Skip to main content
agent-guardian comment posts one AgentGuardian summary comment on the current pull / merge request and keeps it current on every push. The same renderer drives all three code hosts, so the body reads identically whether you are on GitHub, GitLab, or Bitbucket — only the REST call underneath differs.

How the sticky behaviour works

The comment body always starts with a hidden HTML marker on its first line:
On every run the poster:
  1. Lists the PR/MR comments via the host’s REST API.
  2. Finds the first comment whose body contains the marker.
  3. Edits that comment in place (PATCH on GitHub, PUT on GitLab/Bitbucket) with the new body — or creates a fresh comment if none is found.
Push ten times and you still have exactly one always-current AgentGuardian comment, never a wall of ten. The marker string is a stable contract: it must not change once shipped, because an existing comment is matched by substring.

Running it

--platform is github | gitlab | bitbucket. The verdict embedded in the comment reuses the same --fail-under / --max-critical / --max-high / --max-medium / --max-low thresholds as the scan gate, so the comment’s PASSED / FAILED always matches the pipeline’s exit code. Each platform reads its PR/MR context and credentials from the standard CI environment — see the per-host pages for the exact variable list: Pass --dry-run to render the body to stdout without posting it — useful for a local preview or a fork PR where the token lacks write scope.

A rendered comment

A clean scan renders ### Gate: PASSED and a _No findings — this scan came back clean._ line in place of the table.

What’s in the body

  • Headline — the scan id, AIVSS / band, finding count, cost, and wall-clock. A non-authoritative scan (stub model or non-full mode) renders AIVSS n/a (not evaluated) rather than quoting a misleading number.
  • VerdictPASSED, or FAILED with one bullet per failing gate condition (the floor and each exceeded --max-* ceiling).
  • Top findings — the highest-severity findings (default top 5), severity-ranked. All finding-supplied strings are HTML-escaped and run through the same PII / credential redactor as the standalone Markdown report.

Advisory, never gate-changing

The comment is advisory. If it cannot post — a fork PR whose token lacks write scope, a transient API error — the failure is logged and the job continues. The comment never changes the scan’s pass/fail outcome; the gate’s exit code is the single source of truth for whether the merge is blocked.

Next step

Security gates

The --fail-under / --max-* thresholds the verdict mirrors.

GitHub Actions

The sticky comment wired into a PR workflow.

GitLab CI

The same comment as a sticky MR note.

Bitbucket

The comment alongside a Code Insights report.