Review PR

Deep code review using 6-7 parallel specialized agents.

Quick Start

/ork:review-pr 123
/ork:review-pr feature-branch

Opus 4.6: Parallel agents use native adaptive thinking for deeper analysis. Complexity-aware routing matches agent model to review difficulty.

Argument Resolution

The PR number or branch is passed as the skill argument. Resolve it immediately:

PR_NUMBER = "$ARGUMENTS[0]"  # e.g., "123" or "feature-branch"

# If no argument provided, check environment
if not PR_NUMBER:
    PR_NUMBER = os.environ.get("ORCHESTKIT_PR_URL", "").split("/")[-1]

# If still empty, detect from current branch
if not PR_NUMBER:
    PR_NUMBER = "$(gh pr view --json number -q .number 2>/dev/null)"

Use PR_NUMBER consistently in all subsequent commands and agent prompts.

STEP 0: Verify User Intent with AskUserQuestion

BEFORE creating tasks, clarify review focus:

AskUserQuestion(
  questions=[{
    "question": "What type of review do you need?",
    "header": "Focus",
    "options": [
      {"label": "Full review (Recommended)", "description": "Security + code quality + tests + architecture", "markdown": "```\nFull Review (6 agents)\n──────────────────────\n  PR diff ──▶ 6 parallel agents:\n  ┌────────────┐ ┌────────────┐\n  │ Quality x2 │ │ Security   │\n  ├────────────┤ ├────────────┤\n  │ Test Gen   │ │ Backend    │\n  ├────────────┤ ├────────────┤\n  │ Frontend   │ │ (optional) │\n  └────────────┘ └────────────┘\n         ▼\n  Synthesized review comment\n  with conventional comments:\n  praise/suggestion/issue/nitpick\n```"},
      {"label": "Security focus", "description": "Prioritize security vulnerabilities", "markdown": "```\nSecurity Review\n───────────────\n  PR diff ──▶ security-auditor:\n  ┌─────────────────────────┐\n  │ Auth changes       ✓/✗ │\n  │ Input validation   ✓/✗ │\n  │ SQL/XSS/CSRF       ✓/✗ │\n  │ Secrets in diff    ✓/✗ │\n  │ Dependency risk    ✓/✗ │\n  └─────────────────────────┘\n  Output: Security-focused\n  review with fix suggestions\n```"},
      {"label": "Performance focus", "description": "Focus on performance implications", "markdown": "```\nPerformance Review\n──────────────────\n  PR diff ──▶ perf analysis:\n  ┌─────────────────────────┐\n  │ N+1 queries        ✓/✗ │\n  │ Bundle size impact  ±KB │\n  │ Render performance  ✓/✗ │\n  │ Memory leaks       ✓/✗ │\n  │ Caching gaps       ✓/✗ │\n  └─────────────────────────┘\n  Agent: frontend-performance\n  or python-performance\n```"},
      {"label": "Quick review", "description": "High-level review, skip deep analysis", "markdown": "```\nQuick Review (~2 min)\n─────────────────────\n  PR diff ──▶ Single pass\n\n  Output:\n  ├── Approve / Request changes\n  ├── Top 3 concerns\n  └── 1-paragraph summary\n  1 agent: code-quality-reviewer\n  No deep security/perf scan\n```"}
    ],
    "multiSelect": false
  }]
)

Based on answer, adjust workflow:

• Full review: All 6-7 parallel agents
• Security focus: Prioritize security-auditor, reduce other agents
• Performance focus: Add frontend-performance-engineer agent
• Quick review: Single code-quality-reviewer agent only

STEP 0b: Select Orchestration Mode

Load orchestration guidance: Read("${CLAUDE_SKILL_DIR}/references/orchestration-mode-selection.md")

MCP Probe (CC 2.1.71)

ToolSearch(query="select:mcp__memory__search_nodes")
Write(".claude/chain/capabilities.json", { memory, timestamp })
# If memory available: search for past review patterns on these files

CRITICAL: Task Management is MANDATORY

BEFORE doing ANYTHING else, create tasks to track progress:

# 1. Create main review task IMMEDIATELY
TaskCreate(
  subject="Review PR #{number}",
  description="Comprehensive code review with parallel agents",
  activeForm="Reviewing PR #{number}"
)

