[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"pack-detail-pr-review-automation-en":3,"seo:pack:pr-review-automation:en":94},{"code":4,"message":5,"data":6},200,"ๆ“ไฝœๆˆๅŠŸ",{"pack":7},{"slug":8,"icon":9,"tone":10,"status":11,"status_label":12,"title":13,"description":14,"items":15,"install_cmd":93},"pr-review-automation","๐Ÿ”","#0F766E","new","New ยท this week","PR Review Automation Pack","Nine picks an engineer or team lead would wire up to make AI handle the first pass on every pull request โ€” checklist, GitHub MCP, multi-language linting, lint-as-PR-comments, policy bot, AI reviewer, security audit, adversarial bug hunter with auto-fix, and a one-shot commit-push-PR slash command. Install in this order and reviewers only see the issues humans need to decide on.",[16,28,38,48,57,64,71,78,85],{"id":17,"uuid":18,"slug":19,"title":20,"description":21,"author_name":22,"view_count":23,"vote_count":24,"lang_type":25,"type":26,"type_label":27},659,"ec06a6a1-4564-4862-bfe4-4166c74fee60","ai-code-review-checklist-ship-better-ai-help-ec06a6a1","AI Code Review Checklist โ€” Ship Better with AI Help","Structured checklist for reviewing AI-generated code before merging. Covers correctness, security, performance, maintainability, and AI-specific pitfalls like hallucinated imports and phantom APIs.","Prompt Lab",203,0,"en","prompt","Prompt",{"id":29,"uuid":30,"slug":31,"title":32,"description":33,"author_name":34,"view_count":35,"vote_count":24,"lang_type":25,"type":36,"type_label":37},393,"679a2650-b97b-4e8e-af6e-b51bafcbf610","github-mcp-server-official-github-ai-integration-679a2650","GitHub MCP Server โ€” Official GitHub AI Integration","GitHub's official MCP server that lets AI assistants manage repos, issues, PRs, Actions, and code search through the Model Context Protocol.","GitHub",182,"mcp","MCP",{"id":39,"uuid":40,"slug":41,"title":42,"description":43,"author_name":44,"view_count":45,"vote_count":24,"lang_type":25,"type":46,"type_label":47},2160,"1ff009e7-414b-11f1-9bc6-00163e2b0d79","super-linter-multi-language-linter-aggregator-ci-1ff009e7","Super-Linter โ€” Multi-Language Linter Aggregator for CI","Super-Linter combines dozens of linters into a single GitHub Action or standalone Docker container, enforcing code quality across languages in one step.","Script Depot",57,"skill","Skill",{"id":49,"uuid":50,"slug":51,"title":52,"description":53,"author_name":44,"view_count":54,"vote_count":24,"lang_type":25,"type":55,"type_label":56},3213,"e9ba168c-1bce-4dc4-be6a-a8d99a670061","reviewdog-turn-lint-into-pr-review-comments","reviewdog โ€” Turn Lint Into PR Review Comments","reviewdog reads any linter output and posts precise PR comments or Checks, so teams can enforce quality without noisy, copy-pasted logs in reviews.",52,"script","Script",{"id":58,"uuid":59,"slug":60,"title":61,"description":62,"author_name":44,"view_count":63,"vote_count":24,"lang_type":25,"type":55,"type_label":56},3223,"b32230ce-23a6-47cb-a4d8-2739397ff1c7","danger-automate-pr-review-rules-in-ci","Danger โ€” Automate PR Review Rules in CI","Danger runs scripted PR checks and posts review comments, turning team style rules into repeatable CI feedback instead of manual nitpicks.",2,{"id":65,"uuid":66,"slug":67,"title":68,"description":69,"author_name":44,"view_count":70,"vote_count":24,"lang_type":25,"type":46,"type_label":47},237,"2d7fe041-6270-4b2b-a768-cdbc9ca6fcd7","pr-agent-ai-powered-code-review-pull-requests-2d7fe041","PR-Agent โ€” AI-Powered Code Review for Pull Requests","AI code reviewer for GitHub\u002FGitLab\u002FBitbucket PRs. Auto-generates descriptions, reviews code, suggests improvements, answers questions. By Qodo. 10.7K+ stars.",156,{"id":72,"uuid":73,"slug":74,"title":75,"description":76,"author_name":44,"view_count":77,"vote_count":24,"lang_type":25,"type":46,"type_label":47},3185,"8285e471-0fcb-4bb3-a945-cbcac969474e","claude-code-security-review-pr-audit-action","Claude Code Security Review โ€” PR Audit Action","Claude Code Security Reviewer is a GitHub Action that scans PR diffs for security issues and comments findings on the PR using a Claude API key.",25,{"id":79,"uuid":80,"slug":81,"title":82,"description":83,"author_name":84,"view_count":54,"vote_count":24,"lang_type":25,"type":46,"type_label":47},3199,"fa5f0e2d-7b31-42c8-9d9a-5fb9d17e7c8f","bug-hunter-adversarial-ai-code-review-auto-fix","Bug Hunter โ€” Adversarial AI Code Review + Auto-Fix","Bug Hunter is an adversarial code review skill