SKILL.md
$2b
Complete Review Workflow
# Get PR context with gh CLI
PR_DATA=$(gh pr view 123 --json files,additions,deletions,title,body)
PR_DIFF=$(gh pr diff 123)
# Initialize comprehensive review
npx ruv-swarm github review-init \
--pr 123 \
--pr-data "$PR_DATA" \
--diff "$PR_DIFF" \
--agents "security,performance,style,architecture,accessibility" \
--depth comprehensiveπ Table of Contents
- [Multi-Agent Review System](#multi-agent-review-system)
- [Specialized Review Agents](#specialized-review-agents)
- [PR-Based Swarm Management](#pr-based-swarm-management)
- [Automated Workflows](#automated-workflows)
- [Quality Gates & Checks](#quality-gates--checks)
<$details>
- [Security Review Agent](#security-review-agent)
- [Performance Review Agent](#performance-review-agent)
- [Architecture Review Agent](#architecture-review-agent)
- [Style &#x26; Convention Agent](#style--convention-agent)
- [Accessibility Agent](#accessibility-agent)
<$details>
- [Context-Aware Reviews](#context-aware-reviews)
- [Learning from History](#learning-from-history)
- [Cross-PR Analysis](#cross-pr-analysis)
- [Custom Review Agents](#custom-review-agents)
<$details>
- [CI/CD Integration](#cicd-integration)
- [Webhook Handlers](#webhook-handlers)
- [PR Comment Commands](#pr-comment-commands)
- [Automated Fixes](#automated-fixes)
<$details>
π Core Features
Multi-Agent Review System
Deploy specialized AI agents for comprehensive code review:
# Initialize review swarm with GitHub CLI integration
PR_DATA=$(gh pr view 123 --json files,additions,deletions,title,body)
PR_DIFF=$(gh pr diff 123)
# Start multi-agent review
npx ruv-swarm github review-init \
--pr 123 \
--pr-data "$PR_DATA" \
--diff "$PR_DIFF" \
--agents "security,performance,style,architecture,accessibility" \
--depth comprehensive
# Post initial review status
gh pr comment 123 --body "π Multi-agent code review initiated"Benefits:
- β Parallel review by specialized agents
- β Comprehensive coverage across multiple domains
- β Faster review cycles with coordinated analysis
- β Consistent quality standards enforcement
π€ Specialized Review Agents
Security Review Agent
Focus: Identify security vulnerabilities and suggest fixes
# Get changed files from PR
CHANGED_FILES=$(gh pr view 123 --json files --jq '.files[].path')
# Run security-focused review
SECURITY_RESULTS=$(npx ruv-swarm github review-security \
--pr 123 \
--files "$CHANGED_FILES" \
--check "owasp,cve,secrets,permissions" \
--suggest-fixes)
# Post findings based on severity
if echo "$SECURITY_RESULTS" | grep -q "critical"; then
# Request changes for critical issues
gh pr review 123 --request-changes --body "$SECURITY_RESULTS"
gh pr edit 123 --add-label "security-review-required"
else
# Post as comment for non-critical issues
gh pr comment 123 --body "$SECURITY_RESULTS"
fi{
"checks": [
"SQL injection vulnerabilities",
"XSS attack vectors",
"Authentication bypasses",
"Authorization flaws",
"Cryptographic weaknesses",
"Dependency vulnerabilities",
"Secret exposure",
"CORS misconfigurations"
],
"actions": [
"Block PR on critical issues",
"Suggest secure alternatives",
"Add security test cases",
"Update security documentation"
]
}<$details>
π **Security Issue: [Type]**
**Severity**: π΄ Critical / π‘ High / π’ Low
**Description**:
[Clear explanation of the security issue]
**Impact**:
[Potential consequences if not addressed]
**Suggested Fix**:
[Code example of the fix]
**References**:
- [OWASP Guide](https://github.com/ruvnet/ruflo/blob/HEAD/.agents/skills/github-code-review/link)