# 2. Create subtasks for each phase
TaskCreate(subject="Gather PR information", activeForm="Gathering PR information")
TaskCreate(subject="Launch review agents", activeForm="Dispatching review agents")
TaskCreate(subject="Run validation checks", activeForm="Running validation checks")
TaskCreate(subject="Synthesize review", activeForm="Synthesizing review")
TaskCreate(subject="Submit review", activeForm="Submitting review")

# 3. Update status as you progress
TaskUpdate(taskId="2", status="in_progress")  # When starting
TaskUpdate(taskId="2", status="completed")    # When done

Phase 1: Gather PR Information

# Get PR details
gh pr view $PR_NUMBER --json title,body,files,additions,deletions,commits,author

# View the diff
gh pr diff $PR_NUMBER

# Check CI status
gh pr checks $PR_NUMBER

Capture Scope for Agents

# Capture changed files for agent scope injection
CHANGED_FILES=$(gh pr diff $PR_NUMBER --name-only)

# Detect affected domains
HAS_FRONTEND=$(echo "$CHANGED_FILES" | grep -qE '\.(tsx?|jsx?|css|scss)$' && echo true || echo false)
HAS_BACKEND=$(echo "$CHANGED_FILES" | grep -qE '\.(py|go|rs|java)$' && echo true || echo false)
HAS_AI=$(echo "$CHANGED_FILES" | grep -qE '(llm|ai|agent|prompt|embedding)' && echo true || echo false)

Pass CHANGED_FILES to every agent prompt in Phase 3. Pass domain flags to select which agents to spawn.

Identify: total files changed, lines added/removed, affected domains (frontend, backend, AI).

Tool Guidance

<use_parallel_tool_calls> When gathering PR context, run independent operations in parallel:

• gh pr view (PR metadata), gh pr diff (changed files), gh pr checks (CI status)

Spawn all three in ONE message. This cuts context-gathering time by 60%. For agent-based review (Phase 3), all 6 agents are independent -- launch them together. </use_parallel_tool_calls>

Phase 2: Skills Auto-Loading

CC auto-discovers skills -- no manual loading needed!

Relevant skills activated automatically:

• code-review-playbook -- Review patterns, conventional comments
• security-scanning -- OWASP, secrets, dependencies
• type-safety-validation -- Zod, TypeScript strict
• testing-unit, testing-e2e, testing-integration -- Test adequacy, coverage gaps, rule matching

Phase 3: Parallel Code Review (6 Agents)

Project Context Injection

Before spawning agents, load project-specific review context from memory:

# Load project review context (conventions, known weaknesses, past findings)
# This gives agents project-specific knowledge without re-discovering patterns
PROJECT_CONTEXT = Read("${MEMORY_DIR}/review-pr-context.md")  # Falls back gracefully if missing

All agent prompts receive ${PROJECT_CONTEXT} so they know project conventions, security patterns, and known weaknesses from prior reviews.

Structured Output

All agents return findings as JSON (see structured output contract in agent prompt files). This enables automated deduplication, severity sorting, and memory graph persistence in Phase 5.

Anti-Sycophancy Response Protocol

All review agents and the coordinator MUST follow Read("${CLAUDE_PLUGIN_ROOT}/skills/shared/rules/anti-sycophancy.md"):

NEVER use: "Great work!", "Excellent!", "Nice!", "Thanks for catching that!", "You're absolutely right!", or ANY performative agreement.

INSTEAD: State findings directly. The code speaks for itself.

• "Fixed. Changed X to Y in auth.ts:42."
• "Security: JWT in localStorage. Move to httpOnly cookie."
• [Just fix it and show the diff]

When feedback seems wrong: Push back with technical reasoning. Not "I respectfully disagree." Just facts and evidence.

Agent Status Protocol

All agents MUST include a status field per Read("${CLAUDE_PLUGIN_ROOT}/agents/shared/status-protocol.md"):

• DONE — task completed, all requirements met
• DONE_WITH_CONCERNS — completed but flagging risks
• BLOCKED — cannot proceed
• NEEDS_CONTEXT — insufficient information

Domain-Aware Agent Selection

Only spawn agents relevant to the PR's changed domains:

Skip agents for domains not present in the diff. This saves ~33% tokens on domain-specific PRs.

