Code Review Copilot in GitHub Actions

Automate first-pass code reviews to catch issues and suggest fixes. Plan: - Trigger: On pull request open/update. - Context: Diff hunks, relevant files, repo docs; limit tokens via summarization. - Analysis: Use a strong code model; enforce style and security checklists. - Tools: Static analysis (Semgrep), dependency scanner; LLM merges findings and suggests patches. - Output: Inline comments, risk labels, and a summary. - Safeguards: Never auto-commit to protected branches; require human approval. - Metrics: PR cycle time, suggestion acceptance rate, defect leakage. Start with advisory mode; graduate to automated small refactors.