SiteBrief/Documentation

DevLab

DevLab connects your GitHub or GitLab repositories to SiteBrief. Every deploy is scanned automatically, issues get auto-fixed via PR, and stale pull requests never slip through unreviewed.

What DevLab does

FeatureWhat it does
Deploy scanScans your site after every push: PageSpeed, security headers, SSL, SEO, bundle size
Dockerfile analysisDetects root user, :latest tags, npm install vs ci, missing HEALTHCHECK
CI/CD YAML analysisFinds outdated actions, missing timeout, no npm cache, hardcoded secrets
Auto-fix PROne click to open a GitHub/GitLab PR with the fix applied
AI PR verificationAfter a fix PR is merged, AI re-checks production, takes a screenshot, and posts a verified comment
Rollback suggestionFlags deploys that introduced 1+ critical issues and links to commit history
Stale PR notificationsAlerts you when a PR has had no review activity for 48 hours
Dependency auditWeekly scan for vulnerable and outdated npm packages
Bundle size trackingAlerts when your JS/CSS bundle grows more than 10% after a deploy
Customer Complaints RadarSearches Reddit for brand mentions and negative feedback, categorizes by severity, auto-creates tasks
Agency CopilotWeekly digest includes an AI-generated priority action list per client — no manual review needed

Connect GitHub

Go to Integrations → GitHub and click Connect GitHub. Authorize the OAuth app — SiteBrief gets read access to your repos.

Then go to a site's DevLab tab and select the repo and branch to watch.

ℹ️
Note:You need at least Admin access on the repo to let SiteBrief create the webhook.

Connect GitLab

Go to Integrations → GitLab and connect your GitLab account via OAuth. Then link the repo in the site's DevLab tab.

Per-site tokens (agencies)

If you manage multiple clients who each have their own GitHub or GitLab account, you can connect a separate token per site — so DevLab opens PRs from the correct account for each client.

To connect a site-level token: open a site → DevLab tab → click “Connect a different account just for this site” under the GitHub or GitLab repo panel. After authorizing, DevLab will use that token for all operations on this site.

Token typeWhen DevLab uses it
Site-level tokenAlways preferred when set — used for generate PR, rollback, dependency audit, autopilot on this specific site
Account-level tokenFallback when no site-level token is configured
💡
Tip:You can mix both: set an account-level token as the default and override only the sites that belong to different client Git accounts.

Deploy scan

Every time you push to the watched branch, SiteBrief runs a full scan within seconds:

  • PageSpeed score — regression flagged if it drops 15+ points
  • Security headers — grade D or F triggers a critical issue
  • SSL validity
  • SEO meta tags (title + description)
  • Bundle size vs. previous deploy — alerts on 10%+ growth
  • Dockerfile issues (if a Dockerfile exists in the repo root)
  • GitHub Actions workflow issues (if .github/workflows/ exists)

Results appear in DevLab → Deploy Scan History. Notifications with detected issues also appear in the bell icon in the sidebar.

Rollback suggestion

When a deploy scan detects 1 or more critical issues (or 3+ issues of any severity), SiteBrief shows a red Consider reverting this deploy banner inside the scan details.

The banner includes direct links to:

  • View commits — commit history on GitHub/GitLab for the branch
  • Compare changes — diff view to identify what changed

The same rollback suggestion appears in the bell notification for that deploy.

⚠️
Warning:SiteBrief does not automatically revert a deploy — it only suggests it. You perform the rollback via your Git provider or deployment platform.

Auto-fix PR

Many issues have a Fix button in DevLab. One click opens a pull request (or merge request on GitLab) with the exact change applied.

Plan requirements

Fix typeFreePro / Agency / Power Pack
Security header fixes✓ Unlimited✓ Unlimited
SEO tag fixes✓ Unlimited✓ Unlimited
WP / CI/CD / dependency fixes✓ Unlimited✓ Unlimited
Accessibility issue fixes✓ Unlimited
PageSpeed / cache fixes✓ Unlimited
ℹ️
Note:Free plan can generate unlimited PRs for security headers, SEO, WordPress, CI/CD, and dependency issues. Accessibility and PageSpeed auto-fix PRs require Pro plan or higher.

