
review-pr
✓ Official★ 52by microsoft · part of microsoft/agent365-devtools
Generate structured PR review comments using Claude Code agents and post them to GitHub. No API key required - uses Claude Code's existing authentication.
Generate structured PR review comments using Claude Code agents and post them to GitHub. No API key required - uses Claude Code's existing authentication.
Inspect the full instructions your agent will receiveExpandCollapse
This is the exact playbook injected into your agent when the skill activates — shown here so you can audit it before installing. You don't need to read it to use the skill.
by microsoft
Generate structured PR review comments using Claude Code agents and post them to GitHub. No API key required - uses Claude Code's existing authentication.
npx skills add https://github.com/microsoft/agent365-devtools --skill review-pr
Download ZIPGitHub52
PR Review Skill
Generate and post AI-powered PR review comments to GitHub following engineering best practices.
What this skill does
Step 1: Generate (/review-pr <number>)
-
Fetches PR details from GitHub using the gh CLI
-
Performs architectural review (NEW!): Questions design decisions, checks for scope creep, validates use cases
-
Analyzes changes for security, testing, design patterns, and code quality issues
-
Differentiates contexts: CLI code vs GitHub Actions code (different standards)
-
Creates actionable feedback: Specific refactoring suggestions based on file names and patterns
-
Generates structured review comments in an editable YAML file
-
Shows preview of all generated comments
Step 2: Post (/review-pr <number> --post)
-
Reads the YAML file you reviewed/edited
-
Posts to GitHub: Submits all enabled comments to the PR
-
Automatic fallback: If GitHub API posting fails (e.g., Enterprise Managed User restrictions), automatically generates a markdown file with formatted comments for manual copy/paste
Engineering Review Principles
This skill enforces the following principles:
Architectural Review (NEW!)
-
Design Decision Validation: Questions "why" before reviewing "how"
-
Scope Creep Detection: Flags expansions beyond Agent365 deployment/management
-
Use Case Validation: Requires concrete scenarios for new features
-
Overlap Detection: Identifies duplication with existing tools (Azure CLI, Portal)
-
YAGNI Enforcement: Questions features without documented need
Architecture & Patterns
-
.NET architect patterns: Reviews follow .NET best practices
-
Azure CLI alignment: Ensures consistency with az cli patterns and conventions
-
Cross-platform compatibility: Validates Windows, Linux, and macOS compatibility (for CLI code)
Design Patterns
-
KISS (Keep It Simple, Stupid): Prefers simple, straightforward solutions
-
DRY (Don't Repeat Yourself): Identifies code duplication
-
SOLID principles: Especially Single Responsibility Principle
-
YAGNI (You Aren't Gonna Need It): Avoids over-engineering
-
One class per file: Enforces clean code organization
Code Quality
-
No large files: Flags files over 500 additions
-
Function reuse: Encourages reusing functions across commands
-
No special characters: Avoids emojis in logs/output (Windows compatibility)
-
Self-documenting code: Prefers clear code over excessive comments
-
Crisp comments (pr-code-reviewer #30): Flags added comments that run past 1-2 lines, restate the code, or narrate design history — a comment says why in one line; long-form reasoning belongs in the commit/PR.
-
Release-note-ready CHANGELOG (pr-code-reviewer #31): Flags
CHANGELOG.mdentries that name internals, explain mechanism, or run multiple sentences — each entry is one crisp consumer-facing sentence (it ships verbatim to nuget.org release notes). -
Minimal changes: Makes only necessary changes to solve the problem
Testing Standards
-
Framework: xUnit, FluentAssertions, NSubstitute for .NET; pytest/unittest for Python
-
Quality over quantity: Focus on critical paths and edge cases
-
CLI reliability: CLI code without tests is BLOCKING
-
GitHub Actions tests: Strongly recommended (HIGH severity) but not blocking
-
Mock external dependencies: Proper mocking patterns
Security
-
No hardcoded secrets: Use environment variables or Azure Key Vault
-
Credential management: Follow az cli patterns for CLI code; use GitHub Secrets for Actions
Context Awareness
The skill differentiates between:
-
CLI code (strict requirements): Cross-platform, reliable, must have tests
-
GitHub Actions code (GitHub-specific): Linux-only is acceptable, tests strongly recommended
Review Comments Output
Generated comments are saved to:
C:\Users\ \AppData\Local\Temp\pr-reviews\pr- -review.yaml
You can edit this file to:
-
Disable comments by setting
enabled: false -
Modify comment text
-
Adjust severity levels (blocking, high, medium, low, info)
-
Add or remove comments
Implementation
The skill uses Claude Code directly for semantic code analysis (inspired by Agent365-dotnet). No separate API key required!
Generate mode (default):
-
Claude Code reads
.claude/agents/pr-code-reviewer.mdfor review process guidelines. Read the working-tree (PR) version of this file and of.github/copilot-instructions.mdandCLAUDE.md— not the base-branch copy. When the PR under review adds or changes a review rule (as PR #461 did with rules #30/#31), the new rule must be applied to that same PR in the same run; reading the base copy would skip it. -
Claude Code reads
.github/copilot-instructions.mdfor coding standards -
Claude Code fetches PR details:
gh pr view <number> --json ... -
Claude Code analyzes actual code changes:
gh pr diff <number> -
Claude Code performs semantic analysis using its own capabilities
-
Claude Code identifies specific issues with line numbers and code references
-
Claude Code writes YAML file to
C:\Users\<username>\AppData\Local\Temp\pr-reviews\pr-<number>-review.yaml
Post mode (with --post flag):
-
Python script reads the YAML file
-
Python script posts comments to GitHub using
gh pr comment -
If posting fails (API permissions), automatically generates markdown file for manual copy/paste
Key Advantages:
-
✅ No
ANTHROPIC_API_KEYrequired - uses Claude Code's existing authentication -
✅ Better semantic analysis - Claude Code has full context and conversation history
-
✅ Simpler Python script - only handles posting logic (~240 lines vs ~1500 lines)
-
✅ Easier to maintain and debug
Workflow
Generate review: /review-pr 180
-
Fetches PR details from GitHub
-
Analyzes code and generates review comments
-
Saves to YAML file (shows path in output)
Review and edit: Open the YAML file
-
Review all generated comments
-
Edit comment text if needed
-
Disable comments by setting
enabled: false -
Add your own comments if desired
Post to GitHub: /review-pr 180 --post
-
Reads the YAML file
-
Posts all enabled comments to the PR
-
If API posting fails, automatically generates a markdown file for manual copy/paste
See Also
-
README.md - Detailed documentation
-
review-pr.py - Implementation script
npx skills add https://github.com/microsoft/agent365-devtools --skill review-prRun this in your project — your agent picks the skill up automatically.
Usage
/review-pr # Generate review (step 1)
/review-pr --post # Post review to GitHub (step 2)
Examples:
-
/review-pr 180- Generate review and save to YAML file -
/review-pr 180 --post- Post the reviewed YAML to GitHub
Requirements
-
GitHub CLI (
gh) installed and authenticated -
Python 3.x (only for --post mode)
-
PyYAML library:
pip install pyyaml(only for --post mode) -
Repository must be a GitHub repository
-
GitHub API permissions to post reviews (Enterprise Managed Users may have restrictions)
No common issues documented yet. If you hit a problem, the repository's GitHub Issues page is the best place to look.