The Signal

GitHub just did something it's never done in its history: allowed open source repo maintainers to disable pull requests entirely. Previously you could only disable Issues. PRs were sacred.

This isn't just a UI toggle. It's GitHub acknowledging what builders have been whispering for two years — the PR workflow was designed for human-to-human code handoffs. When code is generated by agents at machine speed, the whole ceremony (branch, diff, review , merge, resolve conflicts) becomes friction, not safety.

Pete Steinberger and Theo have already been pushing "Prompt Requests" over Pull Requests. Mitchell Hashimoto and Amp Code built reputation-based systems for handling untrusted agent-generated code. Aaron Levie framed it cleanly: "the path forward is to make software that agents want." Git was invented for humans . We're past that now.

Builder's Take

Here's the leverage math. A solo developer reviewing PRs from AI agents is a human bottleneck on an infinite-throughput pipe . If your agent can ship 50 code changes per hour, and you spend 10 minutes reviewing each one, you're the constraint — not the model.

The PR workflow creates three specific taxes on solo builders:

  • Context switching tax — every review interrupts your build flow
  • Merge conflict tax — agents writing in parallel create divergent branches constantly
  • Security theater tax — a careful -looking diff from an agent can still slip mal icious patterns past a tired human eye

The moat shift is significant. The builders who win aren't the ones who review AI code faster — they're the ones who build automated trust pip elines that replace human review entirely. Think: deterministic test suites, sandboxed execution environments, static analysis gates, and reputation scoring on agent outputs . This is now a first-class engineering problem , not an ops afterthought.

The cost calculation : if you're paying $20-100/ month for a coding agent (Cursor, Copilot, Amp) and spending 2 hours/day on PR reviews, you're trading your highest-leverage hours for the lowest-leverage task. Automating that review layer — even partially — gives you back 10+ hours per week.

The old moat was "I write better code than you. " The new moat is "my pipeline ships trusted code faster than your pipeline."

Tools & amp; Stack

Replace the PR Review Layer

You don't need PRs if you have automated gates. Here's a practical stack:

  • GitHub Actions — free for public repos, 2000 min/month free for private. Your new "code reviewer" runs on every push.
  • Ruff — Python linter/formatter, replaces flake8+ black, runs in milliseconds. pip install ruff
  • Semgrep — static analysis for security patterns . Free OSS tier. Catches the "innocent -looking but dangerous" code that Pete Steinberger worries about.
  • Amp Code — Mitchell Hashimoto's agent with built-in reputation/ trust primitives for untrusted contributions. Check current pricing.
  • GitHub repo settings — the new "disable pull requests" toggle is live now.

Minimal Automated Trust Pipeline

# .github/workflows/agent-gate.yml
name: Agent Code Gate
on: [ push]
jobs:
  gate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name:  Lint
        run: ruff check .
      - name: Security scan
        uses: returntocorp/semgrep-action@v1
        with :
          config: p/security-audit
      - name: Tests
        run: pytest --tb =short
      - name: Type check
        run: mypy . --ignore-missing-imports

This four -step gate replaces a human reviewer for the 80 % of changes that are straightforward. You only get pin ged when something actually breaks or fails a security rule .

Prompt Request Pattern

Instead of git diff reviews , store prompts as first-class artifacts:

# prompts/add-stripe -webhook.md
## Intent
Add Stripe webhook handler for payment. succeeded events

## Constraints
- Use existing FastAPI router pattern
- Validate  signature with STRIPE_WEBHOOK_SECRET env var
- Log failures to Sentry, don 't raise HTTP 500

## Acceptance criteria
- Passes existing  test suite
- New unit test covers signature validation failure  case

Now your "code review" is reviewing the intent, not the implementation. Faster, easier, and the agent can re -run the implementation if you tweak the prompt.

Ship It This Week

Build a no-PR solo dev repo template — a GitHub template repository configured for agent-assisted development without pull requests.

Concretely:

  1. Create a new GitHub repo, disable PRs in Settings → General ( scroll to Features)
  2. Add the GitHub Actions gate above ( ruff + semgrep + pytest)
  3. Add a /prompts directory with a template markdown file for intent-first contributions
  4. Add a CONTRIBUTING.md that explains the Prompt Request pattern instead of PR instructions
  5. Mark the repo as a Template (Settings → General → Template repository)

Now every new project you start uses this as a base. You've operationalized the post-PR workflow. Share it publicly — this is exactly the kind of build-in-public artifact that gets traction right now because every solo dev with a coding agent has this exact problem and nobody has packaged the solution cleanly yet.

You could have a usable v1 running in under two hours. Ship it.