DEV Community

Zac
Zac

Posted on • Originally published at builtbyzac.com

Using Claude Code to review pull requests (what it catches, what it misses)

#claudecode #codereview #productivity #programming

PR review is one of the highest-leverage things a team does and one of the easiest to let slip. Claude Code as a PR reviewer doesn't replace human review — but it's a fast first pass that catches consistent problems before a teammate has to.

The review prompt 

Review this PR diff. You're looking for:

1. Logic errors — does the code do what it claims?
2. Missing error handling — what happens when things fail?
3. Security issues — unvalidated input, exposed secrets, auth gaps
4. Performance problems — N+1s, missing indexes, unnecessary work in hot paths
5. Test coverage — is the important logic tested?

Be direct. Flag problems, not style preferences.
Don't comment on things that are correct.

Here's the diff: [paste diff]
Enter fullscreen mode Exit fullscreen mode

The "don't comment on things that are correct" instruction cuts filler. Without it, Claude spends a third of the review saying things are good.

Adding codebase context

Claude reviews better when it knows your conventions:

Context for this codebase:
- Error handling: throw custom AppError with code and message
- All API responses go through formatResponse helper
- Auth checked via requireAuth middleware, not in individual handlers
Enter fullscreen mode Exit fullscreen mode

This lets Claude flag when a PR deviates from conventions.

What Claude catches well

  • Missing null checks on values that could be undefined
  • Async functions where errors aren't caught
  • SQL queries missing WHERE clauses that could affect all rows
  • Hardcoded values that should be constants or env vars
  • Test cases missing the error path

What Claude misses

  • Business logic correctness (whether the feature does what the ticket asks)
  • Whether this is the right approach for the problem
  • Context-specific security risks
  • Performance at your actual scale

Human review is still necessary for the second list.

Self-review before submitting 

Review this before I submit it for human review.
Pretend you're a senior developer on this team seeing this diff cold.
What questions would you ask? What would you flag?
Enter fullscreen mode Exit fullscreen mode

This catches issues you're too close to see.

The reviewer fatigue advantage

Claude reviews every PR with the same attention level. No fatigue, no "I've seen this enough times, probably fine." The tenth PR of the week gets the same review as the first.

Full code review section in the Agent Prompt Playbook — self-review, security review, reviewing others' PRs. $29.

Top comments (0)