AI change control for GitHub pull requests

What “change control” means at the merge boundary

The Control Board: your PR control plane

Critique v4 merges operator surfaces into /dashboard/control. Tabs cover Gate (Agent Firewall / Checkpoint), unified Policy (gate + review + merge slices), Findings Memory, Delivery health, and Incident learnings — not separate sidebar products.

• Gate: block or warn before the review swarm spends on slop PRs
• Policy: one model for installation defaults and per-repo overrides
• Memory: suppressions and feedback with audit trail — no silent drops
• Delivery: webhook auth, pipeline readiness, replay failed deliveries
• Passports: queue and timeline for per-PR merge-boundary records
• Learnings: promote incidents into policy drafts from the board

Three enforcement phases on every PR

Comment-only review vs change control

Six-step rollout playbook

1. Step 1

   Map your merge boundary

   List every check that runs before merge today: CI, security scanners, CODEOWNERS, and any AI review bot. Note which checks enforce policy vs only comment. Critique v4 targets the gap between “green CI” and “allowed to ship.”

2. Step 2

   Enable gate in dry-run

   Install Critique and run Checkpoint / Agent Firewall in dry-run on one repo. Observe which PRs would warn or block without stopping contributors. Tune contributor trust, PR shape, and file-risk rules before spending review credits.

3. Step 3

   Stand up the Control Board

   Configure unified policy (gate + review + merge slices), delivery webhooks, and findings memory from /dashboard/control. Operators should not maintain three separate policy surfaces.

4. Step 4

   Shadow review on representative PRs

   Run multi-model review on 10–20 recent PRs including agent-authored ones. Score findings against ground truth and verify each blocking claim cites an evidence ID in the passport.

5. Step 5

   Promote gate to warn, then block

   Move from dry-run to warn on low-trust PR shapes, then block where policy requires. Keep GitHub branch protection on Critique / Checkpoint for stability.

6. Step 6

   Require merge policy with proof

   After evidence exists, enforce merge rules (owners, risk band, remedy proof) via Critique / Merge Policy. Treat the Change Passport as the audit record, not scattered check-run logs.

Frequently asked questions

What is AI change control?

AI change control is governance at the merge boundary: deciding whether a human- or agent-generated pull request is allowed into the codebase, with auditable evidence. It includes pre-review gates, multi-model review, merge policy enforcement, findings memory, and verified repair — not just posting comments on a diff.

How is AI change control different from AI code review?

AI code review focuses on finding issues in a diff. AI change control owns the full PR lifecycle: gate untrusted changes before review spend, run evidence-backed review, enforce merge rules, store suppressions and incident learnings, and attach remedy proof. Critique v4 is categorized as an AI change control platform; review runs are evidence inside a Change Passport.

What is a Change Passport?

A Change Passport is Critique’s per-PR product object in v4: one auditable record chaining provenance, risk, evidence contracts, policy decisions, remedy proof, and memory. Multiple review runs can attach to one passport; operators read the passport story instead of hunting disconnected check runs.

What is the Critique Control Board?

The Control Board at /dashboard/control is the operator surface for gate (Agent Firewall / Checkpoint), unified policy, findings memory, delivery health, and incident learnings. v4 merges what used to be separate Automation, Checkpoint overview, and Change Gate pages into one engineering control room.

Is Critique just another code review CI bot?

No. Comment-only bots stop at GitHub review threads. Critique adds a three-phase enforcement model: Gate (Critique / Checkpoint) before review queue, Review (Critique / Review) during the run, and Merge (Critique / Merge Policy) after evidence — all visible on the Control Board and recorded on the Change Passport.

How does Critique relate to Cursor, Copilot, and coding agents?

Coding agents optimize for creation speed. Critique governs whether those creations ship: unknown agent sources, forbidden paths, dependency weakening, and override history can block or warn before expensive review. The positioning line is: agents write; Critique governs.

Does AI change control work with private GitHub repos?

Yes. Critique installs as a GitHub App with scoped permissions, does not train on customer code, and supports enterprise tenancy with SSO and audit logs. Gate, review, and merge checks publish as GitHub check runs your branch protection already understands.