The latest articles on DEV Community by Deep PR Review (@deepprreview). https://dev.to/deepprreview https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3852196%2Fc03a59f9-d022-4f5c-b7d9-3cbbf93054d6.jpg https://dev.to/deepprreview en Deep PR Review Mon, 30 Mar 2026 21:40:00 +0000 https://dev.to/deepprreview/i-built-a-claude-code-skill-that-catches-bugs-before-you-merge-them-4nl https://dev.to/deepprreview/i-built-a-claude-code-skill-that-catches-bugs-before-you-merge-them-4nl <h1> I Built a Claude Code Skill That Catches Bugs Before You Merge Them </h1> <p>I kept hitting the same pattern: ask Claude Code to review my PR, it says "looks clean, maybe add some tests," I merge. Then something breaks.</p> <p>The problem isn't Claude — it's that a single unstructured pass isn't how good code review works. Senior engineers check correctness, then security, then performance, then tests — each as a separate focused pass.</p> <h2> Deep PR Review — 5 Structured Passes </h2> <p><strong>Deep PR Review</strong> is a Claude Code skill (one markdown file) that runs 5 structured review passes:</p> <ol> <li> <strong>Correctness</strong> — Logic errors, edge cases, race conditions, type safety</li> <li> <strong>Security</strong> — SQL injection, XSS, missing auth, data exposure (OWASP-aligned)</li> <li> <strong>Performance</strong> — N+1 queries, unbounded operations, missing indexes</li> <li> <strong>Maintainability</strong> — Dead code, complexity, naming consistency</li> <li> <strong>Test Coverage</strong> — Specific missing test scenarios (not generic "add tests")</li> </ol> <p>Every finding gets severity + file:line + concrete fix. Output is a structured verdict: APPROVE / REQUEST_CHANGES / NEEDS_DISCUSSION.</p> <h2> Real Bugs Caught </h2> <p>In a 45-line Express endpoint that passed a quick review:</p> <ul> <li>SQL injection via string interpolation</li> <li>No auth middleware — any user can search</li> <li>LIKE '%query%' = full table scan on every request</li> <li>No input validation on limit parameter</li> <li>Zero test coverage</li> </ul> <h2> Install in 30 Seconds </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir</span> <span class="nt">-p</span> .claude/skills <span class="nb">cp </span>deep-pr-review.md .claude/skills/ </code></pre> </div> <p>That's it. Works with any language.</p> <p><strong>$19 on Polar:</strong> <a href="https://buy.polar.sh/polar_cl_KzwbRqVqMgarD3NrOc00TYmKB3vwAJjKDq5be2HB7ym?utm_source=devto&amp;utm_medium=post&amp;utm_campaign=launch" rel="noopener noreferrer">https://buy.polar.sh/polar_cl_KzwbRqVqMgarD3NrOc00TYmKB3vwAJjKDq5be2HB7ym?utm_source=devto&amp;utm_medium=post&amp;utm_campaign=launch</a></p> <p><strong>Landing page:</strong> <a href="https://dpr.atlas1m.com" rel="noopener noreferrer">https://dpr.atlas1m.com</a></p> ai codereview security showdev Deep PR Review Mon, 30 Mar 2026 21:19:33 +0000 https://dev.to/deepprreview/i-built-a-claude-code-skill-that-actually-catches-bugs-in-code-review-g01 https://dev.to/deepprreview/i-built-a-claude-code-skill-that-actually-catches-bugs-in-code-review-g01 <p>Claude Code reviews PRs if you ask, but the output is shallow — one pass, surface-level findings, generic test advice. It misses the systematic coverage a disciplined reviewer provides.</p> <p>I built <strong>Deep PR Review</strong> — a Claude Code skill (a single markdown file) that forces 5 sequential review passes:</p> <h2> The 5 Passes </h2> <h3> 1. Correctness </h3> <p>Logic errors, edge cases, race conditions, type safety issues.</p> <h3> 2. Security (OWASP-aligned) </h3> <p>Injection flaws, auth/authz gaps, data exposure, XSS.</p> <h3> 3. Performance </h3> <p>N+1 queries, missing indexes, unbounded operations, full table scans.</p> <h3> 4. Maintainability </h3> <p>Complexity, dead code, naming consistency, pattern violations.</p> <h3> 5. Test Coverage </h3> <p>Specific missing test scenarios — not generic "add tests" advice.