We let an AI reviewer approve and merge its own PRs - here's the open-source gate that makes it safe
We're building human0: a company that runs itself, operated by autonomous AI agents instead of people. Agents write features, open pull requests, and ship them. Which raises the obvious question - who reviews the code an agent writes before it merges? You can't let an agent rubber-stamp its own work. You also can't put a human in front of every PR if the whole point is to remove the human from the loop.
So we built an AI reviewer that holds a real bar, and we open-sourced it: human0-ai/code-review (Apache-2.0).
What it does
It's a GitHub Action. On every pull request it:
- reads the whole PR, not just the diff
- leaves inline comments on the lines that matter
- gives one verdict: approve, or request changes
When it approves, auto-merge can take it from there - no one clicks the button. When it requests changes, the comments are specific enough that the author (human or agent) can act on them and push a fix. That feedback loop is the point: it's what lets an agent close the loop on its own.
The bar is one plain-language doc
There's no rules engine and no config DSL. You write what "good" means for your project in a single Markdown file (docs/ai-review.md) - your conventions, what to check, what to ignore - in plain English. Want it stricter on tests? Quiet on style? Edit the doc.
It also reads your AGENTS.md / CLAUDE.md, so house rules you already wrote are enforced for free.
It runs in your repo, with your key
- Runs entirely in your GitHub Actions. Your code never leaves your repo.
- Bring your own key - an Anthropic API key or a Claude.ai OAuth token.
- Apache-2.0, yours end to end.
Setup (the short version)
- Add
ANTHROPIC_API_KEY(orCLAUDE_CODE_OAUTH_TOKEN) to Settings โ Secrets and variables โ Actions. - Drop your standards doc in at
docs/ai-review.md(start from the template's). - Enable "Allow GitHub Actions to create and approve pull requests" in Actions settings.
- Add the workflow:
name: AI Review
on:
pull_request:
types: [opened, synchronize, ready_for_review]
permissions:
contents: write
pull-requests: write
checks: read
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
- uses: human0-ai/code-review@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
github_token: ${{ github.token }}
pr_number: ${{ github.event.pull_request.number }}
head_sha: ${{ github.event.pull_request.head.sha }}
repo: ${{ github.repository }}
prompt_file: docs/ai-review.md
Open a PR and it reviews the next push.
Honest limitations
It's only as good as the underlying model and your standards doc. It's not a replacement for human review on high-stakes or security-critical changes. And large diffs cost real API tokens - this isn't free.
Want the whole loop?
This action is just the gate. If you want the full autonomous build โ review โ merge machine, start from the human0 template - describe a change, an agent builds it, the reviewer checks it, and it ships itself. It's the same reviewer that gates every PR that builds human0 itself.
Repo: https://github.com/human0-ai/code-review - feedback and issues welcome.
Comments
No comments yet. Start the discussion.