OpenSkillIndex← back to search
claude-code

Aiwg pr-review

Conduct comprehensive PR review from multiple perspectives (PM, Developer, QA, Security)

install
source · Clone the upstream repo
git clone https://github.com/jmagly/aiwg
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/jmagly/aiwg "$T" && mkdir -p ~/.claude/skills && cp -r "$T/.agents/skills/pr-review" ~/.claude/skills/jmagly-aiwg-pr-review && rm -rf "$T"
manifest: .agents/skills/pr-review/SKILL.md
source content

PR Review

PR Link/Number: $ARGUMENTS

Instructions: Execute each task in the order given to conduct a thorough code review. Update GitHub with this review. Important: The future is now—any improvements or "future" recommendations must be addressed immediately.

Arguments

  • <pr_link_or_number>
    - GitHub PR URL or PR number (required)
  • --interactive
    - Prompt for confirmation before posting review
  • --guidance "text"
    - Additional review guidance or focus areas
  • --regression-gate
    - Run regression check before merge approval (default: true)
  • --allow-regression
    - Allow merge even if regressions detected (requires justification)

Default behavior: Regression gate is enabled by default. To disable: 

--regression-gate=false

Task 1: Product Manager Review

Objective: Assess from a product management perspective, focusing on:

  • Business Value: Does this PR clearly advance our core product goals and deliver immediate ROI?
  • User Experience: Is the change intuitive and delightful for users right now? If not, make fixes immediately.
  • Strategic Alignment: Does the PR align with current (and long-term, i.e., now) strategic objectives?

Action: Provide clear directives on how to ensure maximum user and business impact. All "future" suggestions must be implemented now.

Task 2: Developer Review

Objective: Evaluate the code thoroughly from a senior lead engineer perspective:

  1. Code Quality & Maintainability: Is the code structured for readability and easy maintenance? If not, refactor now.
  2. Performance & Scalability: Will these changes operate efficiently at scale? If not, optimize immediately.
  3. Best Practices & Standards: Note any deviation from coding standards and correct it now.

Action: Leave a concise yet complete review comment, ensuring all improvements happen immediately—no deferrals.

Task 3: Quality Engineer Review

Objective: Verify the overall quality, testing strategy, and reliability of the solution:

  1. Test Coverage: Are there sufficient tests (unit, integration, E2E)? If not, add them now.
  2. Potential Bugs & Edge Cases: Have all edge cases been considered? If not, address them immediately.
  3. Regression Risk: Confirm changes don't undermine existing functionality. If risk is identified, mitigate now with additional checks or tests.

Action: Provide a detailed QA assessment, insisting any "future" improvements be completed right away.

Task 4: Security Engineer Review

Objective: Ensure robust security practices and compliance:

  1. Vulnerabilities: Check for common security flaws (SQL injection, XSS, authentication bypass, etc.). Fix immediately if found.
  2. Sensitive Data: Confirm no secrets, credentials, or PII are exposed. Remove immediately if found.
  3. Security Best Practices: Verify adherence to OWASP guidelines and security standards. Address gaps now.

Action: Provide security assessment with immediate remediation for any findings. No deferring security issues.

Task 5: Regression Detection Gate

Objective: Detect behavioral regressions introduced by this PR

When: Runs automatically before merge approval (unless 

--regression-gate=false
)

Process:

  1. Identify base branch from PR metadata
  2. Determine scope using changed files
  3. Execute regression check: 
    /regression-check \
  --baseline <base-branch> \
  --scope changed-files \
  --format summary
  4. Analyze results:
    • No regressions: Proceed to merge approval
    • Minor regressions: Flag for review, document in comment
    • Critical regressions: BLOCK MERGE (unless 
      --allow-regression
      )

Output: Regression analysis posted as PR comment

Regression Gate Behavior

Regression SeverityDefault ActionWith 
--allow-regression
NoneApprove mergeApprove merge
Minor (warnings)Approve with noteApprove with note
Major (behavior change)Request changesApprove with documented risk
Critical (test failures)BLOCK mergeApprove with justification required

Example: Regression Detected (Blocking)

## 🚨 Regression Gate: BLOCKED

**Baseline**: main (commit abc123)
**Changed Files**: 5 files
**Tests Affected**: 12 tests

### Critical Regressions

1. **test/unit/auth/login.test.ts::validateCredentials**
   - Status: PASS → FAIL
   - Error: "Expected 200, received 401"
   - Impact: Breaks user authentication
   - **Action**: FIX REQUIRED BEFORE MERGE

2. **test/integration/api/payments.test.ts::processPayment**
   - Status: PASS → FAIL
   - Error: "Transaction timeout"
   - Impact: Payment processing broken
   - **Action**: FIX REQUIRED BEFORE MERGE

### Verdict

❌ **MERGE BLOCKED** - Critical regressions must be resolved.

