playbooks

home / skills / yonatangross / orchestkit / review-pr

review-pr skill

/plugins/ork/skills/review-pr

This skill performs deep PR review using parallel specialized agents to quickly identify security, quality, and architecture issues.

npx playbooks add skill yonatangross/orchestkit --skill review-pr

Review the files below or copy the command above to add this skill to your agents.

Files (11)
SKILL.md
6.5 KB
---
name: review-pr
license: MIT
compatibility: "Claude Code 2.1.34+. Requires memory MCP server, gh CLI."
description: "PR review with parallel specialized agents. Use when reviewing pull requests or code."
argument-hint: "[pr-number-or-branch]"
context: fork
version: 1.5.0
author: OrchestKit
tags: [code-review, pull-request, quality, security, testing]
user-invocable: true
allowed-tools: [AskUserQuestion, Bash, Read, Write, Edit, Grep, Glob, Task, TaskCreate, TaskUpdate, mcp__memory__search_nodes]
skills: [code-review-playbook, security-scanning, type-safety-validation, testing-patterns, memory]
complexity: medium
metadata:
  category: workflow-automation
  mcp-server: memory
---

# Review PR

Deep code review using 6-7 parallel specialized agents.

## Quick Start

```bash
/review-pr 123
/review-pr feature-branch
```

> **Opus 4.6**: Parallel agents use native adaptive thinking for deeper analysis. Complexity-aware routing matches agent model to review difficulty.

---

## STEP 0: Verify User Intent with AskUserQuestion

**BEFORE creating tasks**, clarify review focus:

```python
AskUserQuestion(
  questions=[{
    "question": "What type of review do you need?",
    "header": "Focus",
    "options": [
      {"label": "Full review (Recommended)", "description": "Security + code quality + tests + architecture"},
      {"label": "Security focus", "description": "Prioritize security vulnerabilities"},
      {"label": "Performance focus", "description": "Focus on performance implications"},
      {"label": "Quick review", "description": "High-level review, skip deep analysis"}
    ],
    "multiSelect": false
  }]
)
```

**Based on answer, adjust workflow:**
- **Full review**: All 6-7 parallel agents
- **Security focus**: Prioritize security-auditor, reduce other agents
- **Performance focus**: Add frontend-performance-engineer agent
- **Quick review**: Single code-quality-reviewer agent only

---

## STEP 0b: Select Orchestration Mode

See [Orchestration Mode Selection](references/orchestration-mode-selection.md)

---

## CRITICAL: Task Management is MANDATORY (CC 2.1.16)

**BEFORE doing ANYTHING else, create tasks to track progress:**

```python
# 1. Create main review task IMMEDIATELY
TaskCreate(
  subject="Review PR #{number}",
  description="Comprehensive code review with parallel agents",
  activeForm="Reviewing PR #{number}"
)

# 2. Create subtasks for each phase
TaskCreate(subject="Gather PR information", activeForm="Gathering PR information")
TaskCreate(subject="Launch review agents", activeForm="Dispatching review agents")
TaskCreate(subject="Run validation checks", activeForm="Running validation checks")
TaskCreate(subject="Synthesize review", activeForm="Synthesizing review")
TaskCreate(subject="Submit review", activeForm="Submitting review")

# 3. Update status as you progress
TaskUpdate(taskId="2", status="in_progress")  # When starting
TaskUpdate(taskId="2", status="completed")    # When done
```

---

## Phase 1: Gather PR Information

```bash
# Get PR details
gh pr view $ARGUMENTS --json title,body,files,additions,deletions,commits,author

# View the diff
gh pr diff $ARGUMENTS

# Check CI status
gh pr checks $ARGUMENTS
```

Identify: total files changed, lines added/removed, affected domains (frontend, backend, AI).

## Tool Guidance

| Task | Use | Avoid |
|------|-----|-------|
| Fetch PR diff | `Bash: gh pr diff` | Reading all changed files individually |
| List changed files | `Bash: gh pr diff --name-only` | `bash find` |
| Search for patterns | `Grep(pattern="...", path="src/")` | `bash grep` |
| Read file content | `Read(file_path="...")` | `bash cat` |
| Check CI status | `Bash: gh pr checks` | Polling APIs |

<use_parallel_tool_calls>
When gathering PR context, run independent operations in parallel:
- `gh pr view` (PR metadata), `gh pr diff` (changed files), `gh pr checks` (CI status)

Spawn all three in ONE message. This cuts context-gathering time by 60%.
For agent-based review (Phase 3), all 6 agents are independent -- launch them together.
</use_parallel_tool_calls>

## Phase 2: Skills Auto-Loading (CC 2.1.6)

**CC 2.1.6 auto-discovers skills** -- no manual loading needed!

Relevant skills activated automatically:
- `code-review-playbook` -- Review patterns, conventional comments
- `security-scanning` -- OWASP, secrets, dependencies
- `type-safety-validation` -- Zod, TypeScript strict
- `testing-patterns` -- Test adequacy, coverage gaps, rule matching

## Phase 3: Parallel Code Review (6 Agents)

See [Agent Prompts -- Task Tool Mode](rules/agent-prompts-task-tool.md) for the 6 parallel agent prompts.

