pr-multi-perspective-review
Review a pull request from 6 perspectives (PM, Dev, QA, Security, DevOps, UX) for comprehensive, bias-free feedback
Best use case
pr-multi-perspective-review is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Review a pull request from 6 perspectives (PM, Dev, QA, Security, DevOps, UX) for comprehensive, bias-free feedback
Teams using pr-multi-perspective-review should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/pr-multi-perspective-review/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How pr-multi-perspective-review Compares
| Feature / Agent | pr-multi-perspective-review | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Review a pull request from 6 perspectives (PM, Dev, QA, Security, DevOps, UX) for comprehensive, bias-free feedback
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# PR Multi-Perspective Review
## When to Use
- Before merging any significant PR — to catch issues a single reviewer might miss
- When the PR touches multiple concerns (UI + API + infra all at once)
- For PRs with external impact: public API changes, auth logic, billing flows
- As a pre-merge gate in high-stakes or regulated environments
**Differentiation from `code-review`**: `code-review` is a single technical pass.
This skill runs **6 distinct lenses** simultaneously, surfacing business, quality, and
operational issues that a developer reviewer alone would not flag.
## Prerequisites
- PR is open and has a diff available (via `gh` CLI or GitHub MCP)
- At minimum: PR description exists (even if brief)
## Workflow
### Option A — Single Session (Sequential, Lower Token Cost)
Suitable for smaller PRs or when fleet is not available.
```powershell
# Fetch the PR diff
$pr = 123
gh pr diff $pr
# Fetch PR description and metadata
gh pr view $pr --json title,body,labels,additions,deletions,changedFiles
```
Then work through each perspective in the same session using the prompts below.
### Option B — Fleet Parallel (6 Concurrent Agents, Faster)
Use fleet mode to run all 6 perspectives simultaneously:
```text
> /fleet Run a 6-perspective review of PR #123 in owner/repo.
> Launch 6 parallel agents, each with a different lens:
> 1. PM lens: business value, scope, requirements alignment
> 2. Dev lens: code quality, architecture, maintainability
> 3. QA lens: test coverage, edge cases, regression risk
> 4. Security lens: vulnerabilities, secrets, auth, input validation
> 5. DevOps lens: CI/CD impact, performance, observability, rollback
> 6. UX lens: user-facing changes, error messages, accessibility
> 7. Optional Staff lens: system-level risk, rollout readiness, ownership burden
> Each agent should output: [PASS/CONCERN/BLOCK] + findings as bullet list.
> Final agent: synthesize all active lens outputs into a single review comment.
```
---
### The 6 Perspectives
For architecture-heavy, rollout-sensitive, or cross-team changes, add the optional
**Staff Engineer lens** below instead of assuming the regular Dev lens covers
system-level risk.
#### 1. 📋 PM Lens — Business & Requirements
**Questions to answer:**
- Does this PR deliver what the linked issue/ticket describes?
- Are there scope creep additions not in the original requirement?
- Is the change reversible if it needs to be rolled back?
- Are all acceptance criteria met?
```powershell
# Check linked issues
gh pr view $pr --json body | Select-String "closes|fixes|resolves" -i
gh pr view $pr --json labels
```
**Output format:**
```text
[PM] STATUS: PASS / CONCERN / BLOCK
- Finding 1
- Finding 2
```
#### 2. 🛠️ Dev Lens — Code Quality & Architecture
**Questions to answer:**
- Are there logic errors, off-by-one bugs, or null-pointer risks?
- Does the abstraction level match the rest of the codebase?
- Is there duplication that should be extracted?
- Are naming and readability consistent with conventions?
```powershell
# Review the diff
gh pr diff $pr | Select-String "^\+" | Select-Object -First 100
# Check complexity hotspots
gh pr view $pr --json files | ConvertFrom-Json | Select-Object -ExpandProperty files |
Sort-Object additions -Descending | Select-Object -First 5
```
**Output format:**
```text
[DEV] STATUS: PASS / CONCERN / BLOCK
- Finding 1
- Finding 2
```
#### 3. 🧪 QA Lens — Test Coverage & Edge Cases
**Questions to answer:**
- Are new code paths covered by tests?
