AI Agent for GitHub: Automated Issues, PR Reviews, and Release Notes

Why Build AI Agents for GitHub

GitHub is the center of the development workflow. An AI agent integrated with GitHub can triage incoming issues, review pull request diffs, suggest code improvements, auto-label PRs, generate release notes from commit history, and enforce coding standards — reducing toil for engineering teams and accelerating the review cycle.

The combination of GitHub's REST and GraphQL APIs with webhook events gives your agent real-time awareness of repository activity and the ability to take automated actions.

Setting Up GitHub API Access

Use a GitHub App or a fine-grained personal access token. GitHub Apps are preferred for production because they have granular permissions and higher rate limits.

import httpx
import hashlib
import hmac

class GitHubClient:
    def __init__(self, token: str):
        self.http = httpx.AsyncClient(
            base_url="https://api.github.com",
            headers={
                "Authorization": f"Bearer {token}",
                "Accept": "application/vnd.github+json",
                "X-GitHub-Api-Version": "2022-11-28",
            },
            timeout=30.0,
        )

    async def create_issue_comment(
        self, owner: str, repo: str, issue_number: int, body: str
    ):
        response = await self.http.post(
            f"/repos/{owner}/{repo}/issues/{issue_number}/comments",
            json={"body": body},
        )
        response.raise_for_status()
        return response.json()

    async def get_pull_request_diff(
        self, owner: str, repo: str, pr_number: int
    ) -> str:
        response = await self.http.get(
            f"/repos/{owner}/{repo}/pulls/{pr_number}",
            headers={"Accept": "application/vnd.github.diff"},
        )
        response.raise_for_status()
        return response.text

    async def add_labels(
        self, owner: str, repo: str, issue_number: int, labels: list[str]
    ):
        response = await self.http.post(
            f"/repos/{owner}/{repo}/issues/{issue_number}/labels",
            json={"labels": labels},
        )
        response.raise_for_status()

Webhook Event Processing

Set up a webhook endpoint that receives GitHub events and routes them to the appropriate agent handler.

from fastapi import FastAPI, Request, HTTPException

app = FastAPI()
WEBHOOK_SECRET = "your-webhook-secret"

def verify_github_signature(payload: bytes, signature: str) -> bool:
    expected = "sha256=" + hmac.new(
        WEBHOOK_SECRET.encode(), payload, hashlib.sha256
    ).hexdigest()
    return hmac.compare_digest(expected, signature)

@app.post("/github/webhook")
async def handle_github_webhook(request: Request):
    body = await request.body()
    signature = request.headers.get("X-Hub-Signature-256", "")

    if not verify_github_signature(body, signature):
        raise HTTPException(status_code=401, detail="Invalid signature")

    event_type = request.headers.get("X-GitHub-Event")
    payload = await request.json()

    handlers = {
        "issues": handle_issue_event,
        "pull_request": handle_pr_event,
        "release": handle_release_event,
    }

    handler = handlers.get(event_type)
    if handler:
        await handler(payload)

    return {"status": "ok"}

Automated Issue Triage

When a new issue is opened, the agent analyzes the title and body, assigns labels, estimates complexity, and optionally suggests an assignee.

async def handle_issue_event(payload: dict):
    if payload["action"] != "opened":
        return

    issue = payload["issue"]
    owner = payload["repository"]["owner"]["login"]
    repo = payload["repository"]["name"]

    analysis = await agent.run(
        prompt=(
            f"Analyze this GitHub issue and provide:\n"
            f"1. Labels (from: bug, feature, docs, question, enhancement)\n"
            f"2. Priority (P0-P3)\n"
            f"3. A brief acknowledgment comment\n\n"
            f"Title: {issue['title']}\n"
            f"Body: {issue['body'] or 'No description provided'}"
        )
    )

    github = GitHubClient(token=GITHUB_TOKEN)

    # Apply labels
    await github.add_labels(
        owner, repo, issue["number"], analysis.labels
    )

    # Post triage comment
    comment = (
        f"Thanks for opening this issue!\n\n"
        f"**AI Triage Summary:**\n"
        f"- **Priority:** {analysis.priority}\n"
        f"- **Category:** {', '.join(analysis.labels)}\n\n"
        f"{analysis.comment}"
    )
    await github.create_issue_comment(
        owner, repo, issue["number"], comment
    )

Pull Request Code Review

The agent reads the PR diff, identifies potential issues, and posts a structured review comment.

async def handle_pr_event(payload: dict):
    if payload["action"] != "opened":
        return

    pr = payload["pull_request"]
    owner = payload["repository"]["owner"]["login"]
    repo = payload["repository"]["name"]

    github = GitHubClient(token=GITHUB_TOKEN)
    diff = await github.get_pull_request_diff(owner, repo, pr["number"])

    review = await agent.run(
        prompt=(
            f"Review this pull request diff. Check for:\n"
            f"- Bugs or logic errors\n"
            f"- Security vulnerabilities\n"
            f"- Performance concerns\n"
            f"- Missing error handling\n"
            f"- Code style issues\n\n"
            f"PR Title: {pr['title']}\n"
            f"PR Description: {pr['body'] or 'None'}\n\n"
            f"Diff:\n{diff[:12000]}"  # Truncate large diffs
        )
    )

    # Post as a PR review
    await github.http.post(
        f"/repos/{owner}/{repo}/pulls/{pr['number']}/reviews",
        json={
            "body": review.summary,
            "event": "COMMENT",  # APPROVE, REQUEST_CHANGES, or COMMENT
        },
    )

Automated Release Notes

Generate structured release notes from commits between two tags.

async def generate_release_notes(
    github: GitHubClient,
    owner: str,
    repo: str,
    tag_name: str,
    previous_tag: str,
) -> str:
    # Get commits between tags
    response = await github.http.get(
        f"/repos/{owner}/{repo}/compare/{previous_tag}...{tag_name}"
    )
    comparison = response.json()

    commits = [
        f"- {c['commit']['message'].split(chr(10))[0]}"
        for c in comparison["commits"]
    ]
    commit_log = "\n".join(commits)

    notes = await agent.run(
        prompt=(
            f"Generate release notes from these commits. Group by:\n"
            f"- Features, Bug Fixes, Improvements, Breaking Changes\n"
            f"Use markdown formatting.\n\n"
            f"Commits:\n{commit_log}"
        )
    )

    return notes.content

FAQ

How do I handle large pull request diffs that exceed the LLM context window?

Split the diff by file and process each file separately, then aggregate the results. Prioritize reviewing files that changed the most lines or that are in critical paths (authentication, payment, database migration files). You can also use the GitHub API to fetch individual file patches instead of the entire diff.

What permissions does the GitHub App need for an AI review agent?

At minimum: issues:write for labeling and commenting, pull_requests:write for posting reviews, contents:read for accessing diffs and commits, and metadata:read. For release note automation, add contents:write to create releases.

How do I avoid the agent responding to its own comments in an infinite loop?

Check the sender field in the webhook payload. If payload["sender"]["login"] matches your GitHub App's bot username (typically your-app-name[bot]), skip processing. Also set "active": true with specific event filters on the webhook to reduce unnecessary deliveries.

---

#GitHub #GitHubAPI #CodeReview #DevOps #AIAgents #AgenticAI #LearnAI #AIEngineering