See [Agent Prompts -- Agent Teams Mode](rules/agent-prompts-agent-teams.md) for the mesh alternative.

See [AI Code Review Agent](rules/ai-code-review-agent.md) for the optional 7th LLM agent.

## Phase 4: Run Validation

See [Validation Commands](references/validation-commands.md)

## Phase 5: Synthesize Review

Combine all agent feedback into a structured report. See [Review Report Template](references/review-report-template.md)

## Phase 6: Submit Review

```bash
# Approve
gh pr review $ARGUMENTS --approve -b "Review message"

# Request changes
gh pr review $ARGUMENTS --request-changes -b "Review message"
```

## CC 2.1.20 Enhancements

### PR Status Enrichment

The `pr-status-enricher` hook automatically detects open PRs at session start and sets:
- `ORCHESTKIT_PR_URL` -- PR URL for quick reference
- `ORCHESTKIT_PR_STATE` -- PR state (OPEN, MERGED, CLOSED)

### Session Resume with PR Context (CC 2.1.27+)

Sessions are automatically linked when reviewing PRs. Resume later with full context:

```bash
claude --from-pr 123
claude --from-pr https://github.com/org/repo/pull/123
```

### Task Metrics (CC 2.1.30)

See [Task Metrics Template](references/task-metrics-template.md)

## Conventional Comments

Use these prefixes for comments:
- `praise:` -- Positive feedback
- `nitpick:` -- Minor suggestion
- `suggestion:` -- Improvement idea
- `issue:` -- Must fix
- `question:` -- Needs clarification

## Related Skills
- commit: Create commits after review
- create-pr: Create PRs for review
- slack-integration: Team notifications for review events

## References

- [Review Template](references/review-template.md)
- [Review Report Template](references/review-report-template.md)
- [Orchestration Mode Selection](references/orchestration-mode-selection.md)
- [Validation Commands](references/validation-commands.md)
- [Task Metrics Template](references/task-metrics-template.md)
- [Agent Prompts -- Task Tool](rules/agent-prompts-task-tool.md)
- [Agent Prompts -- Agent Teams](rules/agent-prompts-agent-teams.md)
- [AI Code Review Agent](rules/ai-code-review-agent.md)

Overview

This skill performs deep pull request reviews using 6-7 parallel specialized agents to cover security, code quality, tests, architecture, and performance. It orchestrates context gathering, parallel analysis, validation checks, and a final synthesized report to produce actionable review feedback. Built for TypeScript projects and modern stacks, it adapts agent selection based on review focus and complexity.

How this skill works

First, it verifies the reviewer’s intent and selects an orchestration mode so the workflow matches the requested focus (full, security, performance, or quick). It gathers PR metadata, diffs, and CI status in parallel, launches multiple specialized agents concurrently to inspect different concerns, runs validation checks, and synthesizes agent outputs into a structured review report. Tasks are created and updated throughout to track progress and enable session resume.

When to use it

  • Reviewing a pull request that touches multiple domains (frontend, backend, AI) or many files.
  • Conducting a security-focused audit of a change set with potential vulnerabilities.
  • Evaluating performance-sensitive changes or regressions before merge.
  • Running a comprehensive review that must cover tests, types, and architecture.
  • Needing a quick high-level review for low-risk changes.

Best practices

  • Start by asking the user for review focus to tailor agent selection and depth.
  • Create tasks immediately to track the main review and each subphase (gather, dispatch, validate, synthesize, submit).
  • Gather PR metadata, diff, and CI status in parallel to save time.
  • Prefer full review for critical merges; choose targeted modes for focused or fast checks.
  • Use conventional comment prefixes (praise:, nitpick:, suggestion:, issue:, question:) for consistent feedback.

Example use cases

  • A feature branch modifies backend logic and front-end rendering—run the full parallel review to cover architecture, tests, and security.
  • A dependency bump is suspected to introduce vulnerabilities—launch a security-focused workflow with prioritized security scanning.
  • A performance regression report accompanies a PR—add a frontend-performance engineer agent and emphasize profiling insights.
  • A small docs or config change—use quick review mode to get a fast sanity check and approve if safe.
  • An intermittent CI failure—gather CI checks and diffs, then run validation commands and provide remediation steps.

FAQ

How many agents run for a full review?

A full review typically runs six parallel agents, with an optional seventh AI review agent for deeper synthesis.

Can I focus only on security or performance?

Yes. The skill adapts agent selection—security or performance-focused workflows prioritize relevant agents and reduce noise.

What tooling does it use to fetch PR context?

It uses GitHub CLI commands (gh pr view, gh pr diff, gh pr checks) and other file-reading/search tools run in parallel for speed.