github-code-review

Practical GitHub code review workflow with local diff inspection, PR review, inline comments, approval/request-changes decisions, and optional multi-agent review overlays.

5 stars

Best use case

github-code-review is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Practical GitHub code review workflow with local diff inspection, PR review, inline comments, approval/request-changes decisions, and optional multi-agent review overlays.

Teams using github-code-review should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/code-review/SKILL.md --create-dirs "https://raw.githubusercontent.com/vamseeachanta/workspace-hub/main/.agents/skills/development/github/code-review/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/code-review/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How github-code-review Compares

Feature / Agentgithub-code-reviewStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Practical GitHub code review workflow with local diff inspection, PR review, inline comments, approval/request-changes decisions, and optional multi-agent review overlays.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

SKILL.md Source

# GitHub Code Review

## Overview

Use this skill when reviewing commits or pull requests on GitHub. It combines the repo's multi-agent review intent with the concrete gh-driven workflow from Hermes.

## Quick Start

```bash
# View PR metadata
gh pr view 123 --json files,additions,deletions,title,body,author

# Review diff
gh pr diff 123

# Check out locally if needed
gh pr checkout 123

# Approve
gh pr review 123 --approve --body "APPROVE: looks good."

# Request changes
gh pr review 123 --request-changes --body "MAJOR: please address the items below."

# Comment only
gh pr review 123 --comment --body "MINOR: a few follow-ups below."
```

## When to Use

- Review pull requests before merge
- Review a local diff before opening a PR
- Leave inline GitHub comments on specific files/lines
- Perform adversarial review for security, performance, architecture, and test quality
- Run a multi-agent review where Codex/Codex/Gemini each provide a distinct perspective

## Review Workflow

1. Inspect scope
   - `gh pr view <N> --json files,additions,deletions,title,body`
   - `gh pr diff <N>`
2. Pull locally when needed
   - `gh pr checkout <N>`
   - run tests, linters, or targeted repro steps
3. Review against checklist below
4. Leave review comments
5. Submit verdict

## Review Checklist

- Correctness
  - Does the change do what the issue/plan requires?
  - Any broken edge cases or regressions?
- Security
  - Injection risks?
  - Missing auth/validation?
  - Secrets or unsafe defaults?
- Quality
  - Names, structure, duplication, maintainability
- Testing
  - Meaningful coverage?
  - TDD evidence or regression test?
- Performance
  - Obvious N+1, excessive scans, slow paths, unnecessary allocations
- Documentation
  - Need updates to README, AGENTS, docs, comments, or migration notes?

## Local Diff Review

Use this before PR creation or when GitHub is unavailable:

```bash
git diff --stat main...HEAD
git diff main...HEAD
```

Recommended review summary format:

```text
Summary: <1-3 sentences>

Critical Issues:
- <must-fix item>

Important Issues:
- <should-fix item>

Minor Issues:
- <nice-to-have>

Strengths:
- <what is good>

Verdict: APPROVE | MINOR | MAJOR | REJECT
```

## Inline Commenting

```bash
gh api repos/:owner/:repo/pulls/123/comments \
  -f body='Potential null dereference here.' \
  -f commit_id='SHA' \
  -f path='src/module.py' \
  -F line=42
```

A reusable review output template is preserved at:
- `references/review-output-template.md`

## Multi-Agent Review Mode

Use this when you want more than one reviewer:
- Codex: orchestration, architecture, synthesis
- Codex: adversarial code review, implementation-focused criticism
- Gemini: third-lane synthesis, alternate perspective, large-context review

Treat the final decision as the merged outcome of all collected reviews, not just the first positive response.

## Verdict Guidance

- APPROVE
  - No meaningful issues found; safe to merge
- MINOR
  - Small follow-ups or polish items; merge can proceed with discretion
- MAJOR
  - Significant correctness, security, testing, or architecture concerns; fix before merge
- REJECT
  - Fundamentally unsafe, mis-scoped, or not ready for merge

## Supplemental Generic Review Checklist

This checklist was preserved from the former `software-development/code-review` path during deduplication.

