shield_lock
金大哥
联系我们
返回 Skill 列表
extension
分类: 开发与工程无需 API Key

pr-reviewer

自动化 GitHub PR 代码审查,提供差异分析、lint 集成和结构化报告。适用于审查拉取请求、检查安全漏洞等场景。

person作者: briancolingerhubclawhub
open_in_new仓库download下载资源包

PR Reviewer

Automated code review for GitHub pull requests. Analyzes diffs for security issues, error handling gaps, style problems, and test coverage.

Prerequisites

  • gh CLI installed and authenticated (gh auth status)
  • Repository access (read at minimum, write for posting comments)
  • Optional: golangci-lint for Go linting, ruff for Python linting

Quick Start

# Review all open PRs in current repo
scripts/github/pr-reviewer.sh check

# Review a specific PR
scripts/github/pr-reviewer.sh review 42

# Post review as GitHub comment
scripts/github/pr-reviewer.sh post 42

# Check status of all open PRs
scripts/github/pr-reviewer.sh status

# List unreviewed PRs (useful for heartbeat/cron integration)
scripts/github/pr-reviewer.sh list-unreviewed

Configuration

Set these environment variables or the script auto-detects from the current git repo:

  • PR_REVIEW_REPO — GitHub repo in owner/repo format (default: detected from gh repo view)
  • PR_REVIEW_DIR — Local checkout path for lint (default: git root of cwd)
  • PR_REVIEW_STATE — State file path (default: ./data/pr-reviews.json)
  • PR_REVIEW_OUTDIR — Report output directory (default: ./data/pr-reviews/)

Directories Written

  • PR_REVIEW_STATE (default: ./data/pr-reviews.json) — Tracks reviewed PRs and their HEAD SHAs
  • PR_REVIEW_OUTDIR (default: ./data/pr-reviews/) — Markdown review reports

What It Checks

| Category | Icon | Examples | |----------|------|----------| | Security | 🔴 | Hardcoded credentials, AWS keys, secrets in code | | Error Handling | 🟡 | Discarded errors (Go _ :=), bare except: (Python), unchecked Close() | | Risk | 🟠 | panic() calls, process.exit() | | Style | 🔵 | fmt.Print/print()/console.log in prod, very long lines | | TODOs | 📝 | TODO, FIXME, HACK, XXX markers | | Test Coverage | 📊 | Source files changed without corresponding test changes |

Smart Re-Review

Tracks HEAD SHA per PR. Only re-reviews when new commits are pushed. Use review <PR#> to force re-review.

Report Format

Reports are saved as markdown files in the output directory. Each report includes:

  • PR metadata (author, branch, changes)
  • Commit list
  • Changed file categorization by language/type
  • Automated diff findings with file, line, category, and context
  • Test coverage analysis
  • Local lint results (when repo is checked out locally)
  • Summary verdict: 🔴 SECURITY / 🟡 NEEDS ATTENTION / 🔵 MINOR NOTES / ✅ LOOKS GOOD

Heartbeat/Cron Integration

Add to a periodic check (heartbeat, cron job, or CI):

UNREVIEWED=$(scripts/github/pr-reviewer.sh list-unreviewed)
if [ -n "$UNREVIEWED" ]; then
  scripts/github/pr-reviewer.sh check
fi

Extending

The analysis patterns in the script are organized by language. Add new patterns by appending to the relevant pattern list in the analyze_diff() function:

# Add a new Go pattern
go_patterns.append((r'^\+.*os\.Exit\(', 'RISK', 'Direct os.Exit() — consider returning error'))