Github Code Review

• You want automated, multi-dimensional PR reviews — security, performance, architecture, and style checks running in parallel without manual setup.
• Your team works on security- or performance-critical code — the skill supports targeted deep-dives on high-risk paths like auth/**, payment/**, or database/**.
• You need consistent quality gates — enforce thresholds (e.g. no critical security issues, <5% performance regression, >80% coverage) before any PR can merge.
• You want CI/CD-native review automation — the skill ships with ready-to-use GitHub Actions workflow examples that trigger on PR open or synchronize events.

• You need a simple linter or formatter — if you only want style enforcement, a standard linting tool (ESLint, Prettier, etc.) is lighter-weight and easier to configure.
• Your repository has no GitHub CLI or Node.js environment — the skill requires gh, npx ruv-swarm, and related tooling to be available in your runtime.

Deploys specialized AI agents in parallel — security, performance, architecture, style, and accessibility — each analyzing the PR diff within its domain. Swarm topology (ring, mesh, hierarchical) is automatically selected based on PR size and complexity.

The security agent checks for SQL injection, XSS, authentication bypasses, hardcoded secrets, CORS misconfigurations, cryptographic weaknesses, and dependency vulnerabilities. Critical findings automatically request changes and apply a security-review-required label.

Performance agents profile CPU, memory, and I/O impact, perform Big O analysis, detect N+1 queries, and benchmark against the base branch. Architecture agents evaluate SOLID principles, coupling/cohesion metrics, circular dependencies, and design pattern adherence.

Define configurable thresholds per domain (e.g. block on security issues, warn on performance regressions, suggest style improvements) via a .github/review-swarm.yml config file. Required status checks integrate with GitHub branch protection rules.

Trigger swarm actions directly from PR comments using slash commands like /swarm review --agents security,performance. A webhook handler processes GitHub events to auto-spawn agents when PRs are opened or updated.

Track review metrics (issues found, false-positive rate, fix rate, time-to-review) over rolling periods and export dashboards. Supports auto-merge via gh pr merge --auto once swarm checks pass and required approvals are met.

When a PR touches auth/** or payment/** paths, the skill automatically triggers maximum-depth security and architecture agents, blocks the merge on any critical finding, and posts structured vulnerability reports with suggested code fixes directly as inline PR comments.

For PRs modifying query layers or caching logic, performance and database agents benchmark the changes against the main branch, detect N+1 patterns and memory leaks, and report regressions exceeding a configurable threshold before the PR can merge.

When components, styles, or pages change, accessibility, style, and i18n agents run visual regression checks, enforce naming and documentation standards, and flag missing responsive or internationalization considerations.

Teams with many concurrent PRs can configure the GitHub Actions workflow to auto-trigger the full review swarm on every PR open or push event, reducing manual reviewer load while maintaining consistent quality standards across all contributors.