I built a GitHub Action that analyzes pull requests automatically and posts structured comments.
What it does
- Risk assessment (low/medium/high) based on file patterns and diff analysis
- Maps evidence to specific line numbers in the diff
- Detects security patterns: CVEs, broad exception handling, TLS misconfigurations
- Posts comment automatically on every PR
Example comment it leaves on a PR
🟢 Risk: LOW
What: mypy upgraded from 1.3 to 1.5.1 in pyproject.toml
Why: Address bugs in mypy 1.5.1Evidence:
- pyproject.toml:L117 — mypy==1.5.1
Install (~2 minutes)
Just add the workflow file and two secrets to your repo. Full instructions in the README.
Repo: https://github.com/mordecaiusm922-create/devmind
Still alpha. Looking for feedback on what's useful and what's noise.
Top comments (0)