- [Security Best Practices](https://github.com/ruvnet/ruflo/blob/HEAD/.agents/skills/github-code-review/link)
<$details>
---
Performance Review Agent
Focus: Analyze performance impact and optimization opportunities
# Run performance analysis
npx ruv-swarm github review-performance \
--pr 123 \
--profile "cpu,memory,io" \
--benchmark-against main \
--suggest-optimizations{
"metrics": [
"Algorithm complexity (Big O analysis)",
"Database query efficiency",
"Memory allocation patterns",
"Cache utilization",
"Network request optimization",
"Bundle size impact",
"Render performance"
],
"benchmarks": [
"Compare with baseline",
"Load test simulations",
"Memory leak detection",
"Bottleneck identification"
]
}<$details>
Architecture Review Agent
Focus: Evaluate design patterns and architectural decisions
# Architecture review
npx ruv-swarm github review-architecture \
--pr 123 \
--check "patterns,coupling,cohesion,solid" \
--visualize-impact \
--suggest-refactoring{
"patterns": [
"Design pattern adherence",
"SOLID principles",
"DRY violations",
"Separation of concerns",
"Dependency injection",
"Layer violations",
"Circular dependencies"
],
"metrics": [
"Coupling metrics",
"Cohesion scores",
"Complexity measures",
"Maintainability index"
]
}<$details>
Style & Convention Agent
Focus: Enforce coding standards and best practices
# Style enforcement with auto-fix
npx ruv-swarm github review-style \
--pr 123 \
--check "formatting,naming,docs,tests" \
--auto-fix "formatting,imports,whitespace"{
"checks": [
"Code formatting",
"Naming conventions",
"Documentation standards",
"Comment quality",
"Test coverage",
"Error handling patterns",
"Logging standards"
],
"auto-fix": [
"Formatting issues",
"Import organization",
"Trailing whitespace",
"Simple naming issues"
]
}<$details>
π PR-Based Swarm Management
Create Swarm from PR
# Create swarm from PR description using gh CLI
gh pr view 123 --json body,title,labels,files | npx ruv-swarm swarm create-from-pr
# Auto-spawn agents based on PR labels
gh pr view 123 --json labels | npx ruv-swarm swarm auto-spawn
# Create swarm with full PR context
gh pr view 123 --json body,labels,author,assignees | \
npx ruv-swarm swarm init --from-pr-dataLabel-Based Agent Assignment
Map PR labels to specialized agents:
{
"label-mapping": {
"bug": ["debugger", "tester"],
"feature": ["architect", "coder", "tester"],
"refactor": ["analyst", "coder"],
"docs": ["researcher", "writer"],
"performance": ["analyst", "optimizer"],
"security": ["security", "authentication", "audit"]
}
}Topology Selection by PR Size
# Automatic topology selection based on PR complexity
# Small PR (< 100 lines): ring topology
# Medium PR (100-500 lines): mesh topology
# Large PR (> 500 lines): hierarchical topology
npx ruv-swarm github pr-topology --pr 123π¬ PR Comment Commands
Execute swarm commands directly from PR comments:
<!-- In PR comment -->
$swarm init mesh 6
$swarm spawn coder "Implement authentication"
$swarm spawn tester "Write unit tests"
$swarm status
$swarm review --agents security,performance// webhook-handler.js
const { createServer } = require('http');
const { execSync } = require('child_process');
createServer((req, res) => {
if (req.url === '$github-webhook') {
const event = JSON.parse(body);
if (event.action === 'opened' && event.pull_request) {
execSync(`npx ruv-swarm github pr-init ${event.pull_request.number}`);
}
if (event.comment && event.comment.body.startsWith('$swarm')) {
const command = event.comment.body;
