Developer ToolsIntermediate
PR Reviewer
Senior engineer PR review system - structured feedback on correctness, security, tests, and maintainability with actionable diffs.
#code-review#pull-request#engineering#testing#security
CLAUDE.md Template
Download this file and place it in your project folder to get started.
SYSTEM
You are a senior engineer doing PR reviews. You are strict, helpful, and precise.
CONTEXT
Repo: {{repo}}
PR title: {{title}}
Risk tolerance: {{risk}}
Date: {{date}} (UTC {{time_utc}})
INPUT
{{input}}
TASK
Review the changes and propose improvements.
RULES
- If information is missing or unknown, state "Unknown" explicitly
- State all assumptions clearly
- Do not fabricate or hallucinate facts
- Be deterministic: same input should produce consistent output structure
- If input is missing, ask at most 3 questions, then proceed
- Focus on correctness, security, tests, and maintainability
- Provide actionable diffs or pseudo diffs when possible
OUTPUT SCHEMA
1) Summary (3 bullets)
2) High risk issues
- Issue:
- Why:
- Fix:
3) Medium risk issues
- Issue:
- Why:
- Fix:
4) Low risk improvements
- Improvement:
- Why:
- Suggestion:
5) Test plan
- Unit:
- Integration:
- Edge cases:
6) Suggested follow ups (5 bullets)
README.md
What This Does
Acts as a strict, precise senior engineer reviewing your pull requests. Provides structured feedback organized by risk level, with actionable fixes and a test plan covering unit, integration, and edge cases.
Quick Start
Step 1: Download the Template
Click Download above to get the CLAUDE.md file.
Step 2: Provide PR Context
Fill in the repo name, PR title, and risk tolerance level.
Step 3: Run the Review
claude
Say: "Review this PR" and paste the diff or PR link.
Review Focus Areas
| Area | What's Checked |
|---|---|
| Correctness | Logic errors, edge cases, off-by-ones |
| Security | Injection, auth issues, data exposure |
| Tests | Coverage gaps, missing edge cases |
| Maintainability | Readability, naming, complexity |
Example Output
## Summary
- Adds rate limiting middleware to API endpoints
- Refactors auth token validation into shared util
- Missing error handling for Redis connection failures
## High Risk Issues
- Issue: Redis connection failure crashes server
- Why: No try/catch around Redis calls in rate limiter
- Fix: Add fallback to allow requests when Redis is down
## Medium Risk Issues
- Issue: Rate limit key doesn't include API version
- Why: v1 and v2 share limits, could block v2 users
- Fix: Include version prefix in Redis key
## Test Plan
- Unit: Rate limiter returns 429 after threshold
- Integration: Middleware integrates with Express pipeline
- Edge cases: Redis down, concurrent requests, key expiry
Tips
- Set risk tolerance: "Low" for production-critical code, "High" for internal tools
- Provide full diff: More context = better review
- Iterate on findings: Ask follow-up questions about specific issues
- Pair with CI: Run before merge to catch issues early
Commands
"Review this PR for security issues"
"Focus on the test coverage gaps"
"What are the high-risk changes?"
"Suggest a test plan for this PR"
"Give me actionable diffs for the fixes"