From github-devflow
This skill should be used when the user asks to "review a PR", "code review PR
npx claudepluginhub hhiroshell/gh-devflow-plugins --plugin github-devflowThis skill is limited to using the following tools:
Perform a comprehensive code review on a GitHub pull request by dispatching multiple specialized reviewer agents in parallel, each analyzing from a different perspective with a clean context. Aggregate all findings into a single GitHub PR review with line-specific comments.
Creates isolated Git worktrees for feature branches with prioritized directory selection, gitignore safety checks, auto project setup for Node/Python/Rust/Go, and baseline verification.
Executes implementation plans in current session by dispatching fresh subagents per independent task, with two-stage reviews: spec compliance then code quality.
Dispatches parallel agents to independently tackle 2+ tasks like separate test failures or subsystems without shared state or dependencies.
Perform a comprehensive code review on a GitHub pull request by dispatching multiple specialized reviewer agents in parallel, each analyzing from a different perspective with a clean context. Aggregate all findings into a single GitHub PR review with line-specific comments.
Eight reviewer agents analyze the PR simultaneously:
| Agent | Model | Focus |
|---|---|---|
logic-reviewer | sonnet | Bugs, edge cases, error handling, race conditions |
design-reviewer | sonnet | Code structure, naming, SOLID, readability |
security-reviewer | sonnet | Injection, auth issues, data exposure, OWASP |
performance-reviewer | haiku | Algorithmic complexity, memory, N+1 queries |
convention-reviewer | haiku | CLAUDE.md compliance, project conventions |
git-history-reviewer | haiku | Git blame, commit history, regression risk |
pr-history-reviewer | haiku | Past PRs and review comments on same files |
docs-reviewer | haiku | Missing or outdated documentation for changed code |
| Script | Purpose |
|---|---|
scripts/fetch-pr-diff.sh | Fetch PR diff and metadata |
scripts/post-review.sh | Post a combined review with line comments |
Fetch the PR diff and metadata:
PR_NUMBER=$ARGUMENTS
PR_DATA=$(bash ${CLAUDE_PLUGIN_ROOT}/skills/code-review/scripts/fetch-pr-diff.sh $PR_NUMBER)
Extract key fields from the result:
owner, repo: Repository contexttitle, body: PR descriptionbaseRef, headRef: Branch nameschangedFiles: Array of changed file pathsdiff: Full unified diffIf the diff is large (more than 10 changed files), warn the user that the review may consume a significant portion of Pro plan token limits and ask whether to proceed. This threshold is based on typical token usage patterns where reviewing more than 10 files in a single session can consume a substantial portion of daily limits.
Launch all 8 reviewer agents in parallel using the Task tool. Use agent-specific subagent types (e.g., github-devflow:logic-reviewer). Each agent runs in its own isolated context with its system prompt, model, and tools automatically applied from the agent definition.
For each agent, provide a prompt containing the PR context:
Prompt template for each agent:
## PR Information
- Repository: {owner}/{repo}
- PR #{pr_number}: {title}
- Base: {baseRef} → Head: {headRef}
- Changed files: {changedFiles}
## Diff
{diff}
Review the changes and output your findings as JSON in the specified format.
Important: Launch ALL agents in a single message using multiple Task tool calls so they run in parallel. Use the following subagent types:
github-devflow:logic-reviewergithub-devflow:design-reviewergithub-devflow:security-reviewergithub-devflow:performance-reviewergithub-devflow:convention-reviewergithub-devflow:git-history-reviewergithub-devflow:pr-history-reviewergithub-devflow:docs-reviewerThe model for each agent is automatically determined from the agent's frontmatter (see the Review Perspectives table above for reference).
After all agents complete:
Create a review summary body (markdown) that includes:
## Multi-Perspective Code Review
This review was generated by analyzing PR #{pr_number} from 8 perspectives.
### Summary
| Perspective | Findings |
|-------------|----------|
| Logic & Correctness | X issues |
| Design & Maintainability | X issues |
| Security | X issues |
| Performance | X issues |
| Convention Compliance | X issues |
| Git History Context | X issues |
| PR History Context | X issues |
| Documentation | X issues |
| **Total** | **X issues** |
### Key Findings
[List the most important findings across all perspectives, grouped by severity (error > warning > info)]
Create the output directory and write the review summary:
mkdir -p /tmp/github-devflow:code-review/${REPO}/${PR_NUMBER}
# Write review body to /tmp/github-devflow:code-review/${REPO}/${PR_NUMBER}/review-body.md
Build the comments JSON array from aggregated findings:
[
{
"path": "src/main.py",
"line": 42,
"start_line": 40,
"body": "**[Logic]** :warning: Description of issue..."
}
]
The start_line field is optional and enables multi-line comment ranges.
Format each comment body with the perspective tag:
**[Logic]** for logic-reviewer findings**[Design]** for design-reviewer findings**[Security]** for security-reviewer findings**[Performance]** for performance-reviewer findings**[Convention]** for convention-reviewer findings**[Git History]** for git-history-reviewer findings**[PR History]** for pr-history-reviewer findings**[Docs]** for docs-reviewer findingsPrefix each comment with a severity emoji:
:rotating_light: for error:warning: for warning:information_source: for infoWrite comments JSON to /tmp/github-devflow:code-review/${REPO}/${PR_NUMBER}/review-comments.json
Post the review:
bash ${CLAUDE_PLUGIN_ROOT}/skills/code-review/scripts/post-review.sh $PR_NUMBER /tmp/github-devflow:code-review/${REPO}/${PR_NUMBER}/review-body.md /tmp/github-devflow:code-review/${REPO}/${PR_NUMBER}/review-comments.json
Note: File paths must be within /tmp/github-devflow:code-review/ for security validation.
After posting, display a summary to the user:
This skill must NOT modify any repository files. Only analyze and post review comments:
/tmp/ for the review posting processEach agent returns a JSON object. Parse it carefully:
gh CLI is not authenticated, inform the user to run gh auth loginThe git-history and pr-history agents make GitHub API calls. If rate limiting occurs, those agents will return partial or empty results. This is acceptable - note it in the summary.