PR review → risk-tagged comment
Claude Code reviews every PR and posts a risk-banded comment with suggested tests.
- ✓ Ran full test suite → 218 passed, 0 failed (12.3s)
- ✓ Coverage delta: +0.4% on `src/lib/*`
- ✓ No breaking changes detected in public API
Senior engineers spend hours triaging PRs — most are low-risk, but you can't skip the read.
Every PR gets a banner: 🟢 Low / 🟡 Medium / 🔴 High risk, with a 3-bullet rationale and suggested tests. Reviewers skim and ship.
Ingredients & skills
- ANTHROPIC_API_KEY
- GITHUB_TOKEN
- Anthropic
- GitHub
- github-mcp
How it works
GitHub Action triggers on PR open/sync. Claude Code reviews the diff, returns a structured risk verdict, and posts a single sticky comment.
1 — Add agents.md
Tell Claude Code how to review. This is the standard agents.md format.
# Risk reviewer
You are reviewing a GitHub pull request.
Output JSON only:
```json
{ "risk": "low|medium|high", "reasons": ["..."], "tests": ["..."] }
```
Rules:
- Touching auth, billing, or migrations → never below `medium`.
- Pure docs/CI changes → `low`.
- Cite file:line for each reason.2 — GitHub Action
Runs on every push to a PR. The ClaudeLoops action handles secret injection.
name: Risk review
on: pull_request
jobs:
review:
runs-on: ubuntu-latest
permissions: { pull-requests: write, contents: read }
steps:
- uses: actions/checkout@v4
with: { fetch-depth: 0 }
- uses: claudeloops/action@v1
with:
locker: code-review
agent: .claude/agents.md
model: claude-opus-4
post-comment: sticky
comment-marker: risk-review3 — Sticky comment template
The action renders this with the JSON output. One comment per PR, updated in place.
## {{risk_emoji}} {{risk | upper}} risk
{{#each reasons}}
- {{this}}
{{/each}}
**Suggested tests:**
{{#each tests}}
- [ ] {{this}}
{{/each}}The button above runs the same command with your saved config. This is the raw CLI form.
gh extension install claudeloops/gh-locker && gh locker apply