Review
/laravel-agent:review:pr
Review a pull request with parallel specialized reviewers
Overview
The /review:pr command runs a comprehensive code review on a pull request using 4 parallel specialized reviewers. Each reviewer focuses on a specific aspect of code quality, providing thorough analysis and actionable feedback.
Usage
/laravel-agent:review:pr [pr-number-or-branch]Examples
# Review a specific PR by number
/laravel-agent:review:pr 123
# Review a feature branch against main
/laravel-agent:review:pr feature/user-auth
# Review current branch against main
/laravel-agent:review:prReview Process
The command follows a systematic 5-step review process:
1. Gather PR Context
First, the command gathers information about the pull request:
# Get PR info using GitHub CLI
gh pr view $PR_NUMBER --json files,commits,body
# Or get branch diff
git fetch origin
git diff origin/main...HEAD --name-only
git diff origin/main...HEAD --stat2. Identify Changed Files
The command analyzes all PHP and Blade files affected by the changes:
# Get list of changed files
git diff origin/main...HEAD --name-only | grep -E '\.(php|blade\.php)$'3. Launch Parallel Reviewers
Four specialized reviewers are spawned simultaneously using the Task tool to analyze different aspects of the code:
| Reviewer | Focus Areas |
|---|---|
| Security Reviewer |
SQL injection patterns XSS vulnerabilities Mass assignment Auth/authz gaps CSRF protection File upload security |
| Quality Reviewer |
SOLID violations DRY violations Cyclomatic complexity Coupling issues Naming conventions Dead code |
| Laravel Reviewer |
N+1 queries Eloquent best practices Event patterns Resource usage Middleware patterns Validation patterns |
| Testing Reviewer |
Test coverage for changes Edge case testing Assertion quality Test isolation New tests needed |
4. Validate & Filter
Only issues with confidence level >= 80% are included in the final report to ensure high-quality, actionable feedback.
5. Generate Report
A comprehensive review report is generated with the following structure:
# PR Review: #<number> - <title>
## Overview
- Files changed: X
- Lines added: X
- Lines removed: X
- Review status: **Approved/Changes Requested/Comment**
## Summary
| Severity | Count |
|----------|-------|
| Critical | X |
| Warning | X |
| Suggestion | X |
## Critical Issues (Block Merge)
[Issues that must be fixed]
## Warnings (Should Fix)
[Issues that should be addressed]
## Suggestions (Consider)
[Improvements to consider]
## Positive Findings
[Good patterns observed]
## Verdict
[ ] **APPROVED** - Ready to merge
[x] **CHANGES REQUESTED** - Address critical issues
[ ] **COMMENT** - Suggestions onlyGitHub Integration
The review report can be posted directly to GitHub using the GitHub CLI:
# Post review as PR comment
gh pr review $PR_NUMBER --body "$(cat review-report.md)"
# Request changes
gh pr review $PR_NUMBER --request-changes --body "$(cat review-report.md)"
# Approve PR
gh pr review $PR_NUMBER --approve --body "$(cat review-report.md)"Review Severity Levels
| Severity | Description | Action Required |
|---|---|---|
| Critical | Security vulnerabilities, data loss risks, breaking changes | Must be fixed before merge |
| Warning | Performance issues, maintainability concerns, best practice violations | Should be addressed |
| Suggestion | Code improvements, style recommendations, optimization opportunities | Consider for future |
Allowed Tools
This command uses the following tools to perform the review:
- Task - Spawn parallel specialized reviewers
- Read - Read changed files for analysis
- Glob - Find files matching patterns
- Grep - Search for code patterns and anti-patterns
- Bash - Execute git and gh commands
Best Practices
- Review early and often - Run reviews on draft PRs to catch issues early
- Address critical issues first - Focus on security and blocking issues before merge
- Learn from positive findings - The report highlights good patterns to replicate
- Use GitHub integration - Post reviews directly to PR for team visibility
- Review before requesting human review - Catch automated issues before team review
What Gets Reviewed
The parallel reviewers analyze the following aspects:
Security Analysis
- SQL injection vulnerabilities in raw queries and dynamic queries
- Cross-site scripting (XSS) in Blade templates and JSON responses
- Mass assignment vulnerabilities in models
- Authentication and authorization gaps
- CSRF token validation in forms
- Insecure file upload handling
Code Quality Analysis
- SOLID principle violations
- Don't Repeat Yourself (DRY) violations
- High cyclomatic complexity in methods
- Tight coupling between components
- Inconsistent naming conventions
- Dead or unreachable code
Laravel Best Practices
- N+1 query problems in Eloquent
- Improper use of Eloquent relationships
- Missing or improper event usage
- Inefficient resource utilization
- Incorrect middleware application
- Missing or weak validation rules
Testing Coverage
- Missing tests for new features
- Inadequate edge case coverage
- Weak or missing assertions
- Test isolation issues
- Identification of what new tests are needed
Example Review Workflow
# 1. Create a feature branch and make changes
git checkout -b feature/payment-integration
# 2. Push changes and create PR
git push origin feature/payment-integration
gh pr create --title "Add payment integration" --body "Integrates Stripe payments"
# 3. Run automated review
/laravel-agent:review:pr feature/payment-integration
# 4. Review the generated report and address critical issues
# 5. Re-run review after fixes
/laravel-agent:review:pr feature/payment-integration
# 6. Post review to GitHub when satisfied
gh pr review 123 --approve --body "$(cat review-report.md)"See Also
- /laravel-agent:test:make - Generate tests for code changes
- /laravel-agent:security:audit - Run security audit
- /laravel-agent:refactor - Refactor code based on review feedback