github-code-review

Simple Review

```bash

# Initialize review swarm for PR

gh pr view 123 --json files,diff | npx ruv-swarm github review-init --pr 123

# Post review status

gh pr comment 123 --body "🔍 Multi-agent code review initiated"

```

Complete Review Workflow

```bash

# Get PR context with gh CLI

PR_DATA=$(gh pr view 123 --json files,additions,deletions,title,body)

PR_DIFF=$(gh pr diff 123)

# Initialize comprehensive review

npx ruv-swarm github review-init \

--pr 123 \

--pr-data "$PR_DATA" \

--diff "$PR_DIFF" \

--agents "security,performance,style,architecture,accessibility" \

--depth comprehensive

```

---

---

Multi-Agent Review System

Deploy specialized AI agents for comprehensive code review:

```bash

# Initialize review swarm with GitHub CLI integration

PR_DATA=$(gh pr view 123 --json files,additions,deletions,title,body)

PR_DIFF=$(gh pr diff 123)

# Start multi-agent review

npx ruv-swarm github review-init \

--pr 123 \

--pr-data "$PR_DATA" \

--diff "$PR_DIFF" \

--agents "security,performance,style,architecture,accessibility" \

--depth comprehensive

# Post initial review status

gh pr comment 123 --body "🔍 Multi-agent code review initiated"

```

Benefits:

• ✅ Parallel review by specialized agents
• ✅ Comprehensive coverage across multiple domains
• ✅ Faster review cycles with coordinated analysis
• ✅ Consistent quality standards enforcement

---

Security Review Agent

Focus: Identify security vulnerabilities and suggest fixes

```bash

# Get changed files from PR

CHANGED_FILES=$(gh pr view 123 --json files --jq '.files[].path')

# Run security-focused review

SECURITY_RESULTS=$(npx ruv-swarm github review-security \

--pr 123 \

--files "$CHANGED_FILES" \

--check "owasp,cve,secrets,permissions" \

--suggest-fixes)

# Post findings based on severity

if echo "$SECURITY_RESULTS" | grep -q "critical"; then

# Request changes for critical issues

gh pr review 123 --request-changes --body "$SECURITY_RESULTS"

gh pr edit 123 --add-label "security-review-required"

else

# Post as comment for non-critical issues

gh pr comment 123 --body "$SECURITY_RESULTS"

fi

```

---

Performance Review Agent

Focus: Analyze performance impact and optimization opportunities

```bash

# Run performance analysis

npx ruv-swarm github review-performance \

--pr 123 \

--profile "cpu,memory,io" \

--benchmark-against main \

--suggest-optimizations

```

---

Architecture Review Agent

Focus: Evaluate design patterns and architectural decisions

```bash

# Architecture review

npx ruv-swarm github review-architecture \

--pr 123 \

--check "patterns,coupling,cohesion,solid" \

--visualize-impact \

--suggest-refactoring

```

---

Style & Convention Agent

Focus: Enforce coding standards and best practices

```bash

# Style enforcement with auto-fix

npx ruv-swarm github review-style \

--pr 123 \

--check "formatting,naming,docs,tests" \

--auto-fix "formatting,imports,whitespace"

```

---

Create Swarm from PR

```bash

# Create swarm from PR description using gh CLI

gh pr view 123 --json body,title,labels,files | npx ruv-swarm swarm create-from-pr

# Auto-spawn agents based on PR labels

gh pr view 123 --json labels | npx ruv-swarm swarm auto-spawn

# Create swarm with full PR context

gh pr view 123 --json body,labels,author,assignees | \

npx ruv-swarm swarm init --from-pr-data

```

Label-Based Agent Assignment

Map PR labels to specialized agents:

```json

{

"label-mapping": {

"bug": ["debugger", "tester"],

"feature": ["architect", "coder", "tester"],

"refactor": ["analyst", "coder"],

"docs": ["researcher", "writer"],

"performance": ["analyst", "optimizer"],

"security": ["security", "authentication", "audit"]

}

}