that runs Hunter\u002FSkeptic\u002FReferee agents, reports confirmed issues, and supports canary-style auto-fixes.","Agent Toolkit",{"id":86,"uuid":87,"slug":88,"title":89,"description":90,"author_name":91,"view_count":92,"vote_count":24,"lang_type":25,"type":46,"type_label":47},2279,"91a8fec2-f8b4-42c7-a8c1-4a51240a0781","commit-push-pr-one-shot-slash-command-91a8fec2","\u002Fcommit-push-pr โ€” One-Shot Commit + Push + PR Slash Command","Open-source slash command that runs git status, commits, pushes, and opens a PR in one shot. Inspired by Boris Cherny's \u002Fcommit-push-pr setup.","Skill Factory",262,"tokrepo install pack\u002Fpr-review-automation",{"pageType":95,"pageKey":8,"locale":25,"title":96,"metaDescription":97,"h1":98,"tldr":99,"bodyMarkdown":100,"faq":101,"schema":117,"internalLinks":122,"citations":135,"wordCount":148,"generatedAt":149},"pack","PR Review Automation Pack โ€” 9 Tools to Let AI Take the First Pass","Checklist, GitHub MCP, Super-Linter, reviewdog, Danger, PR-Agent, Claude Code Security Review, Bug Hunter, \u002Fcommit-push-pr โ€” wire these in this order and AI handles the first pass on every pull request. Install via TokRepo.","PR Review Automation Pack โ€” A Layered Stack so Humans Only See What Matters","Nine picks in install order: start with a human checklist so you know what \"good\" looks like, connect Claude to GitHub, add multi-language lint in CI, pipe lint into PR-inline comments, lock in branch and commit policy, then layer the AI reviewer, security audit, and an adversarial bug hunter that ships fix patches. Close with a one-shot commit-push-PR slash command so the loop tightens to a single keystroke.","## What's in this pack\n\nYou're an engineer or tech lead who's tired of skimming 400-line diffs at 5pm to catch typos a linter could have flagged. You want the **boring stuff** โ€” formatting nits, missing tests, leaked secrets, breaking-change naming, dependency CVEs โ€” caught **before** a human ever opens the PR. And when a human does open it, you want a structured AI summary at the top so review starts at \"is this the right design?\" not \"what changed?\"\n\nThis pack assembles **nine picks**, in deliberate order, that build that layered review stack: a human checklist to anchor the policy, GitHub MCP so Claude can read your PRs, CI-level linting, lint-as-inline-comments, a policy bot, an AI reviewer, a security scanner that actually understands diffs, an adversarial bug hunter that proposes fix patches, and a one-shot slash command to close the loop. Every pick is open-source or has a generous free tier. None of them lock you into a SaaS you can't leave.\n\nWho this is **not** for: solo hackers on side projects (overkill โ€” install just #1 and #9). Teams already on a $50\u002Fseat closed-source platform that does all of this in one box (you're paying for integration; this pack is the open path).\n\n## Install in this order\n\n1. **AI Code Review Checklist โ€” Ship Better with AI Help** โ€” Read this first. It's the *policy doc* every later tool implements. Covers correctness, security, performance, maintainability, and the failure modes specific to AI-generated diffs. Without a shared definition of \"good\", you'll just automate the wrong checks loudly.\n2. **GitHub MCP Server โ€” Official GitHub AI Integration** โ€” Wire Claude (or any MCP-compatible agent) into GitHub. PR list, diff, comments, CI status, labels, branches โ€” all typed, no shell parsing. Every later AI tool in this pack assumes the agent can *talk to GitHub*. Without MCP, your AI reviewer is reading screenshots.\n3. **Super-Linter โ€” Multi-Language Linter Aggregator for CI** โ€” One GitHub Action runs 50+ linters across whatever languages your monorepo has. Cheapest, highest-signal layer. Catches 60% of \"why did the build fail\" before a human ever sees it. Install before anything fancy.\n4. **reviewdog โ€” Turn Lint Into PR Review Comments** โ€” Super-Linter dumps to logs. reviewdog reads any linter output and posts **inline review comments on the exact line**. This is the unlock: reviewers stop hunting through CI logs and start clicking expand-thread on real lines. Stack on top of #3 the same week.\n5. **Danger โ€” Automate PR Review Rules in CI** โ€” The policy bot. JavaScript \u002F Ruby DSL: \"PR must have description\", \"CHANGELOG must be updated when touching `\u002Fapi\u002F`\", \"no merges to main without two approvals\". Encodes the conventions your team already nags about, so the bot nags instead of you.