Loading...
Loading...
Submit a code review to GitHub via the GitHub API. Use this as the final step in a code review pipeline to post review findings to a PR.
npx skill4agent add xinbenlv/codereview-skills submit-github-review| Input | Required | Description |
|---|---|---|
| Yes | Repository owner (username or organization) |
| Yes | Repository name |
| Yes | Pull Request number |
| Yes | SHA of the commit to review (from retrieve-diff-from-github-pr) |
| Yes | Array of review findings from specialist skills |
| Optional | APPROVE, REQUEST_CHANGES, or COMMENT (default: COMMENT) |
| Output | Description |
|---|---|
| ID of the created review |
| URL to view the review |
| Number of inline comments posted |
| Tool | Purpose |
|---|---|
| Submit the review with body and inline comments |
{
"findings": [
{
"severity": "blocker",
"category": "security",
"evidence": {
"file": "src/auth/login.ts",
"line": 42,
"snippet": "password = req.body.password"
},
"impact": "Password logged in plaintext",
"fix": "Remove logging or hash before logging",
"test": "Check logs for sensitive data"
}
]
}| Findings | Event | Rationale |
|---|---|---|
| Any blocker | | PR should not be merged |
| Any major | | Significant issues need fixing |
| Only minor/nit | | Suggestions, not blocking |
| No issues | | PR looks good |
## Code Review Summary
### 🔴 Blockers (X)
| File | Line | Issue |
|------|------|-------|
| src/auth/login.ts | 42 | SQL injection vulnerability |
### 🟡 Major (X)
| File | Line | Issue |
|------|------|-------|
| src/api/users.ts | 15 | Missing error handling |
### 🔵 Minor (X)
- Consider adding JSDoc to public functions
- Unused import on line 3
### 📋 Nits (X)
- Formatting: extra blank line at EOF
---
*Reviewed by codereview-skills*{
"comments": [
{
"path": "src/auth/login.ts",
"line": 42,
"body": "🔴 **Security**: SQL injection vulnerability\n\n```suggestion\nconst user = await db.query('SELECT * FROM users WHERE id = ?', [userId]);\n```\n\n**Impact**: Attacker can execute arbitrary SQL\n**Fix**: Use parameterized queries"
}
]
}<severity_emoji> **<category>**: <title>
<description>
```suggestion
<suggested fix if applicable>
Severity emojis:
- 🔴 Blocker
- 🟡 Major
- 🔵 Minor
- ⚪ Nit
## Step 5: Submit Review
Use the GitHub MCP tool:
```json
{
"tool": "create_pull_request_review",
"server": "user-github",
"arguments": {
"owner": "<owner>",
"repo": "<repo>",
"pull_number": <number>,
"commit_id": "<sha>",
"body": "<review summary>",
"event": "REQUEST_CHANGES",
"comments": [
{
"path": "src/auth/login.ts",
"line": 42,
"body": "🔴 **Security**: SQL injection..."
}
]
}
}{
"status": "success",
"review": {
"id": 12345,
"url": "https://github.com/owner/repo/pull/123#pullrequestreview-12345",
"event": "REQUEST_CHANGES",
"body": "## Code Review Summary...",
"comments_count": 5
},
"summary": {
"blockers": 1,
"major": 2,
"minor": 3,
"nits": 2,
"total": 8
}
}1. retrieve-diff-from-github-pr
↓ (PR info + diff + commit_id)
2. codereview-orchestrator
↓ (triage + routing plan)
3. Specialist skills (parallel or sequential)
↓ (findings array)
4. submit-github-review (this skill)
↓ (posted review)
5. Return URL to user□ Aggregate Findings
□ Collect from all specialist skills
□ Deduplicate if needed
□ Determine Event
□ Any blockers/major → REQUEST_CHANGES
□ Only minor/nit → COMMENT
□ No issues → APPROVE
□ Format Body
□ Summary with severity breakdown
□ Table of issues by severity
□ Format Comments
□ Convert findings to inline comments
□ Use line numbers from evidence
□ Submit Review
□ Call create_pull_request_review
□ Return review URL| Error | Cause | Resolution |
|---|---|---|
| 422 Invalid | Line doesn't exist in diff | Use position instead of line |
| 404 Not Found | PR or commit doesn't exist | Verify PR number and commit SHA |
| 403 Forbidden | No permission to review | Check GitHub token permissions |
retrieve-diff-from-github-prlineposition