```

Topology Selection by PR Size

```bash

# Automatic topology selection based on PR complexity

# Small PR (< 100 lines): ring topology

# Medium PR (100-500 lines): mesh topology

# Large PR (> 500 lines): hierarchical topology

npx ruv-swarm github pr-topology --pr 123

```

---

Execute swarm commands directly from PR comments:

```markdown

/swarm init mesh 6

/swarm spawn coder "Implement authentication"

/swarm spawn tester "Write unit tests"

/swarm status

/swarm review --agents security,performance

```

---

Configuration File

```yaml

# .github/review-swarm.yml

version: 1

review:

auto-trigger: true

required-agents:

- security

- performance

- style

optional-agents:

- architecture

- accessibility

- i18n

thresholds:

security: block # Block merge on security issues

performance: warn # Warn on performance issues

style: suggest # Suggest style improvements

rules:

security:

- no-eval

- no-hardcoded-secrets

- proper-auth-checks

- validate-input

performance:

- no-n-plus-one

- efficient-queries

- proper-caching

- optimize-loops

architecture:

- max-coupling: 5

- min-cohesion: 0.7

- follow-patterns

- avoid-circular-deps

```

Custom Review Triggers

```javascript

{

"triggers": {

"high-risk-files": {

"paths": ["/auth/", "/payment/", "/admin/"],

"agents": ["security", "architecture"],

"depth": "comprehensive",

"require-approval": true

},

"performance-critical": {

"paths": ["/api/", "/database/", "/cache/"],

"agents": ["performance", "database"],

"benchmarks": true,

"regression-threshold": "5%"

},

"ui-changes": {

"paths": ["/components/", "/styles/", "/pages/"],

"agents": ["accessibility", "style", "i18n"],

"visual-tests": true,

"responsive-check": true

}

}

}

```

---

Auto-Review on PR Creation

```yaml

# .github/workflows/auto-review.yml

name: Automated Code Review

on:

pull_request:

types: [opened, synchronize]

issue_comment:

types: [created]

jobs:

swarm-review:

runs-on: ubuntu-latest

steps:

- uses: actions/checkout@v3

with:

fetch-depth: 0

- name: Setup GitHub CLI

run: echo "${{ secrets.GITHUB_TOKEN }}" | gh auth login --with-token

- name: Run Review Swarm

run: |

# Get PR context with gh CLI

PR_NUM=${{ github.event.pull_request.number }}

PR_DATA=$(gh pr view $PR_NUM --json files,title,body,labels)

PR_DIFF=$(gh pr diff $PR_NUM)

# Run swarm review

REVIEW_OUTPUT=$(npx ruv-swarm github review-all \

--pr $PR_NUM \

--pr-data "$PR_DATA" \

--diff "$PR_DIFF" \

--agents "security,performance,style,architecture")

# Post review results

echo "$REVIEW_OUTPUT" | gh pr review $PR_NUM --comment -F -

# Update PR status

if echo "$REVIEW_OUTPUT" | grep -q "approved"; then

gh pr review $PR_NUM --approve

elif echo "$REVIEW_OUTPUT" | grep -q "changes-requested"; then

gh pr review $PR_NUM --request-changes -b "See review comments above"

fi

- name: Update Labels

run: |

# Add labels based on review results

if echo "$REVIEW_OUTPUT" | grep -q "security"; then

gh pr edit $PR_NUM --add-label "security-review"

fi

if echo "$REVIEW_OUTPUT" | grep -q "performance"; then

gh pr edit $PR_NUM --add-label "performance-review"

fi