To override (not recommended): Use `--allow-regression` and provide justification in PR description.

See full report: [regression-2026-01-25T15-30-00Z.md]

Example: Regression Detected (Warning)

## ⚠️ Regression Gate: WARNING

**Baseline**: main (commit abc123)
**Changed Files**: 3 files
**Tests Affected**: 8 tests

### Behavior Changes Detected

1. **test/integration/api/users.test.ts::createUser**
   - Performance: 150ms → 450ms (+200%)
   - Severity: MAJOR
   - **Action**: INVESTIGATE before merge

### Verdict

⚠️ **MERGE WITH CAUTION** - Behavior changes detected but not blocking.

Recommendation: Review performance regression and document if intentional.

See full report: [regression-2026-01-25T15-30-00Z.md]

Example: No Regressions

## ✅ Regression Gate: PASSED

**Baseline**: main (commit abc123)
**Changed Files**: 2 files
**Tests Affected**: 5 tests
**Result**: All tests passing, no behavioral changes detected

### Verdict

✅ **REGRESSION CHECK PASSED** - Safe to merge from regression perspective.

Integration with Regression Analyst:

For deep regression analysis or complex regressions, escalate to @$AIWG_ROOT/agentic/code/frameworks/sdlc-complete/agents/regression-analyst.md for:

  • Root cause analysis
  • Regression pattern identification
  • Fix recommendations
  • Historical regression correlation

Task 6: Review Summary

Objective: Synthesize all review feedback into actionable summary

Required Sections:

  1. Overall Verdict: Approve / Request Changes / Comment
  2. Critical Issues: Must be fixed before merge
  3. Major Issues: Should be fixed before merge
  4. Minor Issues: Can be addressed in follow-up
  5. Regression Status: Results from regression gate
  6. Merge Recommendation: Clear approve/block decision with rationale

Example Summary

## PR Review Summary

**Verdict**: REQUEST CHANGES

### Critical Issues (MUST FIX)
1. ❌ **Regression**: Authentication tests failing (see regression report)
2. ❌ **Security**: API key exposed in config file (line 42)

### Major Issues (SHOULD FIX)
1. ⚠️ **Performance**: Database query in loop (lines 156-178)
2. ⚠️ **Test Coverage**: New function missing unit tests

### Minor Issues (NICE TO HAVE)
1. 💡 **Code Style**: Inconsistent variable naming
2. 💡 **Documentation**: JSDoc comments missing

### Regression Status
❌ **2 CRITICAL REGRESSIONS DETECTED** - See detailed report above

### Merge Recommendation
🚫 **BLOCK MERGE**

**Rationale**:
- Critical regressions break authentication flow
- Security vulnerability exposes API credentials
- Must be resolved before merge

**Next Steps**:
1. Fix authentication regression
2. Remove exposed API key
3. Re-run regression check
4. Address major issues or create follow-up tickets

Post-Review Actions

After completing review:

  1. Post review comment to PR with summary
  2. Add labels based on severity: 
    • regression-risk
      if regressions detected
    • security-issue
      if vulnerabilities found
    • needs-tests
      if coverage insufficient
    • performance-concern
      if performance issues found
  3. Set PR status:
    • Approve (if all checks pass)
    • Request Changes (if critical/major issues)
    • Comment (if minor issues only)
  4. Save review artifacts:
    • Regression report (if gate enabled)
    • Review summary
    • Issue tracking links

References

  • @$AIWG_ROOT/agentic/code/frameworks/sdlc-complete/commands/regression-check.md - Regression detection command
  • @$AIWG_ROOT/agentic/code/frameworks/sdlc-complete/agents/regression-analyst.md - Deep regression analysis agent
  • @$AIWG_ROOT/agentic/code/frameworks/sdlc-complete/schemas/testing/regression.yaml - Regression detection schema
  • @$AIWG_ROOT/agentic/code/frameworks/sdlc-complete/rules/executable-feedback.md - Executable feedback loop implementation
  • @$AIWG_ROOT/agentic/code/frameworks/sdlc-complete/rules/executable-feedback.md - Test-first principles