- Are happy path + error path + edge cases all represented?
- Do existing tests still cover the changed behavior?
- Is there risk of regression in adjacent functionality?
```powershell
# Check test files in the diff
gh pr view $pr --json files | ConvertFrom-Json | Select-Object -ExpandProperty files |
Where-Object { $_.path -match 'test|spec|__tests__' }
# Count test additions vs source additions
$files = gh pr view $pr --json files | ConvertFrom-Json | Select-Object -ExpandProperty files
$testLines = ($files | Where-Object { $_.path -match 'test|spec' } | Measure-Object additions -Sum).Sum
$srcLines = ($files | Where-Object { $_.path -notmatch 'test|spec' } | Measure-Object additions -Sum).Sum
Write-Host "Test:Source ratio = $testLines : $srcLines"
```
**Output format:**
```text
[QA] STATUS: PASS / CONCERN / BLOCK
- Finding 1
- Finding 2
```
#### 4. 🔒 Security Lens — Vulnerabilities & Trust Boundaries
**Questions to answer:**
- Is user input validated before use?
- Are auth/authorization checks present on new endpoints?
- Could any change leak secrets, PII, or internal details?
- Are new dependencies free of known CVEs?
```powershell
# Scan diff for security patterns
gh pr diff $pr | Select-String "password|secret|token|api.key|eval\(|exec\(" -i
# Check new dependencies
gh pr view $pr --json files | ConvertFrom-Json | Select-Object -ExpandProperty files |
Where-Object { $_.path -match 'package.json|requirements|go.mod|Cargo.toml' }
```
**Output format:**
```text
[SECURITY] STATUS: PASS / CONCERN / BLOCK
- Finding 1
- Finding 2
```
#### 5. 🚀 DevOps Lens — Operations & Reliability
**Questions to answer:**
- Will CI pass? Are there environment-specific assumptions?
- Are there performance implications (N+1 queries, large allocations)?
- Is the change observable? Are new log lines / metrics / traces added?
- Is rollback safe? Does this require a migration or feature flag?
```powershell
# Check CI status on the PR
# Tool: github-mcp-server-pull_request_read
# method: "get_check_runs"
# owner: "my-org" repo: "my-app" pullNumber: 123
# Look for migration files
gh pr view $pr --json files | ConvertFrom-Json | Select-Object -ExpandProperty files |
Where-Object { $_.path -match 'migration|migrate|schema' }
```
**Output format:**
```text
[DEVOPS] STATUS: PASS / CONCERN / BLOCK
- Finding 1
- Finding 2
```
#### 6. 🎨 UX Lens — User-Facing Impact
*Only relevant when the PR touches UI, API responses, error messages, or CLI output.*
**Questions to answer:**
- Are error messages clear and actionable for end users?
- Are breaking changes to public APIs or CLI flags documented?
- Is accessibility considered for UI changes?
- Are loading/empty states handled?
```powershell
# Check for user-facing files
gh pr view $pr --json files | ConvertFrom-Json | Select-Object -ExpandProperty files |
Where-Object { $_.path -match '\.tsx?$|\.vue$|\.svelte$|\.css$|messages\.|i18n\.' }
```
**Output format:**
```text
[UX] STATUS: PASS / CONCERN / BLOCK
- Finding 1 (or "N/A — no user-facing changes")
```
#### 7. 🧭 Staff Engineer Lens — Systemic Risk & Change Readiness *(Optional)*
*Use this lens for high-blast-radius PRs: migrations, platform changes, major rollout
plans, reliability work, or changes that alter long-term ownership burden.*
**Questions to answer:**
- Does this change add hidden operational burden, coupling, or long-term maintenance cost?
- Does the rollout, rollback, or migration plan match the blast radius?
- Are ownership, observability, and failure recovery clear if this change goes wrong?
