ChatOps
ChatOps brings automation into GitHub conversations through command triggers that respond to slash commands in issues, pull requests, and comments. Team members can trigger workflows by typing commands like /review or /deploy directly in discussions.
flowchart LR
user(["/command"]) --> auth[Auth check]
auth --> agent[AI agent]
agent --> output[Safe outputs]
By default, only users with write permissions can trigger ChatOps commands. Narrow or widen that with on.roles: — see Repository Access Roles.
Example: Code Reviewer
Section titled “Example: Code Reviewer”In the following example, when someone types /review, the AI analyzes code changes and posts review comments. The agent runs with read-only permissions while safe-outputs (validated GitHub operations) handle write operations securely.
The example uses events: to restrict which comment contexts activate a command — in this case [pull_request_comment] to respond only in PR threads. See Filtering Command Events.
The example also references the triggering content via steps.sanitized.outputs.text, which strips injection attempts, excessive content, and untrusted mentions — see Context Text.
---on: slash_command: name: review events: [pull_request_comment] # Only respond to /review in PR comments
permissions: contents: read pull-requests: read
safe-outputs: create-pull-request-review-comment: max: 5 add-comment:---
# Code Review Assistant
When someone types /review in a pull request comment, perform a thorough analysis of the changes.
Examine the diff for potential bugs, security vulnerabilities, performance implications, code style issues, and missing tests or documentation.
Create specific review comments on relevant lines of code and add a summary comment with overall observations and recommendations.Related Documentation
Section titled “Related Documentation”- IssueOps — Event-driven issue automation
- DispatchOps — Manual workflow triggers
- LabelOps — Label-triggered automation
- MultiRepoOps — Side Repository — Isolated workflow execution
- Command Triggers — Slash command configuration
- Safe Outputs — Secure write operations
- Authentication — PAT and GitHub App setup