Claude Code Review - DeveloPassion

# Claude Code Review Multi-agent code review system in [[Claude Code]]. A fleet of specialised agents analyses each pull request in parallel, looking for logic errors, security vulnerabilities, broken edge cases, and subtle regressions. Findings are deduplicated, severity-ranked, and posted as inline comments on the exact lines that need attention. Research preview; Team and Enterprise subscriptions only; not available for orgs with Zero Data Retention enabled. Findings never block or approve a PR; existing review workflows stay intact. ## How a review runs - Multiple agents read the diff and surrounding code in parallel - Each agent specialises in a different class of issue - A verification step checks each candidate finding against actual code behaviour to filter false positives - Results are deduplicated, ranked by severity, posted as inline comments with a summary in the review body - No issues → a short confirmation comment - Average wall-clock: 20 minutes per review ## Trigger modes (per repo) Configured per repository in the admin settings: - **Once after PR creation**: one review when the PR is opened or marked ready for review - **After every push**: a fresh review on each push; auto-resolves comment threads when issues are fixed; the most expensive mode - **Manual**: nothing runs until someone comments `@claude review` or `@claude review once` on the PR Two manual-trigger commands work regardless of the configured mode: - `@claude review` — start a review *and* subscribe the PR to push-triggered reviews - `@claude review once` — single review, no subscription (good for one-off second opinions or a re-run after a failed review) Both must be top-level PR comments (not inline), placed at the start of the comment. Require owner/member/collaborator access. Work on draft PRs. ## Severity levels | Marker | Severity | Meaning | |---|---|---| | 🔴 | Important | Bug that should be fixed before merging | | 🟡 | Nit | Minor issue, worth fixing but not blocking | | 🟣 | Pre-existing | Bug that exists in the codebase but was not introduced by this PR | Each finding has a collapsible reasoning section explaining why Claude flagged it and how it verified the issue. Every Claude review comment ships with 👍 and 👎 pre-attached for one-click rating; Anthropic uses post-merge reaction counts to tune the reviewer. Replies on inline comments don't trigger anything — fix the code and push (or `@claude review once`) to re-run. ## Check run output Each review populates a **Claude Code Review** check run alongside CI checks. The check always completes with a *neutral* conclusion so it never blocks branch-protection rules. Findings appear in three places: - **Inline comments** on diff lines - **Files changed annotations** (red for Important, yellow for Nit, grey for Pre-existing) - **Check run Details** — a severity table for every finding, useful when GitHub rejected an inline comment because the line moved The last line of the Details text is a machine-readable JSON comment your CI can parse to gate merges on Important findings: ```bash gh api repos/OWNER/REPO/check-runs/CHECK_RUN_ID \ --jq '.output.text | split("bughunter-severity: ")[1] | split(" -->")[0] | fromjson' # {"normal": 2, "nit": 1, "pre_existing": 0} ``` Use this in your own workflow to block merges when `normal > 0`. ## Setup Admin task, done once per organisation: 1. Open https://claude.ai/admin-settings/claude-code → Code Review section 2. Install the Claude GitHub App (requires permission to install GitHub Apps); permissions requested: Contents R/W, Issues R/W, Pull Requests R/W 3. Pick which repos to enable 4. Set the **Review Behavior** trigger per repo (Once / Every push / Manual) 5. Verify with a test PR The repos table also shows average cost per review for each repo. ## Customisation: CLAUDE.md and REVIEW.md Two files steer review behaviour, with different leverage: - **`CLAUDE.md`**: shared project context for all of [[Claude Code Memory|Claude Code]]. Code Review reads it and treats newly introduced violations as **nit-level** findings. Bidirectional: if a PR makes a `CLAUDE.md` statement outdated, that's also flagged. Hierarchical — rules in a subdirectory's `CLAUDE.md` apply only under that path. - **`REVIEW.md`** (repo root): review-only instructions, injected verbatim into every agent in the pipeline as the **highest-priority** instruction block. Use it to redefine severity, cap nit volume, skip paths/categories, add repo-specific must-check rules, raise the verification bar, control re-review behaviour, or shape the summary. `@` imports are not expanded — paste rules directly. Keep it short; long files dilute the rules that matter. Example `REVIEW.md` patterns worth knowing: - "Reserve Important for findings that would break behaviour, leak data, or block a rollback." - "Report at most five Nits per review; mention the rest as `plus N similar items`." - "After the first review, suppress new nits and post Important findings only." (stops one-line fixes from reaching round seven on style alone) - "Open the review body with a one-line tally such as `2 factual, 4 style`." ## Pricing and billing - Token-based, averaging **$15-25 per review**; scales with PR size, codebase complexity, and verification effort - Billed through **extra usage**, separate from plan-included usage (https://support.claude.com/en/articles/12429409-extra-usage-for-paid-claude-plans) - Trigger mode shapes total cost: every-push multiplies by push count; manual is opt-in only - `@claude review` also opts the PR into push-triggered reviews going forward — use `@claude review once` to avoid that - Set a monthly spend cap at https://claude.ai/admin-settings/usage (Claude Code Review service) - When the cap is hit, Claude posts a single skip comment; reviews resume next billing period or when an admin raises the cap ## Analytics Dashboard: https://claude.ai/analytics/code-review - PRs reviewed (daily) - Weekly cost - Feedback (auto-resolved comments — proxy for usefulness) - Per-repo breakdown ## Effectiveness (vendor-cited) - On large PRs (1,000+ lines): **84% get findings** (avg 7.5 issues) - On small PRs (<50 lines): **31% get findings** (avg 0.5 issues) - Less than **1%** of findings marked incorrect by engineers - Won't approve PRs — that stays a human call ## Troubleshooting - Failed/timed-out review → comment `@claude review once`; the GitHub **Re-run** button does *not* re-trigger Code Review - Spend cap hit → skip comment posted; admin raises cap or wait for next billing period - Findings missing from inline comments → check the Files changed annotations or the check run Details table; if you pushed mid-review, late findings appear under "Additional findings" in the review body instead ## How it differs from siblings - **vs the open-source [[Claude Code Security Review|security-review GitHub Action]]**: that one is narrower (security vulnerabilities only), free/open-source, available on any paid Claude plan. Code Review is broader (correctness, logic, regressions) but Team/Enterprise only. - **vs Claude in your own CI** (GitHub Actions / GitLab CI/CD): self-hosted runs give full control but you orchestrate everything. Code Review is the managed equivalent. - **vs the `code-review` plugin in the marketplace**: that one is for local on-demand reviews before pushing. Complementary, not a substitute. ## References - Docs: https://code.claude.com/docs/en/code-review - Announcement blog post: https://claude.com/blog/code-review ## Related - [[Claude Code]] - [[Claude Code Security Review]] - [[Claude Code Memory]] - [[Claude Code Agent Teams]] - [[Claude Code Plugins]]