;br&gt;&lt;br&gt;
Did workflow permissions escalate?&lt;br&gt;&lt;br&gt;
Did agent control-plane files change?&lt;br&gt;&lt;br&gt;
Is there matching test evidence?&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;That is the space Agent Gate is trying to explore.&lt;/p&gt;

&lt;p&gt;Use your LLM reviewer for judgment.&lt;/p&gt;

&lt;p&gt;Use Agent Gate for deterministic merge evidence.&lt;/p&gt;

&lt;p&gt;Disclosure: I used AI assistance to help draft and edit this article, and I reviewed the technical claims before publishing.&lt;/p&gt;

</description>
      <category>devtools</category>
      <category>security</category>
      <category>ai</category>
      <category>github</category>
    </item>
    <item>
      <title>Auditing GitHub CLI extensions before installing more</title>
      <dc:creator>JinHyuk Sung</dc:creator>
      <pubDate>Thu, 11 Jun 2026 09:50:21 +0000</pubDate>
      <link>https://dev.to/sjh9714/auditing-github-cli-extensions-before-installing-more-f2d</link>
      <guid>https://dev.to/sjh9714/auditing-github-cli-extensions-before-installing-more-f2d</guid>
      <description>&lt;p&gt;GitHub CLI extensions are useful, but extension discovery has a small practical problem: it is easy to find &lt;em&gt;more&lt;/em&gt; extensions before you understand whether your current setup already covers the workflows you care about.&lt;/p&gt;

&lt;p&gt;I built a small browser-only audit page for that problem:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://sjh9714.github.io/gh-extension-atlas/audit.html?demo=1" rel="noopener noreferrer"&gt;https://sjh9714.github.io/gh-extension-atlas/audit.html?demo=1&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;It opens with a sample result loaded. If you want to check your own setup, run:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;gh extension list
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Then paste the output into the page.&lt;/p&gt;

&lt;p&gt;The audit runs locally in the browser. There is no sign-in, no analytics script, and no remote audit API. The pasted extension list is not uploaded.&lt;/p&gt;

&lt;h2&gt;
  
  
  What the audit checks
&lt;/h2&gt;

&lt;p&gt;The page compares installed GitHub CLI extensions against the GitHub CLI Extension Atlas catalog:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://github.com/sjh9714/gh-extension-atlas" rel="noopener noreferrer"&gt;https://github.com/sjh9714/gh-extension-atlas&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;It shows:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;installed extensions that are already reviewed in the atlas&lt;/li&gt;
&lt;li&gt;installed extensions that are not listed yet&lt;/li&gt;
&lt;li&gt;missing Top Picks&lt;/li&gt;
&lt;li&gt;workflow coverage gaps&lt;/li&gt;
&lt;li&gt;copyable install commands for missing workflow recommendations&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The goal is not to install every recommended extension. The goal is to make the next install decision smaller and easier to review.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why not just use &lt;code&gt;gh extension search&lt;/code&gt;?
&lt;/h2&gt;

&lt;p&gt;&lt;code&gt;gh extension search&lt;/code&gt; is useful when you already know what you are looking for.&lt;/p&gt;

&lt;p&gt;It is less useful when the question is:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Which terminal dashboard should I try first?&lt;/li&gt;
&lt;li&gt;Do I need a notification tool if I already use a broader dashboard?&lt;/li&gt;
&lt;li&gt;Which extension is for GitHub Actions operations versus workflow statistics?&lt;/li&gt;
&lt;li&gt;Is this branch cleanup tool the right fit for my risk tolerance?&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Those are comparison questions, not search questions.&lt;/p&gt;

&lt;p&gt;The atlas tries to answer them with a reviewed catalog, Top Picks, comparison guides, and workflow recommendations.&lt;/p&gt;

&lt;h2&gt;
  
  
  A few examples
&lt;/h2&gt;

&lt;p&gt;For daily GitHub triage, the atlas points to &lt;code&gt;gh-dash&lt;/code&gt; first because it covers PRs, issues, and notifications in one terminal dashboard.&lt;/p&gt;

&lt;p&gt;For GitHub Actions, it separates different jobs:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;code&gt;gh-enhance&lt;/code&gt; for an interactive Actions TUI&lt;/li&gt;
&lt;li&gt;
&lt;code&gt;gh-workflow-stats&lt;/code&gt; for success rate and duration summaries&lt;/li&gt;
&lt;li&gt;
&lt;code&gt;gh-act&lt;/code&gt; for local workflow runs&lt;/li&gt;
&lt;li&gt;
&lt;code&gt;gh-actions-importer&lt;/code&gt; for migration work&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;For branch cleanup, it compares tools like &lt;code&gt;gh-poi&lt;/code&gt;, &lt;code&gt;gh-branch&lt;/code&gt;, &lt;code&gt;gh-clean-branches&lt;/code&gt;, &lt;code&gt;gh-tidy&lt;/code&gt;, and &lt;code&gt;gh-worktree&lt;/code&gt; because they sound related but solve different habits and risk profiles.&lt;/p&gt;

&lt;h2&gt;
  
  
  The data contract
&lt;/h2&gt;

&lt;p&gt;The catalog is also available as JSON:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://sjh9714.github.io/gh-extension-atlas/api/extensions.json" rel="noopener noreferrer"&gt;https://sjh9714.github.io/gh-extension-atlas/api/extensions.json&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Each entry includes fields such as:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;repository&lt;/li&gt;
&lt;li&gt;category&lt;/li&gt;
&lt;li&gt;install command&lt;/li&gt;
&lt;li&gt;best-fit use case&lt;/li&gt;
&lt;li&gt;avoid-if note&lt;/li&gt;
&lt;li&gt;license&lt;/li&gt;
&lt;li&gt;archived status&lt;/li&gt;
&lt;li&gt;maintenance status&lt;/li&gt;
&lt;li&gt;verification date&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;That makes it usable by scripts, documentation tools, or coding agents that need current extension metadata instead of stale memory.&lt;/p&gt;

&lt;h2&gt;
  
  
  What feedback would help
&lt;/h2&gt;

&lt;p&gt;I am mainly looking for factual corrections and missing-extension suggestions:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;inaccurate descriptions&lt;/li&gt;
&lt;li&gt;wrong categories&lt;/li&gt;
&lt;li&gt;misleading maintenance labels&lt;/li&gt;
&lt;li&gt;better comparisons between overlapping tools&lt;/li&gt;
&lt;li&gt;useful GitHub CLI extensions that are missing from the catalog&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;If you maintain a GitHub CLI extension and the atlas describes it poorly, a short correction is enough.&lt;/p&gt;

&lt;p&gt;Note: I used AI assistance while organizing the launch plan and editing this post, but the project metadata, examples, and claims were reviewed before publishing.&lt;/p&gt;

</description>
      <category>terminal</category>
      <category>github</category>
      <category>cli</category>
      <category>opensource</category>
    </item>
  </channel>
</rss>
