INFINIVIEW/
DocsOperateGitHub automation

GitHub automation

PR scans obey repo access and operator intent. These rules describe exactly when Infiniview triggers, debounces, or skips.

Events that can trigger

Infiniview listens for opened, synchronize, and ready_for_review pull request events. Draft PRs are skipped until they’re marked ready for review. Comment commands are read from issue_comment events on PRs.

POST /api/github/webhook   # GitHub-signed webhook receiver
Note
The webhook receiver verifies the X-Hub-Signature-256 HMAC signature and rejects unsigned requests. Deliveries are idempotent by X-GitHub-Delivery and considered stale after 15 minutes.

Auto-review scope

Settings can limit automation to specific repositories. Leaving the repo list empty means the installation can run with default settings against any installed repo.

Note
Settings > Repositories controls the auto-review allowlist. The list is per-installation, so different orgs see different scopes.

Own PRs only

When enabled, Infiniview compares the pull request author to your connected GitHub username and skips PRs by other authors. Useful for solo developers who only want to review their own work.

Push debounce

synchronize events that land inside the configured debounce window are coalesced, so a burst of commits doesn’t start redundant scans. The window applies per PR. Defaults: debounce off, 10-minute window when enabled. The window can be set to any value between 1 and 120 minutes.

Ignored PRs

@infiniview ignore stores an installation-level skip for that repo and pull request number. Future synchronize events on that PR will not trigger auto-review until the suppression is cleared.

Trusted commands

These commands only run for owners, members, or collaborators on the repository, or users with write, maintain, or admin permission. Comments from anyone else are ignored.

CommandEffect
@infiniview reviewStarts a trusted manual PR scan.
@infiniview ignoreSkips future auto-reviews for that repo + PR number.
@infiniview helpReplies with the current command list.

Merge-blocking check

After every scan, Infiniview posts a check run on the PR. The check fails when the run produces any critical or high finding, blocking merge. medium, low, and info findings are reported but non-blocking.

Unsupported apps

Infiniview currently supports browser-based web applications. If the repository can’t be served as one, the scan stops in a blocked state with an Unsupported App message — the PR check completes neutrally instead of returning a misleading pass. Coverage gaps from skipped runtime testing are tracked in Trust & readiness.

PreviousScan workflowNext Configuration
Edit on GitHub