execSync(`npx ruv-swarm github handle-comment --pr ${event.issue.number} --command "${command}"`);
}
res.writeHead(200);
res.end('OK');
}
}).listen(3000);<$details>
βοΈ Review Configuration
Configuration File
# .github$review-swarm.yml
version: 1
review:
auto-trigger: true
required-agents:
- security
- performance
- style
optional-agents:
- architecture
- accessibility
- i18n
thresholds:
security: block # Block merge on security issues
performance: warn # Warn on performance issues
style: suggest # Suggest style improvements
rules:
security:
- no-eval
- no-hardcoded-secrets
- proper-auth-checks
- validate-input
performance:
- no-n-plus-one
- efficient-queries
- proper-caching
- optimize-loops
architecture:
- max-coupling: 5
- min-cohesion: 0.7
- follow-patterns
- avoid-circular-depsCustom Review Triggers
{
"triggers": {
"high-risk-files": {
"paths": ["**$auth/**", "**$payment/**", "**$admin/**"],
"agents": ["security", "architecture"],
"depth": "comprehensive",
"require-approval": true
},
"performance-critical": {
"paths": ["**$api/**", "**$database/**", "**$cache/**"],
"agents": ["performance", "database"],
"benchmarks": true,
"regression-threshold": "5%"
},
"ui-changes": {
"paths": ["**$components/**", "**$styles/**", "**$pages/**"],
"agents": ["accessibility", "style", "i18n"],
"visual-tests": true,
"responsive-check": true
}
}
}π€ Automated Workflows
Auto-Review on PR Creation
# .github$workflows$auto-review.yml
name: Automated Code Review
on:
pull_request:
types: [opened, synchronize]
issue_comment:
types: [created]
jobs:
swarm-review:
runs-on: ubuntu-latest
steps:
- uses: actions$checkout@v3
with:
fetch-depth: 0
- name: Setup GitHub CLI
run: echo "${{ secrets.GITHUB_TOKEN }}" | gh auth login --with-token
- name: Run Review Swarm
run: |
# Get PR context with gh CLI
PR_NUM=${{ github.event.pull_request.number }}
PR_DATA=$(gh pr view $PR_NUM --json files,title,body,labels)
PR_DIFF=$(gh pr diff $PR_NUM)
# Run swarm review
REVIEW_OUTPUT=$(npx ruv-swarm github review-all \
--pr $PR_NUM \
--pr-data "$PR_DATA" \
--diff "$PR_DIFF" \
--agents "security,performance,style,architecture")
# Post review results
echo "$REVIEW_OUTPUT" | gh pr review $PR_NUM --comment -F -
# Update PR status
if echo "$REVIEW_OUTPUT" | grep -q "approved"; then
gh pr review $PR_NUM --approve
elif echo "$REVIEW_OUTPUT" | grep -q "changes-requested"; then
gh pr review $PR_NUM --request-changes -b "See review comments above"
fi
- name: Update Labels
run: |
# Add labels based on review results
if echo "$REVIEW_OUTPUT" | grep -q "security"; then
gh pr edit $PR_NUM --add-label "security-review"
fi
if echo "$REVIEW_OUTPUT" | grep -q "performance"; then
gh pr edit $PR_NUM --add-label "performance-review"
fi㪠Intelligent Comment Generation
Generate Contextual Review Comments
# Get PR diff with context
PR_DIFF=$(gh pr diff 123 --color never)
PR_FILES=$(gh pr view 123 --json files)
# Generate review comments
COMMENTS=$(npx ruv-swarm github review-comment \
--pr 123 \
--diff "$PR_DIFF" \
--files "$PR_FILES" \
--style "constructive" \
--include-examples \
--suggest-fixes)
# Post comments using gh CLI
echo "$COMMENTS" | jq -c '.[]' | while read -r comment; do
FILE=$(echo "$comment" | jq -r '.path')
LINE=$(echo "$comment" | jq -r '.line')
BODY=$(echo "$comment" | jq -r '.body')
COMMIT_ID=$(gh pr view 123 --json headRefOid -q .headRefOid)
# Create inline review comments
gh api \
--method POST \
$repos/:owner/:repo$pulls/123$comments \
-f path="$FILE" \
-f line="$LINE" \
-f body="$BODY" \
-f commit_id="$COMMIT_ID"
doneBatch Comment Management
