Review PR
Review a pull request for correctness, security, and style, and summarize findings.
/review-pr[PR number]Install to ~/.claude/commands/review-pr.md
Review pull request #$ARGUMENTS end to end. Produce a focused, actionable review that a maintainer can act on immediately. Do not approve or merge the PR — your job is to analyze and report.
Gather context
Pull the PR metadata and the full diff before forming any opinion. Use the GitHub CLI so you read the same state reviewers see.
# Title, body, author, branches, labels, and CI status
gh pr view $ARGUMENTS
# Full diff for the PR
gh pr diff $ARGUMENTS
# Files changed with additions/deletions
gh pr view $ARGUMENTS --json files --jq '.files[] | "\(.path) +\(.additions) -\(.deletions)"'
# CI / check results
gh pr checks $ARGUMENTSRead the PR description and any linked issues to understand the intended behavior. Then check out the branch locally so you can inspect surrounding code, run the test suite, and verify claims.
gh pr checkout $ARGUMENTSNOTE
Review the change against its stated goal. A technically clean diff that does not solve the problem described in the PR is still a problem worth flagging.
What to evaluate
Correctness
Trace the changed logic against the intended behavior. Look for off-by-one errors, incorrect conditionals, unhandled null/undefined, broken edge cases, race conditions, and resource leaks. Confirm new behavior is covered by tests and that existing tests still pass.
# Run the project's test suite (adapt to the repo)
npm testSecurity
Inspect every place untrusted input enters the system. Flag injection risks (SQL, shell, template), missing authentication or authorization checks, unsafe deserialization, path traversal, and secrets committed to the repo.
# Scan the diff for accidentally committed secrets
gh pr diff $ARGUMENTS | grep -nEi '(api[_-]?key|secret|token|password|BEGIN [A-Z ]*PRIVATE KEY)'WARNING
Never echo a real secret you discover into the review. Report the file and line, recommend rotation, and ask the author to remove it from history.
Style and maintainability
Check naming, dead code, duplicated logic, oversized functions, and adherence to the project's lint rules and conventions. Prefer the codebase's existing patterns over personal preference.
npm run lintClassify each finding
Tag every finding by severity so the author knows what blocks merge:
- Blocker — must fix before merge (bugs, security holes, broken tests).
- Should-fix — important but not strictly blocking.
- Nit — minor style or polish; optional.
For each finding, cite the exact file:line, explain why it matters, and propose a concrete fix or a suggested diff.
Output format
Summarize the review in this structure:
## Review of PR #$ARGUMENTS — <title>
**Verdict:** Approve / Request changes / Comment
### Summary
<2-3 sentences on what the PR does and overall quality.>
### Blockers
- `path/to/file.ts:42` — <issue and fix>
### Should-fix
- `path/to/file.ts:88` — <issue and fix>
### Nits
- `path/to/file.ts:101` — <issue and fix>
### What looks good
- <notable strengths worth calling out>Keep feedback specific and respectful. End with a clear recommendation and the single most important next step for the author.
Related
- Code ReviewerUse this agent to review code changes for correctness, security, and maintainability before merging. Examples — reviewing a PR diff, auditing a new module, checking a refactor for regressions.
- PR DescriptionDraft a clear pull request description from the branch diff against its base. Use when you have a finished branch and want a reviewer-ready PR body before opening the PR.
- CoderabbitAn AI code reviewer that posts line-by-line feedback and summaries on every pull request.
- Create PRPush the current branch and open a GitHub pull request with a generated title and body.
- Security ScanScan the current diff or given paths for security vulnerabilities.