```

---

Generate Contextual Review Comments

```bash

# Get PR diff with context

PR_DIFF=$(gh pr diff 123 --color never)

PR_FILES=$(gh pr view 123 --json files)

# Generate review comments

COMMENTS=$(npx ruv-swarm github review-comment \

--pr 123 \

--diff "$PR_DIFF" \

--files "$PR_FILES" \

--style "constructive" \

--include-examples \

--suggest-fixes)

# Post comments using gh CLI

echo "$COMMENTS" | jq -c '.[]' | while read -r comment; do

FILE=$(echo "$comment" | jq -r '.path')

LINE=$(echo "$comment" | jq -r '.line')

BODY=$(echo "$comment" | jq -r '.body')

COMMIT_ID=$(gh pr view 123 --json headRefOid -q .headRefOid)

# Create inline review comments

gh api \

--method POST \

/repos/:owner/:repo/pulls/123/comments \

-f path="$FILE" \

-f line="$LINE" \

-f body="$BODY" \

-f commit_id="$COMMIT_ID"

done

```

Batch Comment Management

```bash

# Manage review comments efficiently

npx ruv-swarm github review-comments \

--pr 123 \

--group-by "agent,severity" \

--summarize \

--resolve-outdated

```

---

Status Checks

```yaml

# Required status checks in branch protection

protection_rules:

required_status_checks:

strict: true

contexts:

- "review-swarm/security"

- "review-swarm/performance"

- "review-swarm/architecture"

- "review-swarm/tests"

```

Define Quality Gates

```bash

# Set quality gate thresholds

npx ruv-swarm github quality-gates \

--define '{

"security": {"threshold": "no-critical"},

"performance": {"regression": "<5%"},

"coverage": {"minimum": "80%"},

"architecture": {"complexity": "<10"},

"duplication": {"maximum": "5%"}

}'

```

Track Review Metrics

```bash

# Monitor review effectiveness

npx ruv-swarm github review-metrics \

--period 30d \

--metrics "issues-found,false-positives,fix-rate,time-to-review" \

--export-dashboard \

--format json

```

---

Context-Aware Reviews

Analyze PRs with full project context:

```bash

# Review with comprehensive context

npx ruv-swarm github review-context \

--pr 123 \

--load-related-prs \

--analyze-impact \

--check-breaking-changes \

--dependency-analysis

```

Learning from History

Train review agents on your codebase patterns:

```bash

# Learn from past reviews

npx ruv-swarm github review-learn \

--analyze-past-reviews \

--identify-patterns \

--improve-suggestions \

--reduce-false-positives

# Train on your codebase

npx ruv-swarm github review-train \

--learn-patterns \

--adapt-to-style \

--improve-accuracy

```

Cross-PR Analysis

Coordinate reviews across related pull requests:

```bash

# Analyze related PRs together

npx ruv-swarm github review-batch \

--prs "123,124,125" \

--check-consistency \

--verify-integration \

--combined-impact

```

Multi-PR Swarm Coordination

```bash

# Coordinate swarms across related PRs

npx ruv-swarm github multi-pr \

--prs "123,124,125" \

--strategy "parallel" \

--share-memory

```

---

Create Custom Agent

```javascript

// custom-review-agent.js

class CustomReviewAgent {

constructor(config) {

this.config = config;

this.rules = config.rules || [];

}

async review(pr) {

const issues = [];

// Custom logic: Check for TODO comments in production code

if (await this.checkTodoComments(pr)) {

issues.push({

severity: 'warning',

file: pr.file,

line: pr.line,

message: 'TODO comment found in production code',

suggestion: 'Resolve TODO or create issue to track it'

});

}

// Custom logic: Verify API versioning

if (await this.checkApiVersioning(pr)) {

issues.push({

severity: 'error',

file: pr.file,

line: pr.line,

message: 'API endpoint missing versioning',

suggestion: 'Add /v1/, /v2/ prefix to API routes'

});

}

return issues;

}

async checkTodoComments(pr) {

// Implementation

const todoRegex = /\/\/\sTODO|\/\\s*TODO/gi;

return todoRegex.test(pr.diff);

}

async checkApiVersioning(pr) {

// Implementation

const apiRegex = /app\.(get|post|put|delete)\(['"]\/api\/(?!v\d+)/;

return apiRegex.test(pr.diff);

}

}

module.exports = CustomReviewAgent;