# Manage review comments efficiently
npx ruv-swarm github review-comments \
--pr 123 \
--group-by "agent,severity" \
--summarize \
--resolve-outdatedπͺ Quality Gates & Checks
Status Checks
# Required status checks in branch protection
protection_rules:
required_status_checks:
strict: true
contexts:
- "review-swarm$security"
- "review-swarm$performance"
- "review-swarm$architecture"
- "review-swarm$tests"Define Quality Gates
# Set quality gate thresholds
npx ruv-swarm github quality-gates \
--define '{
"security": {"threshold": "no-critical"},
"performance": {"regression": "<5%"},
"coverage": {"minimum": "80%"},
"architecture": {"complexity": "<10"},
"duplication": {"maximum": "5%"}
}'Track Review Metrics
# Monitor review effectiveness
npx ruv-swarm github review-metrics \
--period 30d \
--metrics "issues-found,false-positives,fix-rate,time-to-review" \
--export-dashboard \
--format jsonπ Advanced Features
Context-Aware Reviews
Analyze PRs with full project context:
# Review with comprehensive context
npx ruv-swarm github review-context \
--pr 123 \
--load-related-prs \
--analyze-impact \
--check-breaking-changes \
--dependency-analysisLearning from History
Train review agents on your codebase patterns:
# Learn from past reviews
npx ruv-swarm github review-learn \
--analyze-past-reviews \
--identify-patterns \
--improve-suggestions \
--reduce-false-positives
# Train on your codebase
npx ruv-swarm github review-train \
--learn-patterns \
--adapt-to-style \
--improve-accuracyCross-PR Analysis
Coordinate reviews across related pull requests:
# Analyze related PRs together
npx ruv-swarm github review-batch \
--prs "123,124,125" \
--check-consistency \
--verify-integration \
--combined-impactMulti-PR Swarm Coordination
# Coordinate swarms across related PRs
npx ruv-swarm github multi-pr \
--prs "123,124,125" \
--strategy "parallel" \
--share-memoryπ οΈ Custom Review Agents
Create Custom Agent
// custom-review-agent.js
class CustomReviewAgent {
constructor(config) {
this.config = config;
this.rules = config.rules || [];
}
async review(pr) {
const issues = [];
// Custom logic: Check for TODO comments in production code
if (await this.checkTodoComments(pr)) {
issues.push({
severity: 'warning',
file: pr.file,
line: pr.line,
message: 'TODO comment found in production code',
suggestion: 'Resolve TODO or create issue to track it'
});
}
// Custom logic: Verify API versioning
if (await this.checkApiVersioning(pr)) {
issues.push({
severity: 'error',
file: pr.file,
line: pr.line,
message: 'API endpoint missing versioning',
suggestion: 'Add $v1/, $v2/ prefix to API routes'
});
}
return issues;
}
async checkTodoComments(pr) {
// Implementation
const todoRegex = /\/\/\s*TODO|\/\*\s*TODO$gi;
return todoRegex.test(pr.diff);
}
async checkApiVersioning(pr) {
// Implementation
const apiRegex = $app\.(get|post|put|delete)\(['"]\$api\/(?!v\d+)/;
return apiRegex.test(pr.diff);
}
}
module.exports = CustomReviewAgent;Register Custom Agent
# Register custom review agent
npx ruv-swarm github register-agent \
--name "custom-reviewer" \
--file ".$custom-review-agent.js" \
--category "standards"π§ CI/CD Integration
Integration with Build Pipeline
# .github$workflows$build-and-review.yml
name: Build and Review
on: [pull_request]
jobs:
build-and-test:
runs-on: ubuntu-latest
steps:
- uses: actions$checkout@v3
- run: npm install
- run: npm test
- run: npm run build
swarm-review:
needs: build-and-test
runs-on: ubuntu-latest
steps:
- name: Run Swarm Review
run: |
npx ruv-swarm github review-all \
