CC-201c · Module 3

Automated PR Review

3 min read

An automated PR review is only as good as the criteria it applies. Without explicit review standards, Claude will give generic feedback — "consider adding error handling," "this function could be shorter." With explicit standards in your CLAUDE.md, Claude gives specific, actionable feedback — "this endpoint is missing the RFC 7807 error response format we use in all other routes" and "this function exceeds our 50-line limit; extract the validation logic into a helper." The difference is the difference between a junior reviewer and a senior one. The CLAUDE.md is what makes Claude senior.

Structure your review criteria in CLAUDE.md as a checklist that Claude applies to every diff. Type safety: are there any type assertions or any casts that bypass the type system? Error handling: does every async call have a catch block or try/catch? Naming: do variables and functions follow the project naming convention? Tests: does the PR include tests for new functionality? Performance: are there any N+1 queries, unnecessary re-renders, or unbounded loops? Each item is a specific question Claude can answer by examining the diff. Specific questions produce specific feedback.

Do This

Define specific review criteria in CLAUDE.md: "every endpoint must return RFC 7807 errors"
Include positive feedback patterns — Claude should note what the PR does well
Set up approval workflows: Claude requests changes for standard violations, approves when clean
Update CLAUDE.md review criteria every time a new pattern is discovered in review

Avoid This

Leave review criteria vague — "follow best practices" tells Claude nothing specific
Let Claude auto-merge PRs — automated review is for feedback, not for replacing human judgment on merges
Ignore Claude's review comments — if they are consistently wrong, fix the CLAUDE.md criteria
Use --dangerously-skip-permissions in the GitHub Action — CI needs controlled, explicit permissions