Analysis updated 2026-05-18
Automatically flag risky pull requests before a maintainer does a manual review.
Block merges above a chosen risk threshold using a GitHub Actions workflow.
Scan a diff file locally from the command line to check for secrets or missing tests.
| p-r-e-m-i-u-m/ai-maintainer-os | 0xradioac7iv/tempfs | abboskhonov/hermium | |
|---|---|---|---|
| Stars | 0 | 0 | 0 |
| Language | TypeScript | TypeScript | TypeScript |
| Setup difficulty | easy | moderate | moderate |
| Complexity | 3/5 | 3/5 | 4/5 |
| Audience | developer | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Adding the GitHub Action requires a workflow YAML file, CLI mode needs npm install and a build step.
AI Maintainer OS is a GitHub Action and command line tool that reviews pull requests for risk, with a particular focus on code that may have been written by AI coding assistants. The idea behind it is that AI generated code can be produced quickly, but the maintainer who merges it still carries the responsibility for what ships, so this tool gives maintainers a structured first look before they start a manual review. When a pull request opens or updates, the tool scans the diff and produces a risk score from 0 to 100, along with a readable report explaining what triggered each flag. It checks for things such as secret like values accidentally added to code, edits to GitHub Actions workflow files which can introduce supply chain risk, changes to dependency manifest files, source code changes that lack matching test updates, unusually large pull requests that are hard to review, thin pull request descriptions that do not explain intent or how the change was verified, and suspicious dependency versions such as pinning to latest instead of a fixed version. The scoring itself is deterministic rather than based on a language model, and the project states plainly that it does not send code or prompts to any third party service. The stated design goal is to keep maintainer judgment in control: the tool surfaces evidence and flags concerns, it does not make merge decisions on its own, though a repository can be configured to block merging once the risk score crosses a chosen threshold. Getting started involves adding a workflow file to a repository's GitHub Actions setup, with a small number of configuration options such as which risk level should fail the check and whether the tool should leave a comment on the pull request. There is also a command line mode for running a scan locally against a diff file, useful for testing before wiring up the full GitHub Action. The project is written in TypeScript and is released under the MIT license. Future plans mentioned in the README include SARIF output for GitHub's code scanning feature and optional AI-assisted review summaries with local redaction.
A GitHub Action and CLI that scans pull requests for risk signals like secrets, workflow edits, and missing tests, producing a deterministic risk score for maintainers.
Mainly TypeScript. The stack also includes TypeScript, GitHub Actions, Node.js.
Setup difficulty is rated easy, with roughly 30min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.