Skip to content

Code Review — Local, Cloud & CI

Three tiers of Claude-powered review: local /code-review in your terminal, ultrareview (deep multi-agent cloud review), and GitHub Code Review (managed service on every PR).

Run in any session — no GitHub App needed:

/code-review # review branch commits + uncommitted changes
/code-review high # effort level: low|medium|high|xhigh|max
/code-review src/auth.ts # review a specific target
/code-review 142 # review a PR number
/code-review main...my-feature # review a ref range
/code-review --fix # apply findings to working tree afterwards
/code-review --comment # post findings as inline PR comments
  • Lower effort = fewer, higher-confidence findings; highmax = broader coverage, may include uncertain ones
  • Finds correctness bugs plus reuse/simplification/efficiency cleanups
  • /simplify is the cleanup-only sibling (applies quality fixes, doesn’t hunt bugs)
  • /security-review audits pending changes for security issues
/code-review ultra # deep multi-agent cloud review of current branch
/code-review ultra 142 # ...or of a GitHub PR
/code-review ultra --fix # apply the findings when they return

Runs a fleet of agents on Anthropic infrastructure against your branch vs the default branch (plus uncommitted changes). User-triggered and billed. Needs a git repo; the no-arg form bundles your local branch (no GitHub remote required).

Team/Enterprise research preview. Org Owner enables it at claude.ai/admin-settings/claude-code, installs the Claude GitHub App, picks repos and triggers.

Triggers per repo: once after PR creation · after every push · manual only. Manual commands (top-level PR comment): @claude review (starts + subscribes to future pushes) · @claude review once (one-shot).

Findings post as inline comments with severity:

MarkerSeverityMeaning
🔴ImportantFix before merging
🟡NitWorth fixing, not blocking
🟣Pre-existingBug that predates this PR

The check run never blocks merges (neutral conclusion); parse its machine-readable severity counts if you want to gate CI yourself. Cost averages $15–25/review, billed as usage credits; cap it in admin settings.

CLAUDE.md violations get flagged as nits. For review-specific control, add REVIEW.md at repo root — injected into every review agent as highest-priority instructions:

# Review instructions
## What Important means here
Reserve Important for findings that would break behavior, leak data,
or block a rollback. Style and naming are Nit at most.
## Cap the nits
Report at most five Nits per review; say "plus N similar" in the summary.
## Do not report
- Anything CI already enforces: lint, formatting, type errors
- Generated files under src/gen/ and any *.lock file
## Always check
- New API routes have an integration test
- Log lines don't include emails, user IDs, or request bodies
- DB queries are scoped to the caller's tenant

Keep it short — a long REVIEW.md dilutes the rules that matter.

1. While coding: /code-review medium → catch bugs before commit
2. Before pushing: /code-review high --fix → broader sweep, auto-apply
3. On the PR: GitHub Code Review runs automatically (once-per-PR mode)
4. Before release: /code-review ultra → deep hunt on the release branch

Each tier catches what the cheaper one missed; most bugs die at step 1 where they’re cheapest.

  • Trick: review ladder — “/code-review while coding → high before push → PR bot → ultra before release.”
  • Bugs die cheapest at the bottom rung.
  • Show: /code-review medium on a real diff, live.
  • They’ll trip on: expecting the PR check to block merges — it’s always neutral by design.

Learning path:35-github-actions.md · Index · ➡ 37-vs-code-extension.md

Written by Fenil Patel