Triage pull requests before humans review them
Stand up a **PR triage agent** — classify risk, flag missing tests or docs, and surface security-sensitive diffs — so reviewers open the scary merges first — optional **GitHub MCP** ([Add an MCP server](/tutorials/add-an-mcp-server)) for read-only metadata; paste mode still works when you cannot wire tools yet.
Plus: three Admin-Agent passes — draft review rubric from CONTRIBUTING alone, simulate merge-queue priority list from pasted titles, and separate **security PR** bypass path so bots never rubber-stamp secrets.
| Audience | Developers · Admins |
|---|---|
| Time | ~12 min |
| Prerequisites | Comfortable building agents ([Create an agent from scratch](/tutorials/create-an-agent-from-scratch), [Give your agent its job description](/tutorials/give-your-agent-its-job-description)). Coding standards or review checklist in a **context file** ([Add your first context file](/tutorials/add-your-first-context-file)). Helpful: GitHub MCP read access ([Add an MCP server](/tutorials/add-an-mcp-server), [Define a tool policy](/tutorials/define-a-tool-policy)). Sibling pattern: bug-intake agents ([Build your bug-report triage agents](/tutorials/build-your-bug-report-triage-agents)). |
| You'll end up with | One **PR Triage** agent — explicit output shape (**Risk**, **Owner hint**, **Blockers**, and **Suggested first diff files**) — tested on a real recent PR summary you paste. |
When a tutorial shows italic text in quotation marks, it usually mirrors a label or helper string inside Auxot. Product copy changes between releases — if something reads differently in your workspace, trust what you see on screen.
Callouts with a Worth knowing gold accent are meant as must-read context before you move on. Blockquotes that open with Tip are lighter, optional depth.
Why this matters
Review bandwidth is finite; default FIFO treats a typo fix like a auth-layer rewrite. A screening step (machine-assisted, human-owned) ranks what deserves senior eyes first and catches checklist gaps before someone reads three thousand lines cold.
This is not autonomous merge. It is triage: sort, warn, and route: humans still approve (Require human approval before risky actions when bots touch prod deploy tools: here keep tools read-only).
Bug pipelines already split intake across multiple agents (Build your bug-report triage agents). Pull requests are the same shape with different artifacts: diff narrative, tests present or missing, and scope-of-change language.
Nothing prioritizes on its own — you define rubric, you forbid merges without humans, you carve security escalations.
Quick start
- Freeze inputs — link CONTRIBUTING.md, definition of done, and security notes: into context files (Add your first context file).
- Create PR Triage — Admin Agent or Settings → Agents: job description demands: output Risk (low/med/high), Why, Missing, Suggested reviewers/skills, and Files worth reading first: refuse when paste lacks minimal context (title + summary + file list minimum).
- Choose mode:
- Paste mode: copy PR description + file list + optional diff stat from GitHub UI: lowest wiring.
- Tool mode: attach GitHub MCP read-only on a narrow tool policy (Add an MCP server, Define a tool policy): agent fetches metadata because you prompted after selecting it.
- Dry-run three PRs — one trivial, one nasty, and one security-flavored: tune verbosity until signal beats noise.
- Publish ritual — reviewers skim PR Triage comment before deep dive, or Slack snippet (Connect Slack to your agents): habit beats heroics.
Done? PR Triage lives in picker: team agrees high always pairs with human seniority: no silent downgrade.
The agent can do that?
1. Rubric from CONTRIBUTING
Chat → Admin Agent:
Paste CONTRIBUTING excerpt: […]. Produce PR Triage scoring rubric — <=12 bullets — include when to auto-flag **high** — markdown — no tool names required.
Why it’s non-obvious: Teams inherit rubrics nobody reads: forcing bullets onto agents surfaces gaps before GitHub wiring.
2. Queue ordering simulation
PR titles + one-line summaries pasted: […]. Sort review order with rationale — tie-breaker = risk to users — table — still human-final.
Why it’s non-obvious: Ordering fights erupt in standup: neutral pass gives vocabulary after you paste list.
3. Security carve-out
Rewrite PR Triage instructions: if diff touches auth/crypto/secrets paths → label SECURITY_ESCALATION — skip automated merge suggestions entirely — four sentences.
Why it’s non-obvious: Generic triage agents green-light scary patches: explicit bypass protects trust (Red-team your agents against prompt injection) mindset.
Go deeper
MCP validation
Treat GitHub MCP like any production connector: validate in staging (Try a new tool before your agents depend on it): tokens deserve secrets discipline (Manage your Credentials).
Workflow hook
Batch-screen opened PRs nightly via workflow + intake (Run a workflow, Trigger a workflow with an intake webhook): only after paste mode trusted.
Telemetry
Large completions show in Jobs: watch token burn on giant diffs (Stay ahead of agent usage and cost, View your audit logs).
Design docs
Same agent instructions read RFC markdown pasted, sibling artifact to code PRs: keep scope explicit in job description.
Walkthrough
Step 1: Capture baseline PR
Export title, body, and file list from GitHub: redact customer names if needed.
Step 2: Run paste-mode screen
Record output: mark false positives.
Step 3: Tighten instructions
Add forbidden phrases (LGTM, approve): screening only.
Step 4: Optional MCP
Enable read tools: rerun same PR: compare fidelity.
Step 5: Document escalation
SECURITY_ESCALATION path names channel + role: post in team wiki.
What’s next
- → Build your bug-report triage agents. Same triage muscle, different inbound artifact.
- → Turn incident lessons into updated runbooks. Promote durable fixes from scary merges into instructions humans actually follow next week.
- → Add an MCP server. GitHub metadata without paste gymnastics: keep policies narrow.
- → Define a tool policy. Read-only tool policies for triage agents: writers stay elsewhere.
- → Require human approval before risky actions. If triage agents graduate toward merge bots: pause.
- → Connect Slack to your agents. Broadcast high screens where reviewers actually look.
Reference
- Manual: MCP servers
- Pages in Auxot: Chat, Settings → Agents, Settings → Tool Connector Keys
- See also: Run scheduled canary checks on production agents, Turn incident lessons into updated runbooks, Add your first context file, Create an agent from scratch, Chain steps so agents hand off cleanly