InariWatch's risk assessment is now a standalone GitHub Action.
What it does
On every pull request, InariWatch:
1. Reads the diff and file changes 2. Calls your AI provider for analysis 3. Posts a comment: 🟢 Low | 🟡 Medium | 🔴 High
When you push new commits, the comment updates — no spam.
Setup
name: InariWatch Risk Assessment
on:
pull_request:
types: [opened, synchronize]
jobs:
risk:
runs-on: ubuntu-latest
permissions:
pull-requests: write
contents: read
steps:
- uses: actions/checkout@v4
- uses: orbita-pos/inariwatch-action@v1
with:
ai-key: ${{ secrets.AI_KEY }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
What the comment looks like
> Risk Level: 🟢 Low > > Summary: Documentation-only changes with no impact on production code. > > Findings: No specific risks identified. > > Recommendations: No additional checks needed.
BYOK
Supports Claude, OpenAI, Grok, DeepSeek, and Gemini. Cost: ~$0.001 per PR with GPT-4o-mini.
No data sent to InariWatch — everything stays between GitHub and your AI provider.