AGENT_PR_GATE
AI agent-authored pull requests must pass a gating workflow and require human review before merging. Agents can propose changes but never self-merge.
Framework Mappings
OWASP Agentic ASI02 — Tool Misuse and ExploitationOWASP Agentic ASI03 — Identity & Privilege AbuseOWASP Agentic ASI09 — Human-Agent Trust Exploitation
Agent Frameworks Scanned
Claude CodeLangChainCrewAIAutoGenCustom
Evaluation Facets
01
Gate Workflow Exists
RequiredWeight: 0.4
Pass:Workflow file exists with agent detection and gating policy
Fail:No agent-pr-gate workflow found
02
Gate Is Required Check
RequiredWeight: 0.35
Pass:agent-pr-gate job is listed as required status check
Fail:Check not required or branch protection not configured
03
Dismiss Stale Reviews
Weight: 0.25
Pass:dismissStaleReviews enabled on branch protection
Fail:Stale review dismissal not configured
Remediation Steps
- 1Add a CI workflow that detects agent-authored PRs and enforces gating policies
- 2Configure the workflow as a required status check on branch protection
- 3Enable dismiss stale reviews to prevent stale approvals on updated PRs
Evaluate this control automatically
Connect your repos and Brigs evaluates AGENT_PR_GATE across all your agent configurations.
Get Started — Free