### 1. Security First
- [ ] No hardcoded secrets, API keys, or credentials
- [ ] Input validation on all user-provided data
- [ ] SQL queries use parameterized statements (no string concatenation)
- [ ] File operations validate paths (no path traversal)
- [ ] Authentication/authorization checks present where needed

### 2. Error Handling
- [ ] All external calls (API, DB, file) have try/catch
- [ ] Errors are logged with context (but no sensitive data)
- [ ] User-facing errors are helpful but don't leak internals
- [ ] Resources are cleaned up in finally blocks or context managers

### 3. Code Quality
- [ ] Functions do one thing and are reasonably sized (<50 lines ideal)
- [ ] Variable names are descriptive (no single letters except loops)
- [ ] No commented-out code left behind
- [ ] Complex logic has explanatory comments
- [ ] No duplicate code (DRY principle)

### 4. Testing Considerations
- [ ] Edge cases handled (empty inputs, nulls, boundaries)
- [ ] Happy path and error paths both work
- [ ] New code has corresponding tests (if test suite exists)

## Notes

- Prefer specific, actionable comments over vague criticism
- Cite file paths and line ranges when possible
- For high-risk changes, run code/tests locally before approving
- Multi-agent review is an overlay, not a substitute for concrete diff inspection

Related Skills

plan-review-prompt-refresh-after-plan-edits

5
from vamseeachanta/workspace-hub

Refresh reviewer prompt files from the latest on-disk plan before every adversarial re-review. Prevents Codex/Gemini from critiquing stale plan text after local edits.

tdd-verification-and-adversarial-review

5
from vamseeachanta/workspace-hub

Verify pre-written TDD tests pass, conduct adversarial code review on committed diffs, and route findings to existing issues

tax-filing-session-setup-with-github-tracking

5
from vamseeachanta/workspace-hub

Structured workflow for preparing and tracking a tax filing session using prepared documents, task checklist, and GitHub issue cross-referencing

tax-filing-session-setup-with-github-traceability

5
from vamseeachanta/workspace-hub

Structured workflow for setting up a multi-file tax filing session with GitHub issue tracking and prepared-file validation

multi-role-agent-contract-review-pipeline

5
from vamseeachanta/workspace-hub

Execute a 4-role agent team (Planner/Architect/Reviewer/Integrator) pipeline for self-reviewing knowledge artifacts before delivery

gsd-adversarial-review-pattern

5
from vamseeachanta/workspace-hub

Catch hidden test failures by running adversarial review on sparse-data edge cases before final push

github-issue-structure-for-personal-finance-tracking

5
from vamseeachanta/workspace-hub

Pattern for organizing financial analysis work across multiple repos (data/config vs. logic separation)

adversarial-code-review-tdd

5
from vamseeachanta/workspace-hub

Systematic adversarial review pattern to identify breaking assumptions in already-passing test suites

adversarial-code-review-for-committed-diffs

5
from vamseeachanta/workspace-hub

Systematic process for reviewing already-committed code changes to catch type inconsistencies, edge cases, and docstring gaps

adversarial-code-review-and-fix

5
from vamseeachanta/workspace-hub

Systematic pattern for catching design flaws in already-passing code through adversarial review, then fixing them with TDD confirmation.

learned-git-worktree-hook-path-and-real-hook-shape-review

5
from vamseeachanta/workspace-hub

Catch hook-installation and governance bugs that only appear in linked git worktrees or against the real generated hook shape, not simplified test fixtures.

ten-agent-pre-plan-review-wave

5
from vamseeachanta/workspace-hub

Launch and verify a 10-agent planning-only wave that moves open GitHub issues into status:plan-review using one isolated worktree per issue, wave-specific continuation cron, and post-run artifact-reconciliation checks.