- Would splitting the change reduce review risk or release risk materially?
```text
[STAFF] STATUS: PASS / CONCERN / BLOCK
- Finding 1
- Finding 2
```
---
### Final Synthesis
After all active lenses complete, compile the summary:
```markdown
## Multi-Perspective Review: PR #123
| Lens | Status | Key Finding |
|------|--------|-------------|
| PM | ✅ PASS | Scope matches issue #89 |
| Dev | ⚠️ CONCERN | null check missing in getUserById |
| QA | ✅ PASS | Test added for 404 case |
| Security | 🚫 BLOCK | User ID not validated before DB query |
| DevOps | ✅ PASS | No migration required |
| UX | ✅ PASS | 404 error message is user-friendly |
**Overall: 🚫 BLOCK — Security issue must be resolved before merge.**
### Required Before Merge
- [ ] Add input validation for userId parameter (Security)
### Suggested Improvements
- [ ] Add null check in getUserById helper (Dev)
```
## Tips
- **BLOCK is a hard stop** — any single BLOCK means the PR should not merge until resolved
- **CONCERN is advisory** — capture it as a follow-up issue if not fixing now
- **Skip irrelevant lenses** — if the PR has no UI changes, mark UX as N/A upfront
- **Add Staff when the blast radius is real** — migrations, infra, platform, or
multi-service changes benefit from a system-level lens
- **Fleet version scales better** — for large PRs (>500 lines), fleet runs 6x faster than sequential
- **Post as PR comment**: use `gh pr comment $pr --body-file review.md` to submit the synthesis
## See Also
- [`code-review`](../code-review/SKILL.md) — single-lens technical review (faster for small PRs)
- [`github-pr-workflow`](../../copilot-exclusive/github-pr-workflow/SKILL.md) — PR lifecycle management
- [`fleet-parallel`](../../copilot-exclusive/fleet-parallel/SKILL.md) — run Option B with /fleet
- *Inspired by: [awesome-claude-code/resources/slash-commands/pr-review](https://github.com/hesreallyhim/awesome-claude-code)*Related Skills
implementation-review
Use after an implementation pass lands — compare the original task spec or handoff against the delivered diff, classify each requested item, and produce an actionable follow-up report.
qa-review
Use when reviewing or planning QA strategy for a feature, PR, or release so test coverage, test quality, reliability, and defect reporting are handled as a coherent engineering discipline instead of ad hoc checks.
pr-security-review
Use when reviewing a pull request for security issues — automatically analyzes the diff for vulnerabilities, hardcoded secrets, injection risks, and broken access control before merging
gha-security-review
Use when reviewing GitHub Actions workflows for exploitable vulnerabilities — finds pwn-request patterns, expression injection, credential escalation, config poisoning, and supply chain risks, and reports only HIGH and MEDIUM confidence findings with concrete attack paths.
review
Use when you want to check whether a code change follows the repository's documented conventions (Standards) and aligns with the originating issue or PRD (Spec) — compared against a pinned git reference
code-review
Use when reviewing code changes for quality, correctness, and security — runs a structured checklist with severity-rated findings
multi-model-strategy
Use when choosing which AI model to use for a task — pick the right model family and tier based on cost, speed, context needs, and reasoning depth
verification-before-completion
Use before claiming any task is done — run the exact command that proves the fix works, read the output, and only then report success.
using-git-worktrees
Use when you need multiple branches checked out at once — create isolated working directories for parallel development without cloning the repository repeatedly
triage
Use when a single issue needs structured triage — classify it, reproduce if needed, request missing information, and leave a durable brief or close-out note in the tracker.
to-issues
Use when a plan, spec, or PRD must become an actionable backlog — break it into thin dependency-aware issues that each deliver a verifiable vertical slice
sprint-workflow
Use when starting a new feature, refactor, or multi-step dev task — runs the full sprint cycle (Think → Plan → Build → Review → Test → Ship → Monitor) using Copilot CLI's plan/autopilot modes.