Pull Request

Code changes go directly to production with no review process. There are no pull requests, no code reviews, and no change approval workflow. A developer pushes code and crosses their fingers. 'Did anyone look at this before it shipped?' — no, no one did.

None — AI cannot review code changes because no pull request or change review process exists.

Pull requests exist but are inconsistent. Some PRs have detailed descriptions; others have empty descriptions and a title that says 'updates.' Review depth varies — some PRs get thoughtful feedback, others get a rubber-stamp approval within minutes. There's no standard for what a PR should contain or how it should be reviewed.

AI can access PR diffs and suggest basic improvements, but cannot perform meaningful review because the lack of PR descriptions and context means the AI doesn't know what the change is supposed to accomplish.

Pull requests follow a standard template with required fields — description, linked ticket, test plan, and change type. Automated checks (linting, tests, build) run on every PR. Reviewers have a checklist. But PRs are self-contained documents — they don't link to deployment outcomes, production impact, or historical context about the code area being changed.

AI can perform structured code review against the PR template, flag common patterns, and validate against automated checks. Cannot assess risk or impact because PRs lack connections to production monitoring records and change history context.

Pull requests are comprehensive change records with full context. Each PR links to the originating ticket, affected services, deployment pipeline, and production monitoring dashboards for the changed areas. Review comments are threaded and preserved. A developer can query 'show me the last 10 PRs that touched the payment module, their review discussions, and any production incidents that followed' and get a complete answer.

AI can perform context-aware code review — assessing risk based on change area history, reviewer expertise, and production stability of affected services. Can predict merge-to-production risk. Cannot yet autonomously approve routine changes because approval criteria aren't formalized.

Pull requests are formal entities with machine-readable risk assessments, quantified approval criteria, and structured relationships to the full software delivery graph. AI agents can evaluate PRs against defined safety criteria, compute merge risk scores, and auto-approve changes that fall within established safe patterns. Complex or risky PRs are flagged for human review with specific concerns highlighted.

AI can autonomously manage routine PR workflows — reviewing code, computing risk, approving safe changes, and flagging concerns on complex ones. Human reviewers focus on novel patterns and architectural decisions.

Pull requests are living change records that document themselves in real-time. Risk assessments update as related changes merge. Production impact feeds back to refine the risk model. The PR record captures not just the proposed change but its actual outcome — creating a self-improving change management system.

Fully autonomous PR intelligence. AI manages the full lifecycle of code changes — from review through merge through production validation — with continuous learning from outcomes.

Ceiling of the CMC framework for this dimension.