Pullfrog

Pullfrog is an open-source GitHub bot built by Pullfrog, Inc. that brings AI coding agents directly into GitHub workflows via GitHub Actions. Licensed under MIT and generally available, it lets teams trigger agentic runs by mentioning @pullfrog anywhere in a repo or by configuring automated responses to GitHub events like PR creation, issue filing, or CI failures.

What It Is

Pullfrog sits between your preferred LLM provider and your GitHub repository, acting as a configurable automation layer. When a configured event fires—a new PR, a submitted review, a CI failure, an issue opened—Pullfrog triggers a GitHub Actions workflow run that spawns an AI agent with the right context and instructions. The agent can read code, write code, leave comments, create PRs, triage issues, and more, all without requiring a separate UI or third-party platform.

How the Workflow Works

Setup involves adding a pullfrog.yml workflow file to .github/workflows/. From there, the Pullfrog GitHub App listens for webhook events and dispatches workflow runs programmatically. The pullfrog/pullfrog GitHub Action installs and spawns the agent with appropriate permissions and a purpose-built MCP server for git and GitHub operations.

Key workflow capabilities include:

• @-mention triggering — Tag @pullfrog in any comment, issue, or PR to assign an ad-hoc task
• Configurable automations — Toggle triggers on/off from the dashboard; attach custom prompt instructions per trigger
• Iterative PR review — The agent automatically addresses review comments on PRs it creates
• CI autofix — Detects CI failures on its own PRs and attempts fixes; can be configured for human-created PRs too
• Structured output — Supports JSON schema (including Zod) for reliable downstream workflow consumption

Architecture and Security Model

All agent runs execute inside the repo's own GitHub Actions environment. API keys are stored as GitHub secrets and auto-masked in logs. Git and GitHub operations go through Pullfrog's dedicated MCP server, which enforces permission checks—the agent cannot push to protected branches or access unauthorized repos. Shell commands run in an isolated subprocess without access to sensitive environment variables. GitHub App installation tokens are short-lived and auto-revoked at run completion. A built-in headless browser tool supports end-to-end testing and UI iteration, with screenshots uploaded to a secure S3 bucket.

Model Agnosticism and BYOK

Pullfrog works with any LLM provider: Anthropic, OpenAI, Google, Mistral, DeepSeek, OpenRouter, and more. API keys are added as GitHub secrets, and switching models requires only a config change. Teams can use Pullfrog Router (billed at raw provider cost with no markup) or bring their own keys—including a Claude subscription.

Update: v0.1.31 and General Availability

The GitHub repository shows the project was created in August 2025 and reached general availability shortly after. The latest release as of late June 2026 is v0.1.31, published on June 24, 2026. The repository has accumulated 792 stars and 43 forks. The project direction emphasizes open-source transparency, model agnosticism, and GitHub-native operation as differentiators from closed-source alternatives like CodeRabbit.