To demonstrate it in practice I created an agentic review pipeline, which:
- Leverages a managed Antigravity Agent configured via the SDK to review the code. The agent uses advanced reasoning to explore files and verify logic under strict guidelines.
- Runs reviews inside isolated workspaces or sandboxes with custom policies to prevent shell or arbitrary code execution risks.
- Enables the agent to use the GitHub MCP server to interact directly with the environment to write pull request comments and reviews.
- Avoids using the
synchronize trigger in pull request workflows to prevent redundant review runs and endless loops. Instead, runs reviews on opened and reopened events, and triggers subsequent passes manually by posting a @agy /review comment on the PR.
Agentic review pipeline
You can find the code at run-agy-sdk.
What is run-agy-sdk?
The run-agy-sdk is a composite GitHub Action that runs the Google Antigravity SDK (google-antigravity) directly on the GitHub Actions host runner.
Why run on the host instead of a container?
By running directly on the host, the Antigravity SDK has access to the host's Docker daemon. This allows the SDK to spawn Docker-based MCP servers (like the GitHub MCP server) to read files, run tests, and post reviews.
Sub-containers should ideally run with restricted network access and read-only filesystems where possible to prevent an LLM from being tricked into executing arbitrary destructive commands. The limited set of permissions is handled in the GitHub Action configuration (see here). Whereas the Antigravity agent has a limited number of tools it can use from GitHub MCP (see here).
Moreover the workflow is explicitly protected from running automatically on forks, preventing unauthorized code execution. The automated review job will only run if the pull request originates from the same repository (see here). On-demand reviews triggered by commenting @agy /review are restricted so that they can only be initiated by maintainers (see here).
Demonstration walkthrough
The demo below shows the action triggered by a new PR:
[フレーム]
Implementation: How to install the action in your repo
Let's walk through the setup process step-by-step.
Step 1: Add your API key to GitHub secrets
The action requires a Google Gemini or Antigravity API key to authenticate language model interactions.
-
Generate your API key.
- Navigate to your target GitHub repository and go to Settings > Secrets and variables > Actions.
- Create a new Repository Secret named
ANTIGRAVITY_API_KEY and paste your API key as the value.
Step 2: Configure the GitHub Actions workflow
Add a new file in your repository at .github/workflows/antigravity-review.yml and add the following configuration:
name: '🔎AntigravityPRReview'
on:
pull_request:
types: [opened, reopened]
workflow_dispatch:
concurrency:
group: '${{github.workflow}}-${{github.event.pull_request.number||github.ref_name}}'
cancel-in-progress: true
jobs:
antigravity-review:
runs-on: 'ubuntu-latest'
timeout-minutes: 20
permissions:
contents: 'read'
pull-requests: 'write'
issues: 'write'
steps:
- name: 'CheckoutRepository'
uses: 'actions/checkout@v6'
with:
persist-credentials: false
- name: 'RunAntigravityPRReview'
uses: 'rsamborski/run-agy-sdk@main'
id: 'agy_pr_review'
with:
api-key: '${{secrets.ANTIGRAVITY_API_KEY}}'
github-token: '${{secrets.GITHUB_TOKEN}}'
mode: 'review'
prompt: '/antigravity-review'
trust-workspace: 'true'
sandbox-profile: 'true'
Pro Tip: Pin the action version to a specific commit SHA (e.g., rsamborski/run-agy-sdk@<commit-sha>) rather than using @main. This prevents unexpected breaks from upstream updates.
While you can reference run-agy-sdk directly in your workflows, its real power lies in using it as a blueprint. I encourage you to fork the repository and use it as a template to build your own custom, agentic GitHub Actions. By modifying the safety policies, custom tools, or prompts in run_agent.py, you can tailor the agent's review behavior to your team's specific codebase, style guidelines, and compliance rules.
For a full workflow template supporting both automated PR reviews and comment-triggered reviews, refer to the workflows folder in the repository.
Conclusions
Automating code reviews is a necessity as AI-generated code volumes increase. By using run-agy-sdk, you can run the Antigravity SDK to review PRs automatically and shift more of the burden of code quality assurance away from human reviewers.
- Access the full source code in the GitHub Repository.
- Read the documentation to customize the prompts and mode.
- Feel free to fork the repository and build your own automation.
Acknowledgments
This project was inspired by the run-gemini-cli action, while shifting to the recently released Antigravity SDK. It is a personal sample implementation of how to run the Antigravity SDK in a GitHub Action, and is not an officially supported Google product.
Let’s connect!
I’d love to hear how you’re using Antigravity for your agentic workflows. Are you building automated code review loops or keeping a tighter leash on your agents?