Thanks for this comment, because it looks like this is a good point of discussion. I may be wrong here, as I'm not well-versed in Guile Scheme. Honestly, you don't really need an "AI" for this. As a Nixpkgs contributor, I've come across a genius implementation by Ryan Mulligan. To explain this, I'll use the example code at A packaging tutorial for Guix.

You can see:

(define-public hello
  (package
    ...
    (version "2.10")
    (source (origin
      ...
      (sha256 (base32
        "0ssi1wpaf7plaswqqjwigppsg5fyh99vdlb9kzl7c9lng89ndq1i"))
      ...
    ))
    ...
))

Only the version and the base32 string have to be updated to get the next version.

If you check a Nix expression (aka the code snippet that defines a package), it is similar to the Guile code snippet but Haskell-ish. The version variable stores the tag - it's the same for both Guix and Nix. He's made a bot, which will check if the tag is outdated, or not - using Webhooks, I think. Maybe Savannah projects do not support them, but other forges like GitHub, GitLab and Forgejo do. If they're outdated, the bot will update both the SHA256 hash, as well as the version. And there you go, automatic package upgrade! Well, if the build fails, then welp, a human has to fix it. But the bot has managed most of the stuff auto-magically, so does resolving a few packages manually really matter?

Btw, here's the hard-working bot, r-ryantm.