Review a PR for correctness, security, code quality, and testing issues. TRIGGER when user asks to review a PR, check PR quality, or give feedback on a PR.
gh pr list --head $(git branch --show-current) --repo Significant-Gravitas/AutoGPT
gh pr view {N}
Before reading code, understand the why, what, and how from the PR description:
gh pr view {N} --json body --jq '.body'
Every PR should have a Why / What / How structure. If any of these are missing, note it as feedback.
gh pr diff {N}
Before posting anything, fetch existing inline comments to avoid duplicates:
gh api repos/Significant-Gravitas/AutoGPT/pulls/{N}/comments --paginate
gh api repos/Significant-Gravitas/AutoGPT/pulls/{N}/reviews
Description quality: Does the PR description cover Why (motivation/problem), What (summary of changes), and How (approach/implementation details)? If any are missing, request them — you can't judge the approach without understanding the problem and intent.
Correctness: logic errors, off-by-one, missing edge cases, race conditions (TOCTOU in file access, credit charging), error handling gaps, async correctness (missing await, unclosed resources).
Security: input validation at boundaries, no injection (command, XSS, SQL), secrets not logged, file paths sanitized (os.path.basename() in error messages).
Code quality: apply rules from backend/frontend CLAUDE.md files.
Architecture: DRY, single responsibility, modular functions. Security() vs Depends() for FastAPI auth. data: for SSE events, : comment for heartbeats. transaction=True for Redis pipelines.
Testing: edge cases covered, colocated *_test.py (backend) / __tests__/ (frontend), mocks target where symbol is used not defined, AsyncMock for async.
Every comment must be prefixed with 🤖 and a criticality badge:
| Tier | Badge | Meaning |
|---|---|---|
| Blocker | 🔴 **Blocker** | Must fix before merge |
| Should Fix | 🟠 **Should Fix** | Important improvement |
| Nice to Have | 🟡 **Nice to Have** | Minor suggestion |
| Nit | 🔵 **Nit** | Style / wording |
Example: 🤖 🔴 **Blocker**: Missing error handling for X — suggest wrapping in try/except.
For each finding, post an inline comment on the PR (do not just write a local report):
# Get the latest commit SHA for the PR
COMMIT_SHA=$(gh api repos/Significant-Gravitas/AutoGPT/pulls/{N} --jq '.head.sha')
# Post an inline comment on a specific file/line
gh api repos/Significant-Gravitas/AutoGPT/pulls/{N}/comments \
-f body="🤖 🔴 **Blocker**: <description>" \
-f commit_id="$COMMIT_SHA" \
-f path="<file path>" \
-F line=<line number>