PR Reviewer Skill

Purpose

Single responsibility: Review GitHub pull requests for quality, security, and adherence to project standards. (BP-4)

Grounding Checkpoint (Archetype 1 Mitigation)

Before executing, VERIFY:

• gh CLI is installed and authenticated
• PR number or URL is valid
• Repository has review permissions
• Review criteria are defined

DO NOT submit reviews without understanding the full diff.

Uncertainty Escalation (Archetype 2 Mitigation)

ASK USER instead of guessing when:

• Review scope unclear (security only vs full review)
• Approval authority undefined
• Conflicting with existing reviews
• Breaking changes detected

NEVER approve PRs automatically without user confirmation.

Context Scope (Archetype 3 Mitigation)

Workflow Steps

Step 1: Fetch PR Details (Grounding)

# Get PR information
gh pr view <number> --json title,body,author,files,additions,deletions,commits,reviews

# Get diff
gh pr diff <number>

# Check CI status
gh pr checks <number>

Step 2: Analyze Changes

# List changed files
gh pr view <number> --json files --jq '.files[].path'

# Get diff stats
gh pr view <number> --json additions,deletions --jq '"\(.additions) additions, \(.deletions) deletions"'

# Check for sensitive files
gh pr diff <number> | grep -E "(\.env|password|secret|key)" && echo "⚠️ Sensitive patterns detected"

Step 3: Review Categories

Code Quality:

# Check for common issues
gh pr diff <number> | grep -E "(console\.log|debugger|TODO|FIXME)" | head -20

Security:

# Security patterns
gh pr diff <number> | grep -E "(eval\(|innerHTML|dangerouslySetInnerHTML|exec\()" | head -10

Tests:

# Check test coverage
gh pr view <number> --json files --jq '.files[] | select(.path | test("test|spec")) | .path'

Step 4: Submit Review

Comment only:

gh pr review <number> --comment --body "$(cat <<'EOF'
## Code Review

### Summary
[Overview of changes]

### Observations
- Point 1
- Point 2

### Questions
- Question 1?
EOF
)"

Request changes:

gh pr review <number> --request-changes --body "Changes needed: [reason]"

Approve:

gh pr review <number> --approve --body "LGTM! ✅"

Recovery Protocol (Archetype 4 Mitigation)

On error:

1. PAUSE - Don't submit partial reviews
2. DIAGNOSE - Check error type:

   • Not found

     → Verify PR number

   • Permission denied

     → Check repo access

   • Review already exists

     → Update existing

   • CI pending

     → Wait or note in review
3. ADAPT - Adjust review scope
4. RETRY - With corrected parameters (max 3 attempts)
5. ESCALATE - Report issues to user

Checkpoint Support

State saved to:

.aiwg/working/checkpoints/pr-reviewer/

checkpoints/pr-reviewer/
├── pr_details.json          # PR metadata
├── diff_analysis.json       # Change analysis
├── security_scan.json       # Security findings
└── review_draft.md          # Draft review

Review Template

## Code Review: PR #<number>

### Summary
<Brief overview of the PR purpose and changes>

### Review Checklist
- [ ] Code follows project style guide
- [ ] Tests added/updated for changes
- [ ] Documentation updated if needed
- [ ] No security vulnerabilities introduced
- [ ] CI checks passing

### Observations

#### ✅ Strengths
- Point 1
- Point 2

#### ⚠️ Concerns
- Concern 1 (file:line)
- Concern 2 (file:line)

#### ❓ Questions
- Question about design choice?

### Recommendation
- [ ] Approve
- [ ] Request changes
- [ ] Comment only

### Line Comments
| File | Line | Comment |
|------|------|---------|
| src/foo.ts | 42 | Consider using const |

Common Commands

gh pr view <n>

gh pr diff <n>

gh pr checks <n>

gh pr review <n>

gh pr comment <n>

gh pr merge <n>

References

• GitHub CLI PR commands: https://cli.github.com/manual/gh_pr
• REF-001: Production-Grade Agentic Workflows (BP-4)
• REF-002: LLM Failure Modes (Archetype 2 over-helpfulness)