ClaudeLoops
/
PR review → risk-tagged comment
All loops
Claude CodeMedium 15 min· claude-opus-4

PR review → risk-tagged comment

Claude Code reviews every PR and posts a risk-banded comment with suggested tests.

NOT DEPLOYEDNOT DEPLOYED
0184ms
Trigger
POST https://hooks.claudeloops.run/claude-code-pr-risk-review · event=stripe.customer.subscription.created
021264ms
Agent
claude-opus-4 · in 1164 tok · out 588 tok
03294ms
Tools
github-mcp/github:pulls.create → 200 OK · 224ms
0474ms
Verify
schema check · zod v3 passed
05164ms
Output
changelog updated · v1.4.2
0644ms
Notify
audit log written · runbook link attached
SUCCESS
0%
0 runs
P50
0ms
median
P95
0ms
tail
AVG COST
per run
LAST OK
never
LAST FAIL
never
none
Latency · last 30 runs0 samples
no runs yet
Latest output · what your users see
Openacme/infra #2184
fix: retry 429s from Anthropic with jitter
5 files+264-114
  • Ran full test suite → 218 passed, 0 failed (12.3s)
  • Coverage delta: +0.4% on `src/lib/*`
  • No breaking changes detected in public API
// press Test to run once · Watch live to keep streaming · Deploy to make it real
The problem

Senior engineers spend hours triaging PRs — most are low-risk, but you can't skip the read.

The outcome

Every PR gets a banner: 🟢 Low / 🟡 Medium / 🔴 High risk, with a 3-bullet rationale and suggested tests. Reviewers skim and ship.

Ingredients & skills

Secrets
  • ANTHROPIC_API_KEY
  • GITHUB_TOKEN
Providers
  • Anthropic
  • GitHub
MCP servers
  • github-mcp
#claude code#github#ci

How it works

GitHub Action triggers on PR open/sync. Claude Code reviews the diff, returns a structured risk verdict, and posts a single sticky comment.

Step 1

1 — Add agents.md

Tell Claude Code how to review. This is the standard agents.md format.

.claude/agents.md
# Risk reviewer

You are reviewing a GitHub pull request.

Output JSON only:
```json
{ "risk": "low|medium|high", "reasons": ["..."], "tests": ["..."] }
```

Rules:
- Touching auth, billing, or migrations → never below `medium`.
- Pure docs/CI changes → `low`.
- Cite file:line for each reason.
Step 2

2 — GitHub Action

Runs on every push to a PR. The ClaudeLoops action handles secret injection.

.github/workflows/risk-review.yml
name: Risk review
on: pull_request
jobs:
  review:
    runs-on: ubuntu-latest
    permissions: { pull-requests: write, contents: read }
    steps:
      - uses: actions/checkout@v4
        with: { fetch-depth: 0 }
      - uses: claudeloops/action@v1
        with:
          locker: code-review
          agent: .claude/agents.md
          model: claude-opus-4
          post-comment: sticky
          comment-marker: risk-review
Step 3

3 — Sticky comment template

The action renders this with the JSON output. One comment per PR, updated in place.

markdown
## {{risk_emoji}} {{risk | upper}} risk

{{#each reasons}}
- {{this}}
{{/each}}

**Suggested tests:**
{{#each tests}}
- [ ] {{this}}
{{/each}}
One-line deploy

The button above runs the same command with your saved config. This is the raw CLI form.

bash
gh extension install claudeloops/gh-locker && gh locker apply
https://hooks.claudeloops.run/claude-code-pr-risk-review

Related loops