PatchPilot

PatchPilot is an open-source web app (with a lightweight GitHub/GitLab app) that automates dependency update PRs, but only merges when your project-specific risk checks pass. It goes beyond Renovate/Dependabot by adding a configurable “risk gate”: semantic diff scoring, changelog parsing, CVE relevance checks, and staged rollout rules (merge to canary branch first, then main). It posts a clear, auditable report explaining why an update is safe or blocked, and learns per-repo preferences over time. This is a combination traditional + AI app: traditional automation for PR creation/testing, plus optional AI to summarize release notes, detect breaking-change language, and suggest pin/ignore rules. Self-hosting is first-class: single binary + Docker, minimal dependencies, and works in air-gapped environments. The goal is fewer broken builds, fewer security fires, and less maintainer fatigue.