```

Register Custom Agent

```bash

# Register custom review agent

npx ruv-swarm github register-agent \

--name "custom-reviewer" \

--file "./custom-review-agent.js" \

--category "standards"

```

---

Integration with Build Pipeline

```yaml

# .github/workflows/build-and-review.yml

name: Build and Review

on: [pull_request]

jobs:

build-and-test:

runs-on: ubuntu-latest

steps:

- uses: actions/checkout@v3

- run: npm install

- run: npm test

- run: npm run build

swarm-review:

needs: build-and-test

runs-on: ubuntu-latest

steps:

- name: Run Swarm Review

run: |

npx ruv-swarm github review-all \

--pr ${{ github.event.pull_request.number }} \

--include-build-results

```

Automated PR Fixes

```bash

# Auto-fix common issues

npx ruv-swarm github pr-fix 123 \

--issues "lint,test-failures,formatting" \

--commit-fixes \

--push-changes

```

Progress Updates to PR

```bash

# Post swarm progress to PR using gh CLI

PROGRESS=$(npx ruv-swarm github pr-progress 123 --format markdown)

gh pr comment 123 --body "$PROGRESS"

# Update PR labels based on progress

if [[ $(echo "$PROGRESS" | grep -o '[0-9]\+%' | sed 's/%//') -gt 90 ]]; then

gh pr edit 123 --add-label "ready-for-review"

fi

```

---

Example 1: Security-Critical PR

```bash

# Review authentication system changes

npx ruv-swarm github review-init \

--pr 456 \

--agents "security,authentication,audit" \

--depth "maximum" \

--require-security-approval \

--penetration-test

```

Example 2: Performance-Sensitive PR

```bash

# Review database optimization

npx ruv-swarm github review-init \

--pr 789 \

--agents "performance,database,caching" \

--benchmark \

--profile \

--load-test

```

Example 3: UI Component PR

```bash

# Review new component library

npx ruv-swarm github review-init \

--pr 321 \

--agents "accessibility,style,i18n,docs" \

--visual-regression \

--component-tests \

--responsive-check

```

Example 4: Feature Development PR

```bash

# Review new feature implementation

gh pr view 456 --json body,labels,files | \

npx ruv-swarm github pr-init 456 \

--topology hierarchical \

--agents "architect,coder,tester,security" \

--auto-assign-tasks

```

Example 5: Bug Fix PR

```bash

# Review bug fix with debugging focus

npx ruv-swarm github pr-init 789 \

--topology mesh \

--agents "debugger,analyst,tester" \

--priority high \

--regression-test

```

---

Review Dashboard

```bash

# Launch real-time review dashboard

npx ruv-swarm github review-dashboard \

--real-time \

--show "agent-activity,issue-trends,fix-rates,coverage"

```

Generate Review Reports

```bash

# Create comprehensive review report

npx ruv-swarm github review-report \

--format "markdown" \

--include "summary,details,trends,recommendations" \

--email-stakeholders \

--export-pdf

```

PR Swarm Analytics

```bash

# Generate PR-specific analytics

npx ruv-swarm github pr-report 123 \

--metrics "completion-time,agent-efficiency,token-usage,issue-density" \

--format markdown \

--compare-baseline

```

Export to GitHub Insights

```bash

# Export metrics to GitHub Insights

npx ruv-swarm github export-metrics \

--pr 123 \

--to-insights \

--dashboard-url

```

---

Best Practices

1. Token Permissions: Ensure GitHub tokens have minimal required scopes
2. Command Validation: Validate all PR comments before execution
3. Rate Limiting: Implement rate limits for PR operations
4. Audit Trail: Log all swarm operations for compliance
5. Secret Management: Never expose API keys in PR comments or logs

