PR Reviewer
Automated code review for GitHub pull requests. Analyzes diffs for security issues, error handling gaps, style problems, and test coverage.
Prerequisites
- -
gh CLI installed and authenticated (gh auth status) - Repository access (read at minimum, write for posting comments)
- Optional:
golangci-lint for Go linting, ruff for Python linting
Quick Start
CODEBLOCK0
Configuration
Set these environment variables or the script auto-detects from the current git repo:
- -
PR_REVIEW_REPO — GitHub repo in owner/repo format (default: detected from gh repo view) - INLINECODE7� — Local checkout path for lint (default: git root of cwd)
- INLINECODE8� — State file path (default:
./data/pr-reviews.json) - INLINECODE10� — Report output directory (default:
./data/pr-reviews/)
Directories Written
- -
PR_REVIEW_STATE (default: ./data/pr-reviews.json) — Tracks reviewed PRs and their HEAD SHAs PR_REVIEW_OUTDIR (default: ./data/pr-reviews/) — Markdown review reports
What It Checks
| Category | Icon | Examples |
|---|
| Security | 🔴 | Hardcoded credentials, AWS keys, secrets in code |
| Error Handling |
🟡 | Discarded errors (Go
_ :=), bare
except: (Python), unchecked
Close() |
| Risk | 🟠 |
panic() calls,
process.exit() |
| Style | 🔵 |
fmt.Print/
print()/
console.log in prod, very long lines |
| TODOs | 📝 | TODO, FIXME, HACK, XXX markers |
| Test Coverage | 📊 | Source files changed without corresponding test changes |
Smart Re-Review
Tracks HEAD SHA per PR. Only re-reviews when new commits are pushed. Use review <PR#> to force re-review.
Report Format
Reports are saved as markdown files in the output directory. Each report includes:
- - PR metadata (author, branch, changes)
- Commit list
- Changed file categorization by language/type
- Automated diff findings with file, line, category, and context
- Test coverage analysis
- Local lint results (when repo is checked out locally)
- Summary verdict: 🔴 SECURITY / 🟡 NEEDS ATTENTION / 🔵 MINOR NOTES / ✅ LOOKS GOOD
Heartbeat/Cron Integration
Add to a periodic check (heartbeat, cron job, or CI):
CODEBLOCK1
Extending
The analysis patterns in the script are organized by language. Add new patterns by appending to the relevant pattern list in the analyze_diff() function:
CODEBLOCK2
PR 审查器
对 GitHub 拉取请求进行自动化代码审查。分析差异内容,检查安全问题、错误处理漏洞、代码风格问题和测试覆盖率。
前置条件
- - 已安装并认证 gh 命令行工具(gh auth status)
- 仓库访问权限(至少读取权限,发布评论需要写入权限)
- 可选:用于 Go 代码检查的 golangci-lint,用于 Python 代码检查的 ruff
快速开始
bash
审查当前仓库中所有开放的 PR
scripts/github/pr-reviewer.sh check
审查指定 PR
scripts/github/pr-reviewer.sh review 42
以 GitHub 评论形式发布审查结果
scripts/github/pr-reviewer.sh post 42
检查所有开放 PR 的状态
scripts/github/pr-reviewer.sh status
列出未审查的 PR(适用于心跳/定时任务集成)
scripts/github/pr-reviewer.sh list-unreviewed
配置
设置以下环境变量,或让脚本自动从当前 git 仓库检测:
- - PRREVIEWREPO — GitHub 仓库,格式为 owner/repo(默认:从 gh repo view 检测)
- PRREVIEWDIR — 用于代码检查的本地检出路径(默认:当前工作目录的 git 根目录)
- PRREVIEWSTATE — 状态文件路径(默认:./data/pr-reviews.json)
- PRREVIEWOUTDIR — 报告输出目录(默认:./data/pr-reviews/)
写入的目录
- - PRREVIEWSTATE(默认:./data/pr-reviews.json)— 记录已审查的 PR 及其 HEAD SHA
- PRREVIEWOUTDIR(默认:./data/pr-reviews/)— Markdown 格式的审查报告
检查内容
| 类别 | 图标 | 示例 |
|---|
| 安全 | 🔴 | 硬编码凭据、AWS 密钥、代码中的机密信息 |
| 错误处理 |
🟡 | 丢弃的错误(Go _ :=)、裸 except:(Python)、未检查的 Close() |
| 风险 | 🟠 | panic() 调用、process.exit() |
| 风格 | 🔵 | 生产环境中的 fmt.Print/print()/console.log、超长行 |
| 待办事项 | 📝 | TODO、FIXME、HACK、XXX 标记 |
| 测试覆盖率 | 📊 | 源文件已修改但未相应修改测试文件 |
智能重新审查
跟踪每个 PR 的 HEAD SHA。仅在有新提交推送时重新审查。使用 review 强制重新审查。
报告格式
报告以 Markdown 文件形式保存在输出目录中。每份报告包含:
- - PR 元数据(作者、分支、变更内容)
- 提交列表
- 按语言/类型分类的变更文件
- 自动化差异分析结果,包含文件、行号、类别和上下文
- 测试覆盖率分析
- 本地代码检查结果(当仓库已本地检出时)
- 总结判定:🔴 安全问题 / 🟡 需要关注 / 🔵 次要问题 / ✅ 看起来不错
心跳/定时任务集成
添加到定期检查中(心跳、定时任务或 CI):
bash
UNREVIEWED=$(scripts/github/pr-reviewer.sh list-unreviewed)
if [ -n $UNREVIEWED ]; then
scripts/github/pr-reviewer.sh check
fi
扩展
脚本中的分析模式按语言组织。通过在 analyze_diff() 函数中追加到相关模式列表来添加新模式:
python
添加新的 Go 模式
go_patterns.append((r^\+.*os\.Exit\(, RISK, 直接调用 os.Exit() — 考虑返回错误))
