Automatic PR Code Review
Claude Code integrates directly with GitHub to review every pull request automatically — no manual invocation, no CI workflow to maintain per repo. Once installed, it reads your diff, understands the surrounding codebase context, and posts inline comments where it finds issues.
Note: This page covers the GitHub app integration — automatic reviews triggered by PR events. If you want to run a one-off review from the command line or inside a CI pipeline with full prompt control, see CI/CD Integration.
Automatic Review vs Manual claude -p
| Automatic Code Review | Manual (claude -p) | |
|---|---|---|
| Trigger | Every PR automatically | You invoke explicitly |
| Setup | One-time GitHub app install | CI workflow file per repo |
| Output | Inline PR comments + summary | Text or JSON to stdout |
| Customization | .claude-review.yml config file | Full prompt control |
| Codebase context | Diff + limited surrounding context | Full repo access via filesystem |
| Best for | Always-on safety net | Custom review criteria, deeper analysis |
Use automatic review as a baseline safety net on every PR. Use claude -p when you need to customize the review logic, access the full codebase, or integrate findings into other tooling.
How It Works
Setup
1. Install the Claude Code GitHub app
Go to the Claude Code GitHub App page and install it on your organization or individual repositories.
2. Grant PR read and write permissions
During installation, grant the app:
- Read access to repository contents and pull requests
- Write access to pull request comments
3. Optional: add .claude-review.yml to the repo root
Without a config file, Claude reviews the full diff with default settings. Add .claude-review.yml to focus or restrict the review scope.
Configuration
review: focus: - security - logic-errors - performance ignore: - style - formatting paths: include: ["src/**", "lib/**"] exclude: ["**/*.test.ts", "**/*.spec.ts"] languages: [typescript, python, go]focus — categories Claude prioritizes. If omitted, all categories are reviewed.
ignore — categories to skip entirely. Useful for teams with existing linters handling style.
paths.include — only review files matching these globs.
paths.exclude — skip files matching these globs (test files, generated code, etc.).
languages — restrict review to specific languages in a multi-language repo.
What Claude Looks For
Logic errors Off-by-one errors, incorrect boundary conditions, wrong operator precedence, unreachable code paths.
Security vulnerabilities SQL/command injection, authentication bypass, hardcoded secrets or API keys in code, unsafe deserialization, missing authorization checks.
Unhandled error cases Missing null checks, uncaught exceptions, silent error swallowing, missing fallback behavior.
Performance anti-patterns N+1 query patterns, unnecessary re-renders, missing indexes referenced in queries, synchronous blocking calls in async contexts.
Breaking API changes Modified function signatures, removed exports, changed response shapes that existing callers depend on.
Limitations
- Comments only — Claude does not auto-merge or auto-fix. All findings are comments; a human approves and merges.
- GitHub only — the app integration works with GitHub. GitLab and Bitbucket are not supported by the automatic review product.
- Diff context, not full repo — by default the engine sees the changed lines plus limited surrounding context, not the entire codebase. For reviews that require deep cross-file analysis, use
claude -pwith filesystem access instead.
Next Steps
- CI/CD Integration — custom review workflows using
claude -pwith full codebase context and JSON output for downstream tooling