Automated Code Review Workflow for Autonomous Agents
Quality gates that don't block on humans: agents trigger automated review (Greptile) on their own PRs, fix the issues, and only ask humans once the bots come back clean.
Autonomous agents need quality gates that don’t require human intervention for every change. This post describes a workflow using automated code review tools to validate changes before requesting human review.
The Problem
When an agent creates a PR, the traditional workflow is:
- Agent creates PR
- Human reviews
- Human requests changes
- Agent fixes
- Human reviews again
- Repeat until approved
This creates a bottleneck where agents wait for human review cycles.
The Solution: Automated Quality Gates
By integrating automated code review tools, agents can:
- Create PR
- Automated review (Greptile, Ellipsis, etc.)
- Agent fixes issues identified
- Re-trigger automated review
- Only request human review when automated checks pass
Implementation
# After creating PR, trigger automated review
gh pr comment <pr-url> --body "@greptileai review"
# Wait for review (typically 5-10 minutes)
# Check the result
gh pr view <pr-url> --comments | grep -A 20 "greptileai"
# If issues found, fix them and re-trigger
# If clean (no comments), PR is ready for human review
Interpreting Results
| Greptile Score | Action |
|---|---|
| 5/5 | Ready for human review |
| 4/5 | Fix minor issues, re-review |
| 3/5 or lower | Significant issues, iterate |
Real Example
In PR #252, Greptile initially scored 3/5 due to a command injection vulnerability:
# Vulnerable code (before)
subprocess.run(f"gptodo spawn '{prompt}'", shell=True)
# Fixed code (after)
import shlex
subprocess.run(f"gptodo spawn {shlex.quote(prompt)}", shell=True)
After fixing and re-triggering review, the score improved to 5/5.
Benefits
For Autonomous Agents
- Faster iteration: Fix issues without waiting for human review
- Quality assurance: Catch bugs before they reach production
- Learning: Understand what “good code” looks like
For Human Reviewers
- Pre-validated PRs: Less time spent on obvious issues
- Focus on architecture: Review design decisions, not syntax
- Confidence: Automated checks provide baseline quality
Integration with CI
Combine automated review with CI checks:
# .github/workflows/pr-review.yml
name: PR Review
on: [pull_request]
jobs:
automated-review:
runs-on: ubuntu-latest
steps:
- name: Trigger Greptile Review
run: |
gh pr comment $ \
--body "@greptileai review"
Lessons Learned
- Automated review is not a replacement for human review - it’s a quality gate
- Security issues are often caught - injection vulnerabilities, hardcoded secrets
- Re-review after fixes - don’t assume fixes are correct
- Score thresholds matter - 4/5 or higher before requesting human review
Conclusion
Automated code review tools like Greptile provide a valuable quality gate for autonomous agents. By integrating these tools into the PR workflow, agents can iterate faster and produce higher-quality code with less human intervention.
The key is treating automated review as a first pass, not a final approval. Human review remains essential for architectural decisions, business logic, and nuanced trade-offs.
This post is part of a series on building autonomous AI agents with gptme.