\n6. **PR-Agent โ€” AI-Powered Code Review for Pull Requests** โ€” Open-source by Qodo. On every PR open: writes a structured description, posts a multi-section review (key changes \u002F suggestions \u002F security \u002F tests), and answers `\u002Fask` follow-ups in comments. 10K+ stars. This is where the *AI first pass* actually lives โ€” everything before it was the runway.\n7. **Claude Code Security Review โ€” PR Audit Action** โ€” A GitHub Action that runs Claude over the diff specifically for security: SQL injection, auth bypass, leaked secrets, unsafe deserialization, supply-chain weirdness. Distinct from #6 because it has a security prompt + threat model context. Pairs cleanly; doesn't replace.\n8. **Bug Hunter โ€” Adversarial AI Code Review + Auto-Fix** โ€” The Hunter \u002F Skeptic \u002F Referee multi-agent setup that finds bugs, *challenges its own findings*, and then proposes auto-fix patches you can apply. This is the \"suggested fix\" layer most CI bots fake โ€” Bug Hunter actually produces diffs.\n9. **\u002Fcommit-push-pr โ€” One-Shot Commit + Push + PR Slash Command** โ€” Close the loop on the author side. One slash command: stage changes, write a conventional commit message, push, open the PR. Every layer above now fires automatically on PR open. Your daily workflow collapses from 7 manual steps to 1.\n\n## How they fit together\n\n```\n Author side PR opens Reviewer side\n โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€\n \u002Fcommit-push-pr (#9) โ”€โ”€pushโ”€โ”€โ–ถ GitHub PR โ”€โ”€โ–ถ Super-Linter (#3) โ”€โ”€โ”€โ”\n reviewdog (#4) โ”€โ”€โ”€โ”€โ”€โ”ค\n โ”‚\n AI Code Review Checklist (#1) โ”€โ”€โ”€ policy doc โ”€โ”€โ”ค\n โ”‚\n GitHub MCP (#2) โ”€โ”€โ”€ reads PR\u002Fdiff\u002FCI โ”€โ”€โ”€โ” โ”‚\n โ–ผ โ”‚\n PR-Agent (#6) โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค\n Security Review (#7) โ”ค\n Bug Hunter (#8 + fix patches)\n Danger (#5 policy gate)\n โ”‚\n โ–ผ\n Human reviewer\n sees only architectural \u002F taste calls\n```\n\nThe load-bearing trio is **GitHub MCP (#2) + reviewdog (#4) + PR-Agent (#6)** โ€” that's connection, signal-to-noise transformation, and AI judgment. Everything else is depth on those three axes.\n\n## Tradeoffs (AI review depth vs noise)\n\n- **More AI bots โ‰  better review.** Every additional reviewer adds comments. PR-Agent + Bug Hunter + Security Review on the same PR can produce 30+ comments on a 50-line diff. Tune *each one's* threshold to \"only critical\" before adding the next. Reviewer fatigue is a real cost.\n- **Super-Linter vs language-native linters.** Super-Linter is the one-Action shortcut. If you're a Python-only shop, native `ruff` + `pre-commit` runs 10x faster and has fewer false positives. Use Super-Linter to *start*; graduate to native per-language linters when you have a primary stack.\n- **Danger vs branch protection rules.** GitHub's built-in branch protection covers \"require 2 reviews\", \"require CI green\". Danger covers \"if you touched the auth module, the security label must be added\". Don't try to do both in Danger โ€” let GitHub do the dumb gates, let Danger do the contextual ones.\n- **AI auto-fix patches (#8) are suggestions, not commits.** Bug Hunter proposes patches; a human still has to apply. Resist the urge to auto-merge AI-authored fixes โ€” that's how you ship the \"helpful refactor\" that broke a downstream consumer at 2am.\n- **Cost.** PR-Agent + Security Review + Bug Hunter each call an LLM on every PR. On a busy repo, that's $50-200\u002Fmonth in API spend. Cheaper than one engineer-hour of review, but budget it.\n\n## Common pitfalls\n\n- **Skipping #1 (the checklist).** Teams install the bots, never write down what \"good\" means, and then argue forever about whether the bot was \"right\" to flag something. The checklist is the spec the bots implement.\n- **Wiring AI tools without MCP (#2).** They'll still work (most have GitHub-native integrations) but you'll get worse answers when you `@` the bot in a comment, because it can't pull the latest diff or check CI status.\n- **Letting Super-Linter run on every push.** Use `paths:` filters or matrix splits. Otherwise a one-line README edit triggers a 4-minute lint job. Engineers will start force-pushing past CI to skip it.\n- **No `\u002Fnever-do` for AI reviewers.