CLI workflow
Use a CLI for Reviewing GitHub Pull Requests
Collect PR metadata, inspect the patch locally, and report blockers before posting or merging anything.
Prepare tools, authentication, and evidence first
Install the recommended tools, confirm minimum permissions, and keep compatibility separate from real execution records.
Copy or download this workflow Skill
The Skill includes input and output contracts, recommended tools, approval points, rollback, and evidence boundaries. Review it against the active environment before saving.
---
name: review-github-prs-workflow
description: "Collect PR metadata, inspect the patch locally, and report blockers before posting or merging anything."
---
# Review GitHub pull requests
## Intended outcome
Produce an evidence-backed review that separates findings from repository-changing actions.
## Evidence boundary
- Tool status distinguishes `docs-verified` material from independent execution; the two are not interchangeable.
- The current registry does not attribute a tool execution to a particular agent, so compatible agents cannot be called tested agents.
- Reconfirm the target account, environment, version, and official documentation before execution.
- Never auto-execute an R2, R3, or confirmation-marked step; obtain explicit approval immediately before it runs.
## Recommended tools, installation, and authentication
- **GitHub CLI** (evidence: `verified`, docs checked: `2026-07-10`, independently tested version 2.86.0 recorded)
- Install: `brew install gh`
- Authentication: OAuth, personal access token, GitHub Actions token
- Minimum permissions: Use a read-only or fine-grained token limited to the required repositories.
- **ripgrep** (evidence: `verified`, docs checked: `2026-07-10`, independently tested version 15.1.0 recorded)
- Install: `brew install ripgrep`
- Authentication: not required for the base operation
- Minimum permissions: No service credential is required; restrict filesystem and network access to the task.
- **jq** (evidence: `verified`, docs checked: `2026-07-10`, independently tested version jq-1.7.1-apple recorded)
- Install: `brew install jq`
- Authentication: not required for the base operation
- Minimum permissions: No service credential is required; restrict filesystem and network access to the task.
## Input contract
- Repository name
- pull request number
- local checkout or patch
- read-scoped GitHub identity
## Output contract
- PR summary
- check status
- actionable findings
- recommended next action
## Safe workflow
1. **Read PR state** — Fetch title, author, files, reviews, and checks as JSON.
- Input: Repository and PR number
- Output: Machine-readable PR context
- Risk: `read-only`
- Command: `gh pr view 123 --json number,title,author,files,reviews,statusCheckRollup,url`
2. **Inspect the patch** — Read the diff and search affected code paths for assumptions and callers.
- Input: PR diff and repository
- Output: Line-specific review notes
- Risk: `read-only`
- Command: `gh pr diff 123 && rg "affectedSymbol" src`
3. **Report before writing** — Summarize blockers, confidence, and checks; keep comments, approvals, and merge as separate proposed actions.
- Input: Review notes and CI status
- Output: Review report and optional write commands
- Risk: `read-only`
## Ask before proceeding
- Posting review comments
- Submitting approve or request-changes state
- Merging or closing the pull request
## Rollback
- Edit or delete an incorrect comment when permitted
- Revert a merge with a new commit instead of rewriting shared history
- Preserve the review report for audit
## Official sources
- [GitHub CLI manual](https://cli.github.com/manual/) — Official command, authentication, JSON field, and workflow documentation.
- [GitHub REST API documentation](https://docs.github.com/en/rest) — Official HTTP API and authentication reference for GitHub resources.
Outcome, inputs, and outputs
Define the result and evidence before the agent selects a command.
Use a CLI for Reviewing GitHub Pull Requests: safe workflow
Run each step inside its stated boundary and verify the output before continuing.
Approval points and rollback
Pause at the listed decision points and keep recovery instructions beside the action.
CLI, MCP, or API?
Choose the interface by execution location, identity, output contract, and permission boundary.
Recommended approach
Use GitHub CLI for read-first review and gate every public comment or merge action.
Official evidence and references
Use these primary or upstream sources to verify current command behavior before acting.