What can be auto-fixed

IssueWhat the PR changesConfidence
Security header missingAdds header to netlify.toml, .htaccess, or nginx.conf88%
PageSpeed lowAdds long-term cache headers for JS/CSS/fonts75%
WP_DEBUG enabledSets WP_DEBUG to false in wp-config.php95%
SEO tag missingInjects tag into layout.tsx, index.html, or robots.txt62–90%
Dependency vulnerableBumps package version in package.json82%
Dependency outdatedBumps package version in package.json75–88%
Dockerfile: no USERAdds USER node before CMD/ENTRYPOINT72%
Dockerfile: npm installReplaces with npm ci90%
Dockerfile: no HEALTHCHECKAdds HEALTHCHECK directive60%
CI/CD: outdated actionUpgrades e.g. checkout@v2 → checkout@v495%
CI/CD: no timeoutAdds timeout-minutes: 15 to all jobs70%
CI/CD: no npm cacheAdds cache: 'npm' to setup-node step82%
💡
Tip:The confidence score shown on each fix indicates how safe it is to merge without manual review. Fixes at 90%+ are safe to auto-merge. Fixes below 75% should be reviewed first.

Stale PR notifications

SiteBrief checks every 6 hours for open pull requests and merge requests that have had no review activity for 48 hours — no reviews submitted and no review comments.

When a stale PR is found, a notification appears in the bell icon with:

  • PR title and number
  • How many hours it has been open without review
  • A direct link to the PR/MR

Notifications are deduped — you will receive at most one alert per PR per 24 hours.

ℹ️
Note:Stale PR detection works for both GitHub and GitLab. It requires the repo to be linked to a site in DevLab.

Dependency audit

Every Monday at 3:00 UTC, SiteBrief scans your linked repos for vulnerable and outdated npm packages. Results appear as issues in DevLab with one-click fix PRs available.

  • Vulnerable — package has a known CVE; fix PR bumps to the patched version
  • Outdated (patch/minor) — auto-fixable via PR
  • Outdated (major) — flagged but not auto-fixed (breaking changes possible)

Bundle size tracking

SiteBrief measures the total size of JS and CSS assets after every deploy and compares it to the previous deploy. If the bundle grows by more than 10% (or more than 50 KB), an issue is created.

This helps catch accidental large imports, unoptimized images in JS, or missing tree-shaking before they reach users.

AI PR verification

When a DevLab fix PR is merged into the watched branch, SiteBrief automatically verifies the fix on production:

  • Waits 5 seconds for the deployment to propagate
  • Runs a targeted check based on the issue type (security headers grade, PageSpeed score, SEO meta, or HTTP status)
  • Takes a screenshot of the live site via ScreenshotOne
  • Sends the screenshot to Claude Vision for a one-sentence visual confirmation
  • Posts a comment on the merged PR with the verification result, AI verdict, and screenshot
💡
Tip:The verification comment appears automatically — no action needed. It looks like: ✅ SiteBrief — Fix verified on production · Security headers grade: A

Customer Complaints Radar

Available on the site detail page (Pro/Agency plans). Searches Reddit for mentions of your client's brand and negative keywords (problem, broken, issue, bug) in the last 30 days.

Claude analyzes each post and assigns:

  • Category — ux_bug, checkout, performance, content, pricing, other
  • Severity — critical, high, medium, low
  • Summary — one-line description of the complaint

Critical and high severity complaints automatically create a maintenance task. You can also create tasks manually per complaint with one click. Scans run weekly (Tuesday 2:00 UTC) or on-demand via the Scan now button.

Agency Copilot

Every Monday, the weekly digest email includes an ⚡ This week's actions section — an AI-generated prioritized list of what needs to be done across all your client sites.

The Copilot considers:

  • Sites currently down or with recent incidents
  • SSL and domain certificates expiring within 30 days
  • PageSpeed scores below 70
  • Security header grade D or F
  • Open maintenance tasks and pending DevLab PRs
  • Broken links detected

The output is a numbered list of up to 5 actions — specific, actionable, no fluff. No manager required.

ℹ️
Note:Enable the weekly digest in Settings → Notifications → Weekly digest.

FAQ

Which branch does SiteBrief watch?

The branch you set in Site Settings → DevLab → GitHub branch. Defaults to main. Only pushes to that branch trigger a deploy scan.

Does DevLab work with monorepos?

Yes — link the same repo to multiple sites, each watching a different branch (e.g. main for production, staging for staging).

What happens if the fix PR is already open?

SiteBrief checks for an existing open PR on the fix branch before creating a new one. If one exists, it is reused.