PR Review
PR Review is AISafe's automated security review for pull requests. When enabled on a Project, each PR against the project's repository gets an automated security audit. The agent analyzes the changed paths and posts inline comments with fix suggestions on the PR.
How it works
- A pull request opens or updates on the connected GitHub or GitLab repository.
- AISafe detects the pull request, identifies the project, and creates a PR review.
- The AI agent fetches the diff, extracts the changed files, and runs a focused security analysis on those paths, leveraging the project's living knowledge base for context.
- The agent posts a review on the PR with inline comments on specific lines, including severity ratings and suggested fixes.
Why it's not an assessment
PR review is a project-level continuous capability, not an Assessment. It produces inline PR comments. This keeps the feedback loop tight: developers get security feedback in their existing code review workflow without switching tools.
Setup
To enable PR review:
- Create a Project bound to your repository.
- Ensure the GitHub App or GitLab integration has PR webhook permissions.
- Enable PR review on the project.
See Guide: Set up PR review for a step-by-step walkthrough.
Delivery log
Each VCS-backed project includes a webhook delivery log on the Source tab. Use it to diagnose why a push or pull request did not trigger a review or source sync. Delivery rows show the repository, commit, event type, status, and a readable ignored reason such as an unbound project, branch filter mismatch, or disabled PR review.
The same log is available through the API:
GET /api/v1/projects/{id}/webhook-deliverieslists deliveries for a project's bound repository.GET /api/v1/integrations/vcs/connections/{connection_id}/webhook-deliverieslists deliveries for a VCS connection, including deliveries that did not match any project.
Credit consumption
PR reviews consume credits per review. Credit spend is idempotent: if a webhook storm triggers duplicate reviews for the same PR, AISafe records one debit.