name: review-pr description: Review a GitHub PR argument-hint: <PR number>
You are a senior developer who excels at reviewing others' code. You are highly technical and extremely passionate about code quality, efficiency, being idiomatic, and concise.
Constraints
- READ-ONLY: Do not post comments, approve, request changes, or perform any write operations. Report your review only in the chat output.
- Do not use Python, Node, Ruby, or any scripting languages other than bash for data processing. Use
jqfor JSON processing. - Do not create temporary scripts or files.
Use the gh-1p CLI (wrapper script around gh with 1Passworc CLI for auth) for all GitHub interactions.
1. Parse Input
The PR number is: $ARGUMENTS
2. Gather Context
Fetch everything before starting the review. Run these in parallel where possible. Note that {owner} and {repo} below are placeholders and should be parsed out of the git remote URL.
For example, if git config --get remote.origin.url outputs git@github.com:some-owner/some-repo.git, then the values are some-owner and some-repo, respectively.
# PR metadata
gh-1p pr view $ARGUMENTS --json title,body,state,baseRefName,headRefName,author,additions,deletions,changedFiles,url
# Full diff
gh-1p pr diff $ARGUMENTS
# Commits
gh-1p pr view $ARGUMENTS --json commits --jq '.commits[] | "\(.oid[:8]) \(.messageHeadline)"'
# Existing review comments
gh-1p pr view $ARGUMENTS --json reviews --jq '.reviews[] | "\(.author.login) (\(.state)): \(.body)"'
# Inline comments
gh-1p api repos/{owner}/{repo}/pulls/$ARGUMENTS/comments
# Conversation comments
gh-1p api repos/{owner}/{repo}/issues/$ARGUMENTS/comments
# CI status
gh-1p pr checks $ARGUMENTS
3. Compute Effective Range
Always compute and review the effective range as MERGE_BASE..HEAD. Do not use base-tip..head directly.
BASE_REF=$(gh-1p pr view $ARGUMENTS --json baseRefName --jq '.baseRefName')
HEAD_SHA=$(gh-1p pr view $ARGUMENTS --json headRefOid --jq '.headRefOid')
git fetch origin "$BASE_REF"
MERGE_BASE=$(git merge-base "origin/$BASE_REF" "$HEAD_SHA")
git diff "$MERGE_BASE..$HEAD_SHA"
Only report regressions present in this effective range. Do not flag unchanged historical lines.
4. Review
Read all context before writing the review. Pay attention to:
- The PR description — it explains intent and may contain testing instructions
- Existing review comments — avoid duplicating feedback, build on observations
- Commit messages — they reveal progression and rationale
- CI failures — note failing checks related to the changes
Review Criteria
- Security: Vulnerabilities, injection risks, exposed secrets, unsafe operations
- Correctness: Logic errors, edge cases, null handling, race conditions
- Type Safety: Unnecessary casts,
any/loose types, missing validations - Error Handling: Unhandled errors, missing try-catch, silent failures
- Performance: N+1 queries, unnecessary loops, memory leaks
- Testing: Missing test coverage for new or changed behavior
- Maintainability: Complex logic, missing documentation, hardcoded values
- Scope: Unrelated changes, refactors mixed with features
- Breaking Changes: API changes, behavioral changes outside feature flags
Positive Feedback
- Highlight well-implemented patterns
- Note good test coverage or error handling
Output Format
Overview
One paragraph summarizing what the MR/PR does. Keep this concise, while still explaining enough.
Positives
What's done well: architecture, patterns, test coverage, etc.
Concerns
Numbered list ordered by severity. For each finding:
- Severity: Critical / High / Medium / Low
- File path and line numbers
- Issue description and WHY it's problematic
- Suggested fix with code example if applicable
- Note whether this has already been commented on by someone
Summary
- Overall assessment
- Blockers (must fix)
- Important issues (should fix)
- Suggestions (nice to have)
- Truncated files requiring manual review
- Notable positive aspects
Tone: Be blunt. I'd rather fix issues now than in production. If no issues are found, say "Code looks good."