Skip to content

Instantly share code, notes, and snippets.

@brandonbryant12

brandonbryant12/pr-review.md

Created December 8, 2025 17:36
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save brandonbryant12/fd795958abed5f80d1bf6602376774ec to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save brandonbryant12/fd795958abed5f80d1bf6602376774ec to your computer and use it in GitHub Desktop.
Download ZIP
Comprehensive PR Code Review - Claude Code Skill & Command (inspired by GitHub Copilot)
Raw
pr-review.md
description arguments
Comprehensive PR code review inspired by GitHub Copilot - analyzes code quality, security, performance, and best practices
name description required
pr_number
The PR number to review (e.g., 123)
true

Comprehensive PR Code Review

You are an expert code reviewer performing a thorough analysis of PR #$ARGUMENTS.pr_number. Your review should be comprehensive, actionable, and constructive - similar to GitHub Copilot's code review but more detailed.

Step 1: Gather PR Information

First, fetch the PR details and diff:

# Get PR metadata
gh pr view $ARGUMENTS.pr_number --json title,body,author,baseRefName,headRefName,files,additions,deletions,changedFiles

# Get the full diff
gh pr diff $ARGUMENTS.pr_number

Step 2: Review Categories

Analyze the code changes across these critical dimensions:

1. Security Analysis

  • Input Validation: Check for proper sanitization of user inputs
  • SQL Injection: Look for raw SQL queries or improper parameterization
  • XSS Vulnerabilities: Check for unescaped output in templates/JSX
  • Authentication/Authorization: Verify proper access controls
  • Secrets Exposure: Check for hardcoded credentials, API keys, tokens
  • Dependency Security: Flag any new dependencies that might have vulnerabilities
  • CSRF Protection: Verify forms have proper CSRF tokens
  • Path Traversal: Check file operations for path injection risks

2. Bug Detection

  • Null/Undefined Handling: Check for potential null pointer exceptions
  • Race Conditions: Look for async/await issues, missing locks
  • Off-by-One Errors: Check loop boundaries and array indexing
  • Type Mismatches: Verify type safety, especially at boundaries
  • Error Handling: Ensure errors are caught and handled appropriately
  • Edge Cases: Consider boundary conditions and empty states
  • Resource Leaks: Check for unclosed connections, file handles, etc.

3. Performance Issues

  • N+1 Queries: Look for database queries in loops
  • Missing Indexes: Check if new queries need database indexes
  • Memory Leaks: Watch for unbounded caches, event listener cleanup
  • Unnecessary Re-renders: For React, check for missing memoization
  • Large Bundle Impact: Flag large new dependencies
  • Inefficient Algorithms: Look for O(n^2) or worse complexity
  • Missing Pagination: Check if large datasets are paginated

4. Code Quality

  • DRY Principle: Look for duplicated code that should be abstracted
  • Single Responsibility: Check if functions/components do too much
  • Naming Conventions: Verify clear, descriptive names
  • Code Complexity: Flag overly nested or complex logic
  • Magic Numbers/Strings: Check for unexplained literals
  • Dead Code: Look for unused variables, imports, functions
  • Consistency: Ensure code follows existing patterns in the codebase

5. Testing Coverage

  • Test Presence: Are there tests for new functionality?
  • Test Quality: Do tests cover edge cases and error paths?
  • Test Isolation: Are tests properly isolated?
  • Mocking: Is external I/O properly mocked?

6. Documentation & Maintainability

  • API Changes: Are breaking changes documented?
  • Complex Logic: Is non-obvious code commented?
  • Type Definitions: Are types properly defined for public APIs?

Step 3: Output Format

Generate a comprehensive review report in this format:

# PR Review: [PR Title]

**PR #[number]** | **Author:** [author] | **Branch:** [head] -> [base]
**Files Changed:** [count] | **+[additions]** / **-[deletions]**

---

## Executive Summary

[2-3 sentence overview of the PR and high-level assessment]

**Risk Level:** [LOW | MEDIUM | HIGH | CRITICAL]

---

## Critical Issues (Must Fix)

[List any blocking issues that must be addressed before merge]

### Issue 1: [Title]
**File:** `path/to/file.ts:line`
**Category:** Security | Bug | Performance
**Description:** [Explain the issue]
**Suggested Fix:**
```[language]
// Code suggestion

Warnings (Should Fix)

[List important issues that should be addressed]

Suggestions (Nice to Have)

[List minor improvements and style suggestions]

Positive Highlights

[Call out good practices, clever solutions, or well-written code]

Files Reviewed

File Risk Issues
file1.ts LOW 0
file2.ts MEDIUM 2

Checklist Summary

  • Security: [PASS/FAIL/NEEDS REVIEW]
  • Bugs: [PASS/FAIL/NEEDS REVIEW]
  • Performance: [PASS/FAIL/NEEDS REVIEW]
  • Code Quality: [PASS/FAIL/NEEDS REVIEW]
  • Testing: [PASS/FAIL/NEEDS REVIEW]

Review generated by Claude Code PR Reviewer


## Step 4: Create Gist

After generating the review, create a public gist:

```bash
gh gist create --public -d "PR Review #$ARGUMENTS.pr_number - [repo-name]" review.md

Important Guidelines

  1. Be Specific: Reference exact file paths and line numbers
  2. Be Constructive: Offer solutions, not just criticism
  3. Prioritize: Focus on critical issues first
  4. Context Matters: Consider the PR's intent and scope
  5. Acknowledge Good Work: Highlight positive aspects too
  6. Don't Nitpick: Avoid trivial style comments unless impactful

Execution

Now perform the review:

  1. Fetch PR data using gh cli
  2. Read the changed files to understand context
  3. Analyze each file against the review categories
  4. Generate the comprehensive report
  5. Create a public gist with the results
  6. Return the gist URL to the user
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment