[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"pack-detail-pr-review-automation-zh":3,"seo:pack:pr-review-automation:zh":95},{"code":4,"message":5,"data":6},200,"操作成功",{"pack":7},{"slug":8,"icon":9,"tone":10,"status":11,"status_label":12,"title":13,"description":14,"items":15,"install_cmd":94},"pr-review-automation","🔍","#0F766E","new","本周新建","PR 自动评审自动化包","工程师或团队 lead 让 AI 接管每个 PR 第一遍评审要装的九个:人审清单、GitHub MCP、多语言 lint、lint 转 PR 内联评论、策略机器人、AI 评审、安全审计、对抗式 Bug Hunter 带自动修复,以及一键 commit-push-PR 斜杠命令。按这个顺序装好,人类 reviewer 就只看真正需要决策的问题。",[16,28,38,48,57,64,71,78,86],{"id":17,"uuid":18,"slug":19,"title":20,"description":21,"author_name":22,"view_count":23,"vote_count":24,"lang_type":25,"type":26,"type_label":27},659,"ec06a6a1-4564-4862-bfe4-4166c74fee60","ai-code-review-checklist-ship-better-ai-help-ec06a6a1","AI Code Review Checklist — Ship Better with AI Help","Structured checklist for reviewing AI-generated code before merging. Covers correctness, security, performance, maintainability, and AI-specific pitfalls like hallucinated imports and phantom APIs.","Prompt Lab",203,0,"en","prompt","Prompt",{"id":29,"uuid":30,"slug":31,"title":32,"description":33,"author_name":34,"view_count":35,"vote_count":24,"lang_type":25,"type":36,"type_label":37},393,"679a2650-b97b-4e8e-af6e-b51bafcbf610","github-mcp-server-official-github-ai-integration-679a2650","GitHub MCP Server — Official GitHub AI Integration","GitHub's official MCP server that lets AI assistants manage repos, issues, PRs, Actions, and code search through the Model Context Protocol.","GitHub",187,"mcp","MCP",{"id":39,"uuid":40,"slug":41,"title":42,"description":43,"author_name":44,"view_count":45,"vote_count":24,"lang_type":25,"type":46,"type_label":47},2160,"1ff009e7-414b-11f1-9bc6-00163e2b0d79","super-linter-multi-language-linter-aggregator-ci-1ff009e7","Super-Linter — Multi-Language Linter Aggregator for CI","Super-Linter combines dozens of linters into a single GitHub Action or standalone Docker container, enforcing code quality across languages in one step.","Script Depot",57,"skill","Skill",{"id":49,"uuid":50,"slug":51,"title":52,"description":53,"author_name":44,"view_count":54,"vote_count":24,"lang_type":25,"type":55,"type_label":56},3213,"e9ba168c-1bce-4dc4-be6a-a8d99a670061","reviewdog-turn-lint-into-pr-review-comments","reviewdog — Turn Lint Into PR Review Comments","reviewdog reads any linter output and posts precise PR comments or Checks, so teams can enforce quality without noisy, copy-pasted logs in reviews.",59,"script","Script",{"id":58,"uuid":59,"slug":60,"title":61,"description":62,"author_name":44,"view_count":63,"vote_count":24,"lang_type":25,"type":55,"type_label":56},3223,"b32230ce-23a6-47cb-a4d8-2739397ff1c7","danger-automate-pr-review-rules-in-ci","Danger — Automate PR Review Rules in CI","Danger runs scripted PR checks and posts review comments, turning team style rules into repeatable CI feedback instead of manual nitpicks.",10,{"id":65,"uuid":66,"slug":67,"title":68,"description":69,"author_name":44,"view_count":70,"vote_count":24,"lang_type":25,"type":46,"type_label":47},237,"2d7fe041-6270-4b2b-a768-cdbc9ca6fcd7","pr-agent-ai-powered-code-review-pull-requests-2d7fe041","PR-Agent — AI-Powered Code Review for Pull Requests","AI code reviewer for GitHub\u002FGitLab\u002FBitbucket PRs. Auto-generates descriptions, reviews code, suggests improvements, answers questions. By Qodo. 10.7K+ stars.",158,{"id":72,"uuid":73,"slug":74,"title":75,"description":76,"author_name":44,"view_count":77,"vote_count":24,"lang_type":25,"type":46,"type_label":47},3185,"8285e471-0fcb-4bb3-a945-cbcac969474e","claude-code-security-review-pr-audit-action","Claude Code Security Review — PR Audit Action","Claude Code Security Reviewer is a GitHub Action that scans PR diffs for security issues and comments findings on the PR using a Claude API key.",38,{"id":79,"uuid":80,"slug":81,"title":82,"description":83,"author_name":84,"view_count":85,"vote_count":24,"lang_type":25,"type":46,"type_label":47},3199,"fa5f0e2d-7b31-42c8-9d9a-5fb9d17e7c8f","bug-hunter-adversarial-ai-code-review-auto-fix","Bug Hunter — Adversarial AI Code Review + Auto-Fix","Bug Hunter is an adversarial code review skill that runs Hunter\u002FSkeptic\u002FReferee agents, reports confirmed issues, and supports canary-style auto-fixes.","Agent Toolkit",63,{"id":87,"uuid":88,"slug":89,"title":90,"description":91,"author_name":92,"view_count":93,"vote_count":24,"lang_type":25,"type":46,"type_label":47},2279,"91a8fec2-f8b4-42c7-a8c1-4a51240a0781","commit-push-pr-one-shot-slash-command-91a8fec2","\u002Fcommit-push-pr — One-Shot Commit + Push + PR Slash Command","Open-source slash command that runs git status, commits, pushes, and opens a PR in one shot. Inspired by Boris Cherny's \u002Fcommit-push-pr setup.","Skill Factory",264,"tokrepo install pack\u002Fpr-review-automation",{"pageType":96,"pageKey":8,"locale":97,"title":98,"metaDescription":99,"h1":100,"tldr":101,"bodyMarkdown":102,"faq":103,"schema":119,"internalLinks":126,"citations":139,"wordCount":152,"generatedAt":153},"pack","zh","PR 自动评审包 — 9 个工具让 AI 接管第一遍 review","人审清单 \u002F GitHub MCP \u002F Super-Linter \u002F reviewdog \u002F Danger \u002F PR-Agent \u002F Claude Code Security Review \u002F Bug Hunter \u002F \u002Fcommit-push-pr — 按这个顺序装好,AI 自动处理每个 PR 的第一遍评审。TokRepo 一键装。","PR 自动评审包 — 分层堆栈,让人类只看真正需要决策的问题","九个工具按安装顺序:先有人审清单定义「什么算 good」,再连 Claude 到 GitHub,加 CI 多语言 lint,把 lint 转成 PR 内联评论,锁住分支和 commit 策略,然后叠 AI 评审、安全审计、能产出修复 patch 的对抗式 Bug Hunter,最后用一键 commit-push-PR 斜杠命令把循环收成一个按键。","## 这个 pack 包含什么\n\n你是一个工程师或 tech lead,每天傍晚 5 点对着 400 行的 diff 抓 typo —— 那种 linter 一秒就能抓住的东西。你想要的:**无聊的部分**(格式化、漏测试、泄密、breaking change 命名、依赖 CVE)在人类点开 PR **之前**就被抓干净。等人真打开 PR,最上面有结构化的 AI 总结,review 直接从「这是不是对的设计?」开始,不是「这里改了啥?」。\n\n本 pack 串起**九个工具**,按精心排好的顺序,搭出这套分层评审堆栈:人审清单锚定策略、GitHub MCP 让 Claude 读 PR、CI 级 lint、lint 转内联评论、策略机器人、AI 评审、能看懂 diff 的安全扫描、能产出修复 patch 的对抗式 Bug Hunter,最后一键斜杠命令收尾。每个都是开源或大方免费额度。没有任何一个会把你锁死在出不去的 SaaS 里。\n\n这个 pack **不适合**:单干的副业项目(杀鸡用牛刀 —— 装 #1 和 #9 就够了);已经买了每席 $50 的闭源平台一站式搞定的团队(你花的是集成钱,本 pack 是开源路线)。\n\n## 推荐安装顺序\n\n1. **AI Code Review Checklist — Ship Better with AI Help** —— 先读这个。它是**策略文档**,后面每个工具都在实现它。覆盖正确性、安全、性能、可维护性,外加 AI 生成代码特有的失败模式。没有「什么算 good」的共识,你只会把错的检查响亮地自动化。\n2. **GitHub MCP Server — Official GitHub AI Integration** —— 把 Claude(或任何 MCP-compatible agent)接到 GitHub。PR 列表、diff、评论、CI 状态、label、branch —— 全部强类型,不用解 shell。后面所有 AI 工具都假设 agent **能跟 GitHub 对话**。没有 MCP,你的 AI reviewer 是在看截图。\n3. **Super-Linter — Multi-Language Linter Aggregator for CI** —— 一个 GitHub Action 跑 50+ 个 linter,覆盖 monorepo 里所有语言。最便宜、信号最强的一层。在人看到前抓掉 60% 的「为啥 build 挂了」。装在花哨工具之前。\n4. **reviewdog — Turn Lint Into PR Review Comments** —— Super-Linter 把结果倒进 log。reviewdog 读任何 linter 输出,**在对应那一行发内联评论**。这是关键解锁:reviewer 不用再翻 CI log,直接点开真实代码行上的展开评论。和 #3 同一周叠上。\n5. **Danger — Automate PR Review Rules in CI** —— 策略机器人。JavaScript \u002F Ruby DSL:「PR 必须写描述」「动了 `\u002Fapi\u002F` 必须更新 CHANGELOG」「合到 main 必须两个 approve」。把你团队反复 nag 的约定编成代码,机器人去 nag,不是你。\n6. **PR-Agent — AI-Powered Code Review for Pull Requests** —— Qodo 出的开源。每次 PR 开:写结构化描述、发多段 review(关键变更 \u002F 建议 \u002F 安全 \u002F 测试)、还能回复评论里 `\u002Fask` 的追问。10K+ stars。这里才是**AI 第一遍评审**真正落地的地方 —— 前面全是跑道。\n7. **Claude Code Security Review — PR Audit Action** —— 一个 GitHub Action,专门用 Claude 跑 diff 的安全审计:SQL 注入、auth bypass、泄密、不安全反序列化、供应链异常。和 #6 不同的是它有**安全专用 prompt + 威胁模型 context**。