</p> <h2> What You Get </h2> <p>Every finding includes:</p> <ul> <li> <strong>Severity</strong> (critical / high / medium / low)</li> <li><strong>Exact file + line number</strong></li> <li><strong>What is wrong</strong></li> <li><strong>How to fix it</strong></li> </ul> <p>Output is a structured verdict: <code>APPROVE</code>, <code>REQUEST_CHANGES</code>, or <code>NEEDS_DISCUSSION</code>.</p> <h2> Real Example </h2> <p>A 45-line Express endpoint that passed a standard "review this" prompt had <strong>7 actionable findings</strong> when run through Deep PR Review:</p> <ul> <li>SQL injection via string interpolation in the query</li> <li>No auth middleware (any user could search)</li> <li> <code>LIKE %query%</code> causing full table scans</li> <li>No input validation on the <code>limit</code> parameter</li> <li>Missing rate limiting</li> <li>No error handling for database failures</li> <li>Zero test coverage</li> </ul> <h2> Why It Works </h2> <p>The insight is simple: Claude already knows how to check for all of this. Without structure, it optimizes for a fast, helpful response. With the skill protocol, it is forced to do 5 complete passes and cannot skip the uncomfortable findings.</p> <h2> Install </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cp </span>deep-pr-review.md .claude/skills/ </code></pre> </div> <p>That is it. One file. Works with any language.</p> <h2> Get It </h2> <p>$19 on Polar: <a href="https://buy.polar.sh/polar_cl_KzwbRqVqMgarD3NrOc00TYmKB3vwAJjKDq5be2HB7ym?utm_source=devto&amp;utm_medium=article&amp;utm_campaign=launch" rel="noopener noreferrer">Deep PR Review</a></p> <p>MIT-licensed. You are paying for the structured protocol, the ready-to-use package, and the examples.</p> <p>Happy to answer questions or discuss the approach in the comments.</p> claudecode ai codereview devtools Deep PR Review Mon, 30 Mar 2026 20:45:00 +0000 https://dev.to/deepprreview/i-built-a-claude-code-skill-that-catches-bugs-before-you-merge-them-4jlm https://dev.to/deepprreview/i-built-a-claude-code-skill-that-catches-bugs-before-you-merge-them-4jlm <h1> I Built a Claude Code Skill That Catches Bugs Before You Merge Them </h1> <p>I kept hitting the same pattern: ask Claude Code to review my PR, it says "looks clean, maybe add some tests," I merge. Then something breaks.</p> <p>The problem isn't Claude — it's that a single unstructured pass isn't how good code review works. Senior engineers check correctness, then security, then performance, then tests — each as a separate focused pass.</p> <h2> Deep PR Review — 5 Structured Passes </h2> <p>So I built <strong>Deep PR Review</strong> — a Claude Code skill (one markdown file) that runs 5 structured review passes:</p> <ol> <li> <strong>Correctness</strong> — Logic errors, edge cases, race conditions, type safety</li> <li> <strong>Security</strong> — SQL injection, XSS, missing auth, data exposure (OWASP-aligned)</li> <li> <strong>Performance</strong> — N+1 queries, unbounded operations, missing indexes</li> <li> <strong>Maintainability</strong> — Dead code, complexity, naming consistency</li> <li> <strong>Test Coverage</strong> — Specific missing test scenarios (not generic "add tests")</li> </ol> <p>Every finding gets severity + file:line + concrete fix.</p> <h2> Real Bugs Caught </h2> <p>In a 45-line Express endpoint that passed a quick review:</p> <ul> <li>SQL injection via string interpolation</li> <li>No auth middleware</li> <li>Full table scan on every request</li> <li>No input validation</li> <li>Zero tests</li> </ul> <h2> Install in 30 Seconds </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir</span> <span class="nt">-p</span> .claude/skills <span class="nb">cp </span>deep-pr-review.md .claude/skills/ </code></pre> </div> <p>$19 on Polar: <a href="https://buy.polar.sh/polar_cl_KzwbRqVqMgarD3NrOc00TYmKB3vwAJjKDq5be2HB7ym" rel="noopener noreferrer">https://buy.polar.sh/polar_cl_KzwbRqVqMgarD3NrOc00TYmKB3vwAJjKDq5be2HB7ym</a></p> ai codereview security showdev