Security Checklist

• [ ] GitHub token scoped to repository only
• [ ] Webhook signatures verified
• [ ] Command injection protection enabled
• [ ] Rate limiting configured
• [ ] Audit logging enabled
• [ ] Secrets scanning active
• [ ] Branch protection rules enforced

---

1. Review Configuration

• ✅ Define clear review criteria upfront
• ✅ Set appropriate severity thresholds
• ✅ Configure agent specializations for your stack
• ✅ Establish override procedures for emergencies

2. Comment Quality

• ✅ Provide actionable, specific feedback
• ✅ Include code examples with suggestions
• ✅ Reference documentation and best practices
• ✅ Maintain respectful, constructive tone

3. Performance Optimization

• ✅ Cache analysis results to avoid redundant work
• ✅ Use incremental reviews for large PRs
• ✅ Enable parallel agent execution
• ✅ Batch comment operations efficiently

4. PR Templates

```markdown

• Topology: [mesh/hierarchical/ring/star]
• Max Agents: [number]
• Auto-spawn: [yes/no]
• Priority: [high/medium/low]

• [ ] Task 1 description
• [ ] Task 2 description
• [ ] Task 3 description

• [ ] Security review
• [ ] Performance analysis
• [ ] Architecture validation
• [ ] Accessibility check

```

5. Auto-Merge When Ready

```bash

# Auto-merge when swarm completes and passes checks

SWARM_STATUS=$(npx ruv-swarm github pr-status 123)

if [[ "$SWARM_STATUS" == "complete" ]]; then

# Check review requirements

REVIEWS=$(gh pr view 123 --json reviews --jq '.reviews | length')

if [[ $REVIEWS -ge 2 ]]; then

# Enable auto-merge

gh pr merge 123 --auto --squash

fi

fi

```

---

Workflow Pattern

1. Claude Code reads PR diff and context
2. Swarm coordinates review approach based on PR type
3. Agents work in parallel on different review aspects
4. Progress updates posted to PR automatically
5. Final review performed before marking ready

Example: Complete PR Management

```javascript

[Single Message - Parallel Execution]:

// Initialize coordination

mcp__claude-flow__swarm_init { topology: "hierarchical", maxAgents: 5 }

mcp__claude-flow__agent_spawn { type: "reviewer", name: "Senior Reviewer" }

mcp__claude-flow__agent_spawn { type: "tester", name: "QA Engineer" }

mcp__claude-flow__agent_spawn { type: "coordinator", name: "Merge Coordinator" }

// Create and manage PR using gh CLI

Bash("gh pr create --title 'Feature: Add authentication' --base main")

Bash("gh pr view 54 --json files,diff")

Bash("gh pr review 54 --approve --body 'LGTM after automated review'")

// Execute tests and validation

Bash("npm test")

Bash("npm run lint")

Bash("npm run build")

// Track progress

TodoWrite { todos: [

{ content: "Complete code review", status: "completed", activeForm: "Completing code review" },

{ content: "Run test suite", status: "completed", activeForm: "Running test suite" },

{ content: "Validate security", status: "completed", activeForm: "Validating security" },

{ content: "Merge when ready", status: "pending", activeForm: "Merging when ready" }

]}

```

---

Common Issues

---

Related Skills

• github-pr-manager - Comprehensive PR lifecycle management
• github-workflow-automation - Automate GitHub workflows
• swarm-coordination - Advanced swarm orchestration

Documentation

• [GitHub CLI Documentation](https://cli.github.com/manual/)
• [RUV Swarm Guide](https://github.com/ruvnet/ruv-swarm)
• [Claude Flow Integration](https://github.com/ruvnet/claude-flow)

Support

• GitHub Issues: Report bugs and request features
• Community: Join discussions and share experiences
• Examples: Browse example configurations and workflows

---

This skill is part of the Claude Code Flow project and is licensed under the MIT License.

---

Last Updated: 2025-10-19

Version: 1.0.0

Maintainer: Claude Code Flow Team