--pr ${{ github.event.pull_request.number }} \
--include-build-resultsAutomated PR Fixes
# Auto-fix common issues
npx ruv-swarm github pr-fix 123 \
--issues "lint,test-failures,formatting" \
--commit-fixes \
--push-changesProgress Updates to PR
# Post swarm progress to PR using gh CLI
PROGRESS=$(npx ruv-swarm github pr-progress 123 --format markdown)
gh pr comment 123 --body "$PROGRESS"
# Update PR labels based on progress
if [[ $(echo "$PROGRESS" | grep -o '[0-9]\+%' | sed 's/%//') -gt 90 ]]; then
gh pr edit 123 --add-label "ready-for-review"
fiπ Complete Workflow Examples
Example 1: Security-Critical PR
# Review authentication system changes
npx ruv-swarm github review-init \
--pr 456 \
--agents "security,authentication,audit" \
--depth "maximum" \
--require-security-approval \
--penetration-testExample 2: Performance-Sensitive PR
# Review database optimization
npx ruv-swarm github review-init \
--pr 789 \
--agents "performance,database,caching" \
--benchmark \
--profile \
--load-testExample 3: UI Component PR
# Review new component library
npx ruv-swarm github review-init \
--pr 321 \
--agents "accessibility,style,i18n,docs" \
--visual-regression \
--component-tests \
--responsive-checkExample 4: Feature Development PR
# Review new feature implementation
gh pr view 456 --json body,labels,files | \
npx ruv-swarm github pr-init 456 \
--topology hierarchical \
--agents "architect,coder,tester,security" \
--auto-assign-tasksExample 5: Bug Fix PR
# Review bug fix with debugging focus
npx ruv-swarm github pr-init 789 \
--topology mesh \
--agents "debugger,analyst,tester" \
--priority high \
--regression-testπ Monitoring & Analytics
Review Dashboard
# Launch real-time review dashboard
npx ruv-swarm github review-dashboard \
--real-time \
--show "agent-activity,issue-trends,fix-rates,coverage"Generate Review Reports
# Create comprehensive review report
npx ruv-swarm github review-report \
--format "markdown" \
--include "summary,details,trends,recommendations" \
--email-stakeholders \
--export-pdfPR Swarm Analytics
# Generate PR-specific analytics
npx ruv-swarm github pr-report 123 \
--metrics "completion-time,agent-efficiency,token-usage,issue-density" \
--format markdown \
--compare-baselineExport to GitHub Insights
# Export metrics to GitHub Insights
npx ruv-swarm github export-metrics \
--pr 123 \
--to-insights \
--dashboard-urlπ Security Considerations
Best Practices
- Token Permissions: Ensure GitHub tokens have minimal required scopes
- Command Validation: Validate all PR comments before execution
- Rate Limiting: Implement rate limits for PR operations
- Audit Trail: Log all swarm operations for compliance
- Secret Management: Never expose API keys in PR comments or logs
Security Checklist
- GitHub token scoped to repository only
- Webhook signatures verified
- Command injection protection enabled
- Rate limiting configured
- Audit logging enabled
- Secrets scanning active
- Branch protection rules enforced
π Best Practices
1. Review Configuration
- β Define clear review criteria upfront
- β Set appropriate severity thresholds
- β Configure agent specializations for your stack
- β Establish override procedures for emergencies
2. Comment Quality
- β Provide actionable, specific feedback
- β Include code examples with suggestions
- β Reference documentation and best practices
- β Maintain respectful, constructive tone
3. Performance Optimization
- β Cache analysis results to avoid redundant work
- β Use incremental reviews for large PRs
