What It Does
It integrates with the GitHub CLI, `ruv-swarm`, and `claude-flow` to automate the full review lifecycle, from PR creation through quality gate enforcement and optional auto-merge.
GitHub Code Review is an AI-powered skill that orchestrates specialized review agents to perform deep, parallel analysis of pull requests. Rather than relying on a single pass of static analysis, it deploys coordinated swarms of agents — each focused on a specific domain such as security, performance, architecture, style, or accessibility — and posts structured, actionable feedback directly to your PRs.
Key Features
- Multi-Agent Swarm Review Orchestration — Deploys specialized AI agents in parallel — security, performance, architecture, style, and accessibility — each analyzing the PR diff within its domain. Swarm topology (ring, mesh, hierarchical) is automatically selected based on PR size and complexity.
- Specialized Security Analysis — The security agent checks for SQL injection, XSS, authentication bypasses, hardcoded secrets, CORS misconfigurations, cryptographic weaknesses, and dependency vulnerabilities. Critical findings automatically request changes and apply a `security-review-required` label.
- Performance & Architecture Review — Performance agents profile CPU, memory, and I/O impact, perform Big O analysis, detect N+1 queries, and benchmark against the base branch. Architecture agents evaluate SOLID principles, coupling/cohesion metrics, circular dependencies, and design pattern adherence.
- Quality Gate Enforcement — Define configurable thresholds per domain (e.g. block on security issues, warn on performance regressions, suggest style improvements) via a `.github/review-swarm.yml` config file. Required status checks integrate with GitHub branch protection rules.
- PR Comment Commands & Webhook Integration — Trigger swarm actions directly from PR comments using slash commands like `/swarm review --agents security,performance`. A webhook handler processes GitHub events to auto-spawn agents when PRs are opened or updated.
- Monitoring, Analytics & Auto-Merge — Track review metrics (issues found, false-positive rate, fix rate, time-to-review) over rolling periods and export dashboards. Supports auto-merge via `gh pr merge --auto` once swarm checks pass and required approvals are met.
Requirements
- **GitHub Token** *(required)* — Authenticates with the GitHub API to read PR diffs, post comments, apply labels, and update review status. Scoped to the target repository.
- **GitHub CLI (`gh`)** *(required)* — Used to fetch PR data, post comments, manage labels, and submit reviews.
- **`ruv-swarm`** *(required)* — The swarm orchestration runtime that spawns and coordinates review agents (`npx ruv-swarm`).
- **`claude-flow`** *(required)* — Provides agent coordination and MCP tool integration for swarm workflows.
Use Cases
- Security-critical authentication PR — When a PR touches `auth/**` or `payment/**` paths, the skill automatically triggers maximum-depth security and architecture agents, blocks the merge on any critical finding, and posts structured vulnerability reports with suggested code fixes directly as inline PR comments.
- Database optimization PR — For PRs modifying query layers or caching logic, performance and database agents benchmark the changes against the main branch, detect N+1 patterns and memory leaks, and report regressions exceeding a configurable threshold before the PR can merge.
- UI component library PR — When components, styles, or pages change, accessibility, style, and i18n agents run visual regression checks, enforce naming and documentation standards, and flag missing responsive or internationalization considerations.
- High-volume team code review automation — Teams with many concurrent PRs can configure the GitHub Actions workflow to auto-trigger the full review swarm on every PR open or push event, reducing manual reviewer load while maintaining consistent quality standards across all contributors.