配套用,不替代。\n8. **Bug Hunter — Adversarial AI Code Review + Auto-Fix** —— Hunter \u002F Skeptic \u002F Referee 三 agent 配置:找 bug、**质疑自己的发现**、然后产出你能直接应用的修复 patch。这是「建议修复」那一层 —— 大多数 CI 机器人都在演这一层,Bug Hunter 真的产出 diff。\n9. **\u002Fcommit-push-pr — One-Shot Commit + Push + PR Slash Command** —— 作者侧收口。一个斜杠命令:stage 改动、写 conventional commit message、push、开 PR。上面所有层现在都在 PR 开的瞬间自动触发。你的日常工作流从 7 步手动塌缩成 1 步。\n\n## 它们怎么协同\n\n```\n 作者侧 PR 打开 Reviewer 侧\n ────── ─────── ───────────\n \u002Fcommit-push-pr (#9) ──push──▶ GitHub PR ──▶ Super-Linter (#3) ───┐\n reviewdog (#4) ─────┤\n │\n AI Code Review Checklist (#1) ─── 策略文档 ───┤\n │\n GitHub MCP (#2) ─── 读 PR\u002Fdiff\u002FCI ──┐ │\n ▼ │\n PR-Agent (#6) ───────┤\n Security Review (#7) ┤\n Bug Hunter (#8 + 修复 patch)\n Danger (#5 策略闸门)\n │\n ▼\n 人类 reviewer\n 只看架构 \u002F 品味这种真正需要决策的问题\n```\n\n承重三件套是 **GitHub MCP (#2) + reviewdog (#4) + PR-Agent (#6)** —— 连接、信噪比变换、AI 判断。其他都是在这三个维度上加深。\n\n## 取舍(AI 评审深度 vs 噪音)\n\n- **AI 机器人越多 ≠ review 越好**。每多一个 reviewer 就多一堆评论。PR-Agent + Bug Hunter + Security Review 同时跑一个 50 行 diff 能产 30+ 条评论。**每加一个之前**把它的阈值调到「只发 critical」。Reviewer 疲劳是真实成本。\n- **Super-Linter vs 各语言原生 linter**。Super-Linter 是一行 Action 的捷径。如果你是纯 Python 团队,原生 `ruff` + `pre-commit` 快 10 倍,误报更少。用 Super-Linter **起步**;等团队有了主力 stack 再升级到原生分语言 linter。\n- **Danger vs branch protection rules**。GitHub 内置的分支保护管「require 2 reviews」「require CI green」。Danger 管「你动了 auth 模块,必须打 security label」。别两边都用 Danger 做 —— 让 GitHub 做笨闸门,让 Danger 做上下文相关的。\n- **AI 自动修复 patch (#8) 是建议不是 commit**。Bug Hunter 产出 patch,**人还得自己 apply**。别 auto-merge AI 写的修复 —— 凌晨 2 点弄坏下游消费者的「贴心 refactor」就是这么来的。\n- **成本**。PR-Agent + Security Review + Bug Hunter 每个 PR 都调 LLM。一个忙的 repo 一个月 $50-200 API 开销。比一个工程师小时便宜,但要列预算。\n\n## 常见踩坑\n\n- **跳过 #1(清单)**。团队装好机器人,从来没写下「什么算 good」,然后永远在吵机器人「这个该不该报」。清单是机器人在实现的那份 spec。\n- **不接 MCP (#2) 就上 AI 工具**。能用(大多数有 GitHub 原生集成),但你在评论里 `@` 机器人时它给的答案会更差,因为它没法拉最新 diff 或查 CI 状态。\n- **Super-Linter 每次 push 都跑**。用 `paths:` 过滤或 matrix 分片。否则改一行 README 触发 4 分钟 lint job,工程师会开始 force-push 绕过 CI。\n- **AI reviewer 没设 `\u002Fnever-do`**。PR-Agent 和 Bug Hunter 给点机会就会永远建议「这个变量改个名」。把团队不要的反模式写进它们配置:不要纯改名建议、不要单字符格式化建议、不要重开关闭的 thread。**安静的 reviewer 才会有人看**。\n- **不跑测试就信自动修复 patch**。Bug Hunter 的自动修复**听起来像**对的,不**证明是**对的。要求 patch 分支测试过了人才能 merge。否则「修复」是能编译的幻觉逻辑。",[104,107,110,113,116],{"q":105,"a":106},"做 PR review 真要装九个工具吗?","单干就不用 —— 装 #1(清单)和 #9(commit-push-pr)就够了。完整九件套是给 3+ 人团队的:PR review 已经成瓶颈、安全和 lint 回归真在发生、你本来要再招个 senior 干无聊那层 review 的钱省下来。