Guides

PR bot configuration

Once you install LevelFour on a GitHub organization, the PR bot is on by default for every repository you granted access to. On every pull request, LevelFour reads the Infrastructure-as-Code changes in the diff (Terraform, CloudFormation, AWS CDK, Pulumi, or Kubernetes manifests), computes cost impact, and posts a single check-run comment with the cost breakdown. When LevelFour has concrete patch suggestions, they appear as inline "Suggested change" boxes on the diff itself, not as a list in the main comment.

You tune the bot per-repo with a .levelfour/config.yml file at the root of the default branch. The file is optional. With no file, the bot uses the defaults documented below.

Coming soon

A dashboard-driven org and per-repo toggle is on the roadmap, so you'll be able to silence the bot across thousands of repos at once or roll it out gradually without committing a YAML file to every repo. The toggle will take precedence over .levelfour/config.yml. Until then, every per-repo override lives in this file.

Where the file lives

Path: .levelfour/config.yml at the repository root, on the default branch.

The bot reads this file at the start of every pull request analysis. Changes take effect on the next PR or push, not retroactively on existing PRs.

You can preview the schema and validate ahead of time by copying the example below into your repo and opening a draft PR. LevelFour comments warnings for any unknown fields on the resulting PR.

Quick examples

Disable the bot on a single repository

# .levelfour/config.yml
enabled: false

The bot stops commenting and stops posting check runs on this repo. LevelFour still keeps the GitHub App installed and can read your Infrastructure-as-Code (Terraform, CloudFormation, CDK, Pulumi, Kubernetes manifests) for the savings recommendations engine on the dashboard.

Drop inline patch suggestions, keep the cost comment

# .levelfour/config.yml
code_suggestions_enabled: false

The bot still posts the cost summary on each PR, but does not propose inline "Suggested change" boxes on the diff.

Exclude test fixtures and a noisy resource type

# .levelfour/config.yml
excluded_paths:
  - tests/fixtures/**
  - examples/**
excluded_resource_types:
  - aws_iam_role_policy_attachment

Pin all cost estimates to a specific region

# .levelfour/config.yml
region_override: us-east-1

Useful when your Terraform omits provider "aws" { region = ... } and the bot would otherwise default to the global price.

Schema

FieldTypeDefaultWhat it does
enabledbooltrueMaster switch. When false, the bot skips this repo entirely. No comments, no check runs.
code_suggestions_enabledbooltrueWhen false, the bot still posts the cost comment but does not propose inline patch suggestions.
max_code_suggestionsint (0 to 25)25Cap on inline suggestion count per PR. Lower it if the bot is too chatty on large changes.
excluded_resource_typesstring[][]Terraform resource type globs to skip. Example: aws_iam_* matches every IAM resource.
excluded_pathsstring[][]File path globs to skip when parsing Terraform. Example: tests/fixtures/**.
region_overridestring or nullnullPin all cost estimates to one AWS region. Useful when your Terraform omits a default region.
graviton_for_managed_services_enabledboolfalseOpt in to Graviton-vs-Intel suggestions for AWS managed services (RDS, ElastiCache, OpenSearch). Off by default while the rule is being tuned.
comment_sections.summarybooltrueShow the top-of-comment summary block.
comment_sections.cost_breakdownbooltrueShow the per-resource cost diff table.
comment_sections.monthly_spendbooltrueShow the monthly spend total.

Glob syntax for excluded_paths and excluded_resource_types

The bot supports * wildcards in both fields:

  • tests/fixtures/** matches every path under tests/fixtures/.
  • aws_iam_* matches every Terraform resource type starting with aws_iam_.
  • examples/*.tf matches Terraform files directly inside examples/, but not in subdirectories.

Exact strings without * are matched literally.

Validation behavior

The bot validates .levelfour/config.yml on every PR:

  • Unknown fields at the top level or under comment_sections are stripped silently from the parsed config and reported as a warning at the bottom of the PR comment. Misspelling enabld: false will not disable the bot.
  • Type mismatches (e.g., a number where a bool is expected) cause the bot to fall back to defaults for that field and warn on the PR.
  • Missing file is treated as "use all defaults". This is the expected state for most repos.

What this file does NOT control

  • Whether LevelFour can read the repo. That's controlled by the GitHub App's repository access in your GitHub org settings. Even with enabled: false, LevelFour still reads the Infrastructure-as-Code (Terraform, CloudFormation, CDK, Pulumi, Kubernetes manifests) for the savings recommendations engine. To revoke read access entirely, remove the repo from the GitHub App installation. See GitHub onboarding.
  • PR creation by LevelFour. This file affects PRs your team opens. The savings PRs LevelFour opens come from the recommendation engine and ignore enabled.
  • Check runs the dashboard executes. Cost recommendation runs from the dashboard ignore this file.

GitHub Actions

Use the LevelFour SDKs in GitHub Actions for cost reports and monitoring.

CI/CD Integration

Add infrastructure cost estimation and diff checks to your CI/CD pipeline.

On this page

Where the file livesQuick examplesSchemaGlob syntax for excluded_paths and excluded_resource_typesValidation behaviorWhat this file does NOT controlRelated docs