** PR-Agent and Bug Hunter will, given the chance, suggest \"rename this variable\" forever. Put your team's anti-patterns in their config: don't suggest pure renaming, don't suggest one-character formatting fixes, don't reopen closed threads. Quiet reviewers get read.\n- **Trusting auto-fix patches without tests.** Bug Hunter's auto-fix is *plausible*, not *proven*. Require tests pass on the patch branch before a human can merge. Otherwise the \"fix\" is hallucinated logic that compiles.",[102,105,108,111,114],{"q":103,"a":104},"Do I really need nine tools to review PRs?","If you're a solo dev, no โ€” install #1 (checklist) and #9 (commit-push-pr) and call it a day. The full nine is for teams of 3+ where PR review is the bottleneck, where security and lint regressions actually happen, and where you'd otherwise hire an extra senior to do the boring layer of review. The math works out around 200+ PRs per month โ€” below that, the API spend on PR-Agent + Bug Hunter + Security Review isn't worth it.",{"q":106,"a":107},"Won't running PR-Agent + Bug Hunter + Security Review on every PR drown reviewers in comments?","Yes, by default. The trick is severity tuning: configure each bot to comment only on \"high\" or \"critical\". PR-Agent's summary stays as a top-level comment (cheap to skim); Bug Hunter and Security Review only post when they find something concrete. After a week of tuning you'll land around 2-4 AI comments per PR on average โ€” enough to be useful, low enough to read every one.",{"q":109,"a":110},"Why both Super-Linter (#3) AND reviewdog (#4)?","They do different things. Super-Linter *runs the linters*. reviewdog *transforms linter output into PR-inline comments*. Without reviewdog, Super-Linter's findings live in CI logs that nobody opens. Without Super-Linter, reviewdog has nothing to transform. They're a two-stage pipeline: produce, then place. Most teams add Super-Linter first, suffer for two weeks reading logs, then add reviewdog and immediately wonder why they waited.",{"q":112,"a":113},"Is Claude Code Security Review (#7) redundant with PR-Agent (#6)?","No. PR-Agent's review is broad โ€” readability, naming, test coverage, obvious bugs. Security Review is *narrow but deep*: it has a security-specific prompt and looks for vulnerability classes (injection, auth bypass, secret leaks, deserialization) that a general reviewer might miss while focused on architecture. Run both; mute Security Review on docs-only PRs to save API spend.",{"q":115,"a":116},"Can I adopt this pack incrementally instead of all nine at once?","That's the recommended path. Week 1: install #1 (checklist) + #2 (GitHub MCP) + #9 (commit-push-pr). Week 2: add #3 (Super-Linter) + #4 (reviewdog) โ€” your team will feel the difference immediately. Week 3: add #6 (PR-Agent) and tune comment thresholds. Week 4: add #5 (Danger), #7 (Security Review), #8 (Bug Hunter). Front-loading any AI bots before MCP + lint pipeline is in place just creates noise.",{"@context":118,"@type":119,"name":13,"description":120,"numberOfItems":121,"inLanguage":25},"https:\u002F\u002Fschema.org","ItemList","Nine open-source picks to layer AI review on every pull request โ€” checklist, GitHub MCP, linting, policy bot, AI reviewer, security audit, adversarial bug hunter, and commit-push-PR slash command, in install order.",9,[123,127,131],{"url":124,"anchor":125,"reason":126},"\u002Fen\u002Fai-tools-for\u002Fcoding","AI tools for coding","Compare the coding agents that wire into this PR review pipeline",{"url":128,"anchor":129,"reason":130},"\u002Fen\u002Ffeatured","Featured assets on TokRepo","Browse the broader curated catalog of skills, MCP servers, and CI integrations",{"url":132,"anchor":133,"reason":134},"\u002Fen\u002Ftopics","Browse other topic packs","Adjacent packs cover Claude Code onboarding, GitHub Actions stacks, and MCP server setups",[136,140,144],{"claim":137,"source_name":138,"source_url":139},"PR-Agent is an open-source AI PR reviewer by Qodo with 10K+ GitHub stars","qodo-ai\u002Fpr-agent on GitHub","https:\u002F\u002Fgithub.com\u002Fqodo-ai\u002Fpr-agent",{"claim":141,"source_name":142,"source_url":143},"GitHub MCP Server is the official GitHub integration for Model Context Protocol clients","github\u002Fgithub-mcp-server","https:\u002F\u002Fgithub.com\u002Fgithub\u002Fgithub-mcp-server",{"claim":145,"source_name":146,"source_url":147},"Super-Linter aggregates 50+ linters into a single GitHub Action","super-linter\u002Fsuper-linter on GitHub","https:\u002F\u002Fgithub.com\u002Fsuper-linter\u002Fsuper-linter",1179,"2026-05-22T12:00:00Z"]