Fossabot: AI code review for Dependabot/Renovate on breaking changes and impacts
fossa.com53 points by robszumski 2 hours ago
53 points by robszumski 2 hours ago
Always felt dependency updates are a perfect fit for AI agents:
(a) they’re broadly similar across companies,
(b) they aren’t time-sensitive, so the agent can take hours without anyone noticing, and
(c) customers are already accustomed to using bots here, just bad ones
One would imagine they are broadly similar; but that's off the assumption that codebases are similar as well.
Migrations between versions can have big variance largely as a function of the parent codebase and not the dependency change. A simple example of this would be a supported node version bump. It's common to lose support for older node runtimes with new dependency versions, but migrating the parent codebase may require large custom efforts like changing module systems.
Why didn't GitHub come up with this? This seems like such an obvious use case.
It requires you to go deep in both the code analysis and the research, which is expensive at their scale
And, as someone who's start up (EdgeBit was acquired by FOSSA recently) wrote a new JS/TS static analysis engine, it's just hard to get correct.
It's a niche for AI, which creates some great opportunities for context engineering :)