算下来差不多 200+ PR\u002F月以上才划算 —— 低于这个数,PR-Agent + Bug Hunter + Security Review 的 API 钱不值。",{"q":108,"a":109},"PR-Agent + Bug Hunter + Security Review 一起跑会不会评论刷屏?","默认会。诀窍是严重程度调优:每个机器人都配成只在「high」或「critical」时发。PR-Agent 的总结保持在顶层一条(扫一眼很便宜);Bug Hunter 和 Security Review 只在找到具体问题时才发。调一周后平均每个 PR 会落在 2-4 条 AI 评论 —— 够用,少到每条都能认真看。",{"q":111,"a":112},"为啥同时要 Super-Linter (#3) 和 reviewdog (#4)?","做的事不一样。Super-Linter **跑 linter**。reviewdog **把 linter 输出转成 PR 内联评论**。没有 reviewdog,Super-Linter 的发现住在没人点开的 CI log 里。没有 Super-Linter,reviewdog 没东西可以转。是两段流水线:先产出、再放对位置。多数团队先装 Super-Linter,痛苦读两周 log,再装 reviewdog,然后立刻想不通为啥不早装。",{"q":114,"a":115},"Claude Code Security Review (#7) 和 PR-Agent (#6) 是不是重复了?","不是。PR-Agent 的 review 是**宽**:可读性、命名、测试覆盖、明显的 bug。Security Review 是**窄但深**:安全专用 prompt,找的是漏洞类别(注入、auth bypass、泄密、反序列化),通用 reviewer 专注架构时容易漏的。两个一起跑;纯文档 PR 上把 Security Review mute 掉省 API 钱。",{"q":117,"a":118},"能不能不一次装九个,渐进采用?","**这才是推荐路径**。第 1 周:装 #1(清单)+ #2(GitHub MCP)+ #9(commit-push-pr)。第 2 周:加 #3(Super-Linter)+ #4(reviewdog),团队立刻感觉到差别。第 3 周:加 #6(PR-Agent)并调评论阈值。第 4 周:加 #5(Danger)、#7(Security Review)、#8(Bug Hunter)。在 MCP + lint 流水线就位前就上任何 AI 机器人,只会制造噪音。",{"@context":120,"@type":121,"name":122,"description":123,"numberOfItems":124,"inLanguage":125},"https:\u002F\u002Fschema.org","ItemList","PR 自动评审包","九个开源工具把 AI 评审分层叠加到每个 PR 上 —— 人审清单、GitHub MCP、lint、策略机器人、AI 评审、安全审计、对抗式 Bug Hunter、commit-push-PR 斜杠命令,按安装顺序排好。",9,"zh-CN",[127,131,135],{"url":128,"anchor":129,"reason":130},"\u002Fzh\u002Fai-tools-for\u002Fcoding","AI 编程工具集","对比可以接入这套 PR review 流水线的编码 agent",{"url":132,"anchor":133,"reason":134},"\u002Fzh\u002Ffeatured","TokRepo 精选资产","更广的 skill、MCP server、CI 集成精选目录",{"url":136,"anchor":137,"reason":138},"\u002Fzh\u002Ftopics","浏览其他主题 pack","邻近的 pack 涵盖 Claude Code 上手、GitHub Actions 套件、MCP server 配置",[140,144,148],{"claim":141,"source_name":142,"source_url":143},"PR-Agent 是 Qodo 出的开源 AI PR reviewer,GitHub 10K+ stars","qodo-ai\u002Fpr-agent GitHub 仓库","https:\u002F\u002Fgithub.com\u002Fqodo-ai\u002Fpr-agent",{"claim":145,"source_name":146,"source_url":147},"GitHub MCP Server 是 GitHub 官方提供的 Model Context Protocol 集成","github\u002Fgithub-mcp-server","https:\u002F\u002Fgithub.com\u002Fgithub\u002Fgithub-mcp-server",{"claim":149,"source_name":150,"source_url":151},"Super-Linter 把 50+ 个 linter 聚合成一个 GitHub Action","super-linter\u002Fsuper-linter GitHub 仓库","https:\u002F\u002Fgithub.com\u002Fsuper-linter\u002Fsuper-linter",1180,"2026-05-22T12:00:00Z"]