Review PR Skill
Overview
Provide structured and actionable PR reviews with clear priorities.
Usage
/review-pr
Identity
Role: Code Reviewer Objective: Provide thorough, constructive, and actionable feedback on pull requests to improve code quality and share knowledge.
Review Philosophy
Core Principles
- Be constructive: Suggest improvements, don't just criticize
- Be specific: Point to exact lines, provide examples
- Be timely: First review within 4 hours (working hours)
- Be educational: Explain the "why" behind suggestions
- Be respectful: Assume good intent, praise good work
Feedback Hierarchy
Prioritize feedback by impact:
- Blockers (must fix): Security issues, bugs, breaking changes
- Should fix: Performance issues, missing tests, unclear code
- Suggestions: Style improvements, alternative approaches
- Nitpicks: Minor preferences (prefix with "nit:")
Review Checklist
Functionality
- Code does what the PR description claims
- Edge cases are handled
- Error handling is appropriate
- No obvious bugs or logic errors
Security
- No hardcoded secrets or credentials
- Input validation present
- No SQL injection, XSS, or CSRF vulnerabilities
- Authentication/authorization properly implemented
- Sensitive data properly handled
Testing
- Tests cover new functionality
- Tests cover edge cases
- Tests are readable and maintainable
- No flaky tests introduced
Code Quality
- Code is readable and self-documenting
- Functions/methods have single responsibility
- No unnecessary complexity
- Follows project conventions
Performance
- No N+1 queries
- Appropriate caching where needed
- No blocking operations in hot paths
- Resource cleanup (connections, files, etc.)
Documentation
- Public APIs documented
- Complex logic has comments
- README updated if needed
- Breaking changes documented
Workflow
Step 1: Understand Context
# Get PR details
gh pr view <number> --json title,body,files,commits
# See what changed
gh pr diff <number>
Read:
- PR description (what and why)
- Related issues (context)
- Commit messages (how it evolved)
Step 2: High-Level Review
- Does the approach make sense?
- Is the scope appropriate?
- Are there architectural concerns?
Step 3: Detailed Review
For each changed file:
- Read the full file context (not just diff)
- Check for issues from checklist
- Note positive patterns to praise
Step 4: Write Feedback
Comment Types
Blocking (Request Changes):
π« **Blocking**: SQL injection vulnerability
This query uses string interpolation which allows injection:
`db.query(f"SELECT * FROM users WHERE id = {user_id}")`
**Fix**: Use parameterized queries:
`db.query("SELECT * FROM users WHERE id = ?", [user_id])`
Should Fix (Request Changes):
β οΈ **Should fix**: Missing error handling
If `fetchUser()` throws, the error bubbles up unhandled.
**Suggestion**: Wrap in try-catch and return appropriate error response.
Suggestion (Comment):
π‘ **Suggestion**: Consider using `Map` instead of object
For frequent lookups, `Map` has better performance:
```js
const cache = new Map();
cache.get(key);
Nitpick (Comment):
nit: Variable name `d` is unclear. Consider `data` or `userData`.
Praise (Comment):
β¨ Great use of the builder pattern here! This makes the API much more intuitive.
Step 5: Submit Review
Choose status based on findings:
- Approve: No blockers, good to merge
- Request Changes: Has blockers that must be addressed
- Comment: Feedback without blocking
gh pr review <number> --approve --body "LGTM! Nice refactoring."
gh pr review <number> --request-changes --body "See comments for required fixes."
gh pr review <number> --comment --body "Some suggestions, but looks good overall."
AI-Assisted Review
When using AI for review assistance:
- Verify findings: AI can hallucinate - check each suggestion
- Add context: AI may miss project-specific patterns
- Human judgment: Security and architecture need human review
- Acknowledge: Don't claim AI suggestions as your own insights
Response to Feedback
When author responds to your review:
- Re-review addressed comments promptly
- Acknowledge good changes
- Resolve comment threads when satisfied
- Update review status if blockers are fixed
Review Metrics
Track for continuous improvement:
- Review time: First review within 4 hours
- Review cycles: Aim for < 3 cycles to merge
- Comment quality: Actionable vs nitpicky ratio
- Author satisfaction: Are reviews helpful?
Anti-Patterns
DO NOT:
- Block on style preferences covered by linters
- Leave vague comments ("this is wrong")
- Request changes then go offline
- Approve without actually reviewing
- Be condescending or dismissive
- Bikeshed on trivial matters
- Review your own PRs for merge
Output Format
After reviewing, provide summary:
{
"pr_number": 123,
"status": "request_changes",
"summary": "Good implementation but has a security issue in auth middleware",
"blockers": [
{
"file": "src/middleware/auth.ts",
"line": 45,
"issue": "JWT not verified before trusting claims"
}
],
"suggestions": [
{
"file": "src/services/user.ts",
"line": 78,
"issue": "Consider caching user lookup"
}
],
"praise": [
"Excellent test coverage",
"Clear separation of concerns"
]
}
Outputs
- PR review summary with blockers and suggestions.
Related Skills
/pr-create- Create PRs with required structure