Progressive Output (CC 2.1.76+)

Output each agent's findings as they complete — don't batch until synthesis.

Focus mode (CC 2.1.101): In focus mode, the user only sees your final message. Include the full review verdict, all findings by severity, and the approve/request-changes recommendation — don't assume they saw per-agent outputs.

• Security findings → show blockers and critical issues first
• Code quality → show pattern violations, complexity hotspots
• Test coverage gaps → show missing test cases

This lets the PR author start addressing blocking issues while remaining agents are still analyzing. Only the final synthesis (Phase 5) requires all agents to have completed.

Partial results (CC 2.1.98): If a review agent fails mid-analysis, synthesize partial findings:

for agent_result in review_results:
    if "[PARTIAL RESULT]" in agent_result.output:
        # A security agent that found 2 issues before crashing > no security review
        findings.extend(parse_findings(agent_result.output))
        findings[-1]["partial"] = True  # Flag in synthesis
        # Do NOT re-spawn — partial findings are still valuable

Monitor for CI streaming (CC 2.1.98): Stream CI check output in Phase 4:

Bash(command="gh pr checks $PR_NUMBER --watch 2>&1", run_in_background=true)
Monitor(pid=ci_watch_id)  # Each status change → notification

See Agent Prompts -- Task Tool Mode for the 6 parallel agent prompts.

See Agent Prompts -- Agent Teams Mode for the mesh alternative.

See AI Code Review Agent for the optional 7th LLM agent.

Phase 4: Run Validation

Load validation commands: Read("${CLAUDE_SKILL_DIR}/references/validation-commands.md")

Phase 5: Synthesize Review

Combine all agent feedback into a structured report. Load template: Read("${CLAUDE_SKILL_DIR}/references/review-report-template.md")

Memory Persistence

After synthesis, persist critical/high findings to the memory graph so future reviews build on past knowledge:

# Persist review findings for cross-session learning
mcp__memory__create_entities(entities=[{
    "name": "PR-{number}-Review",
    "entityType": "code-review",
    "observations": ["<summary>", "<critical findings>", "<patterns discovered>"]
}])
# Update known-weaknesses entity if new patterns found
mcp__memory__add_observations(observations=[{
    "entityName": "review-known-weaknesses",
    "contents": ["<new pattern from this review>"]
}])

Phase 6: Submit Review

# Approve
gh pr review $PR_NUMBER --approve -b "Review message"

# Request changes
gh pr review $PR_NUMBER --request-changes -b "Review message"

CC 2.1.20 Enhancements

PR Status Enrichment

The pr-status-enricher hook automatically detects open PRs at session start and sets:

• ORCHESTKIT_PR_URL -- PR URL for quick reference
• ORCHESTKIT_PR_STATE -- PR state (OPEN, MERGED, CLOSED)

Session Resume with PR Context (CC 2.1.27+)

Sessions are automatically linked when reviewing PRs. Resume later with full context:

claude --from-pr 123
claude --from-pr https://github.com/org/repo/pull/123

Task Metrics (CC 2.1.30)

Load metrics template: Read("${CLAUDE_SKILL_DIR}/references/task-metrics-template.md")

Conventional Comments

Use these prefixes for comments:

• praise: -- Positive feedback
• nitpick: -- Minor suggestion
• suggestion: -- Improvement idea
• issue: -- Must fix
• question: -- Needs clarification

Agent Coordination

Context Passing

All review agents receive: changed files list, PR metadata (author, base branch), domain flags (has_frontend, has_backend, has_ai), and project review conventions from memory.

SendMessage (Cross-Review Findings)

When the security agent finds an issue the code-quality agent should also flag:

SendMessage(to="code-quality-reviewer", message="Security: auth middleware bypassed in route handler — flag as issue in review")

Agent Teams Alternative

For complex PRs (> 500 lines, 3+ domains), use mesh topology so reviewers can challenge each other:

# Load: Read("${CLAUDE_SKILL_DIR}/rules/agent-prompts-agent-teams.md")

Related Skills

• ork:commit: Create commits after review
• ork:create-pr: Create PRs for review
• slack-integration: Team notifications for review events

References

Load on demand with Read("${CLAUDE_SKILL_DIR}/references/<file>"):

Rules: Read("${CLAUDE_SKILL_DIR}/rules/<file>"):

• AI Code Review Agent