Docs

PR review

PR review is a single-phase, read-only workflow. It reads the diff for a pull request, checks for bugs, style issues, missing tests, and security concerns, then posts structured feedback as a PR comment with severity-ranked findings and file:line references.

Permission profile: review-write — can read the repo and post review comments, but cannot push code.

Pipeline

Review read-only feedback

What it checks

  • Implementation correctness against the PR description
  • Test coverage for changed code
  • Security vulnerabilities (OWASP top 10)
  • Code style and naming consistency
  • Error handling and edge cases

Triggers

  • GitHub webhook: pr.opened event
  • Cron fallback: Every 30 minutes (only when webhooks are not configured)
  • Slack: review cliftonc/repo
  • CLI: npm run cli -- review owner/repo