DEV Community

Carlos Oliva Pascual
Carlos Oliva Pascual

Posted on • Originally published at stacknotice.com

Claude Code for PR Reviews (2026): How to Get Real Feedback, Not Generic Slop

#github #ai #codereview #claude

The first time you ask Claude to review code: "This looks good overall. Consider adding error handling and making sure tests are comprehensive."

That's not a review. That's a fortune cookie with TypeScript keywords.

The fix is context, not a better prompt.

Full guide at stacknotice.com/blog/claude-code-pr-review-guide-2026

Why generic AI review fails

When you paste a diff and say "review this," Claude doesn't know your conventions, your stack, your constraints. It falls back to universal best practices: add error handling, write tests. True but useless.

CLAUDE.md changes everything

Claude Code reads your CLAUDE.md automatically. If it says "Zustand only, no React Context" and a PR adds a Context provider — Claude flags it every time. That's specific, actionable feedback.

Prompt structure that works

Three parts: what changed, what to focus on, what to ignore.

claude "Review the PR that adds Stripe webhook handling.

Context: handles payment_intent.succeeded and customer.subscription.deleted.

Focus on:
- Idempotency: can these handlers be called twice safely?
- Auth: are we validating the Stripe signature?
- Ownership: does the subscription belong to the right org?

Skip: style, naming, test coverage."
Enter fullscreen mode Exit fullscreen mode

Focused prompt → focused feedback. When Claude flags 5 things, all 5 matter.

The diff review pattern 

git diff main...HEAD | claude --print \
  "Review this diff. Check: auth before data access, Zod validation on inputs,
   correct optimistic updates. Output as numbered list with file:line.
   Skip anything that's not correctness or security."
Enter fullscreen mode Exit fullscreen mode

The two-Claude pattern

Most underused review technique: fresh session, no context from the author.

# Session 1: write the feature
claude "implement the cart checkout flow"

# Session 2: fresh terminal, fresh session
claude "review src/lib/checkout/ against CLAUDE.md.
What would a senior dev flag? Be direct, don't soften issues."
Enter fullscreen mode Exit fullscreen mode

The author session is biased. The reviewer session isn't.

GitHub Actions 

- name: Claude review
  env:
    ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
  run: |
    claude --dangerously-skip-permissions --print \
      "Review this diff. Flag only real issues: missing auth checks,
       broken error handling, convention violations. Skip style.
       Format: file:line — issue — why it matters.
       DIFF: $(cat pr.diff)" > review.md
Enter fullscreen mode Exit fullscreen mode

What Claude catches better than humans

  • Cross-file consistency — same error handling done 5 different ways across the diff
  • Ownership checks — mutation without verifying the record belongs to the user
  • Convention violations — anything in CLAUDE.md that the PR breaks
  • Missing validation — input going to DB without Zod

Humans catch: wrong approach, architectural problems, intent mismatch. Both are needed.

Full guide with prompt templates at stacknotice.com/blog/claude-code-pr-review-guide-2026

Top comments (0)