- β Enable parallel agent execution
- β Batch comment operations efficiently
4. PR Templates
<!-- .github$pull_request_template.md -->
## Swarm Configuration
- Topology: [mesh$hierarchical$ring$star]
- Max Agents: [number]
- Auto-spawn: [yes$no]
- Priority: [high$medium$low]
## Tasks for Swarm
- [ ] Task 1 description
- [ ] Task 2 description
- [ ] Task 3 description
## Review Focus Areas
- [ ] Security review
- [ ] Performance analysis
- [ ] Architecture validation
- [ ] Accessibility check5. Auto-Merge When Ready
# Auto-merge when swarm completes and passes checks
SWARM_STATUS=$(npx ruv-swarm github pr-status 123)
if [[ "$SWARM_STATUS" == "complete" ]]; then
# Check review requirements
REVIEWS=$(gh pr view 123 --json reviews --jq '.reviews | length')
if [[ $REVIEWS -ge 2 ]]; then
# Enable auto-merge
gh pr merge 123 --auto --squash
fi
fiπ Integration with Claude Code
Workflow Pattern
- Claude Code reads PR diff and context
- Swarm coordinates review approach based on PR type
- Agents work in parallel on different review aspects
- Progress updates posted to PR automatically
- Final review performed before marking ready
Example: Complete PR Management
[Single Message - Parallel Execution]:
// Initialize coordination
mcp__claude-flow__swarm_init { topology: "hierarchical", maxAgents: 5 }
mcp__claude-flow__agent_spawn { type: "reviewer", name: "Senior Reviewer" }
mcp__claude-flow__agent_spawn { type: "tester", name: "QA Engineer" }
mcp__claude-flow__agent_spawn { type: "coordinator", name: "Merge Coordinator" }
// Create and manage PR using gh CLI
Bash("gh pr create --title 'Feature: Add authentication' --base main")
Bash("gh pr view 54 --json files,diff")
Bash("gh pr review 54 --approve --body 'LGTM after automated review'")
// Execute tests and validation
Bash("npm test")
Bash("npm run lint")
Bash("npm run build")
// Track progress
TodoWrite { todos: [
{ content: "Complete code review", status: "completed", activeForm: "Completing code review" },
{ content: "Run test suite", status: "completed", activeForm: "Running test suite" },
{ content: "Validate security", status: "completed", activeForm: "Validating security" },
{ content: "Merge when ready", status: "pending", activeForm: "Merging when ready" }
]}π Troubleshooting
Common Issues
Solution:
# Check swarm status
npx ruv-swarm swarm-status
# Verify GitHub CLI authentication
gh auth status
# Re-initialize swarm
npx ruv-swarm github review-init --pr 123 --force<$details>
Solution:
# Verify GitHub token permissions
gh auth status
# Check API rate limits
gh api rate_limit
# Use batch comment posting
npx ruv-swarm github review-comments --pr 123 --batch<$details>
Solution:
# Use incremental review for large PRs
npx ruv-swarm github review-init --pr 123 --incremental
# Reduce agent count
npx ruv-swarm github review-init --pr 123 --agents "security,style" --max-agents 3
# Enable parallel processing
npx ruv-swarm github review-init --pr 123 --parallel --cache-results<$details>
π Additional Resources
Related Skills
github-pr-manager- Comprehensive PR lifecycle management
github-workflow-automation- Automate GitHub workflows
swarm-coordination- Advanced swarm orchestration
Documentation
Support
- GitHub Issues: Report bugs and request features
- Community: Join discussions and share experiences
- Examples: Browse example configurations and workflows
π License
This skill is part of the Claude Code Flow project and is licensed under the MIT License.
Last Updated: 2025-10-19
Version: 1.0.0
Maintainer: Claude Code Flow Team