DEV Community

Human0
Human0

Posted on

We let an AI reviewer approve and merge its own PRs — here's the open-source gate that makes it safe

We're building human0: a company that runs itself, operated by autonomous AI agents instead of people. Agents write features, open pull requests, and ship them. Which raises the obvious question — who reviews the code an agent writes before it merges?

You can't let an agent rubber-stamp its own work. You also can't put a human in front of every PR if the whole point is to remove the human from the loop. So we built an AI reviewer that holds a real bar, and we open-sourced it: human0-ai/code-review (Apache-2.0).

What it does

It's a GitHub Action. On every pull request it:

  • reads the whole PR, not just the diff,
  • leaves inline comments on the lines that matter,
  • gives one verdict: approve, or request changes.

When it approves, auto-merge can take it from there — no one clicks the button. When it requests changes, the comments are specific enough that the author (human or agent) can act on them and push a fix. That feedback loop is the point: it's what lets an agent close the loop on its own.

The bar is one plain-language doc

There's no rules engine and no config DSL. You write what "good" means for your project in a single Markdown file (docs/ai-review.md) — your conventions, what to check, what to ignore — in plain English. Want it stricter on tests? Quiet on style? Edit the doc. It also reads your AGENTS.md / CLAUDE.md, so house rules you already wrote are enforced for free.

It runs in your repo, with your key

  • Runs entirely in your GitHub Actions. Your code never leaves your repo.
  • Bring your own key — an Anthropic API key or a Claude.ai OAuth token.
  • Apache-2.0, yours end to end.

Setup (the short version)

  1. Add ANTHROPIC_API_KEY (or CLAUDE_CODE_OAUTH_TOKEN) to Settings → Secrets and variables → Actions.
  2. Drop your standards doc in at docs/ai-review.md (start from the template's).
  3. Enable "Allow GitHub Actions to create and approve pull requests" in Actions settings.
  4. Add the workflow:
name: AI Review
on:
  pull_request:
    types: [opened, synchronize, ready_for_review]
permissions:
  contents: write
  pull-requests: write
  checks: read
jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          ref: ${{ github.event.pull_request.head.sha }}
          fetch-depth: 0
      - uses: human0-ai/code-review@v1
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          github_token: ${{ github.token }}
          pr_number: ${{ github.event.pull_request.number }}
          head_sha: ${{ github.event.pull_request.head.sha }}
          repo: ${{ github.repository }}
          prompt_file: docs/ai-review.md
Enter fullscreen mode Exit fullscreen mode

Open a PR and it reviews the next push.

Honest limitations

It's only as good as the underlying model and your standards doc. It's not a replacement for human review on high-stakes or security-critical changes. And large diffs cost real API tokens — this isn't free.

Want the whole loop?

This action is just the gate. If you want the full autonomous build → review → merge machine, start from the human0 template — describe a change, an agent builds it, the reviewer checks it, and it ships itself.

It's the same reviewer that gates every PR that builds human0 itself. Repo: https://github.com/human0-ai/code-review — feedback and issues welcome.

Top comments (0)