AI Prompts for Automated Code Review Loop

I want to build an automated code review loop for [YOUR_PROJECT]. Help me define what the review agent should check. Based on our stack ([TECH STACK]) and team size ([TEAM SIZE]), suggest: the top 5 things the agent should always check (e.g. missing tests, lint errors, security issues), the 3 things it should flag as suggestions but not block on, and the 2 things it should explicitly ignore because human judgment is required. Write this as the review scope section of the agent's SKILL.md.

Write a Claude Code sub-agent definition for automated PR review in [YOUR_PROJECT]. The agent should: accept the PR diff and the list of changed files as input, run the checks defined in SKILL.md, output a structured review in a specific format, and never suggest changes to files it was not given. Write the full .claude/agents/pr-reviewer.yaml with detailed instructions for each check type.

Design the structured review output format for the code review agent in [YOUR_PROJECT]. The format should include: an overall verdict (APPROVE, REQUEST_CHANGES, or COMMENT), a severity for each finding (BLOCKING, SUGGESTION, or INFO), the file and line reference for each finding, a plain-language description of the issue, and when relevant, a suggested fix. Write the format specification in JSON schema and write a sample review output for a fictional PR.

Write the boundaries section of the review agent's instructions for [YOUR_PROJECT]. This section defines what the agent must not do: it must not approve a PR it has not fully read, it must not suggest architectural changes beyond the scope of the PR, it must not flag style issues that are not in the linter config, and it must not comment on the same issue twice. Write these as explicit prohibitions in the agent definition.

Write the escalation protocol for the automated review loop in [YOUR_PROJECT]. When should the review agent escalate to a human reviewer instead of posting a verdict? Define the criteria: PR size threshold (lines changed), detection of security-sensitive file changes, changes to the CI/CD config, and any file in a protected directory list. Write the escalation message format and the GitHub label the agent should add when escalating.

Write the test coverage check prompt for the code review agent in [YOUR_PROJECT]. The agent should: identify all new or modified functions in the diff, check whether each has a corresponding test case, flag any function over [LINE THRESHOLD] lines that has no test, and post a specific comment on the PR for each untested function with a suggested test case. Write the prompt and the comment template it should use.

Write the security review prompt for the code review agent in [YOUR_PROJECT]. The agent should check for: SQL injection (parameterized queries only), XSS vulnerabilities in React components, exposed credentials or API keys, unvalidated user input used in file paths or shell commands, and missing authentication checks on new API routes. For each finding, the comment must cite the exact line and explain why it is a risk. Write the full security check prompt.

Write the style conventions check prompt for [YOUR_PROJECT]. The agent should only flag issues that violate the rules in .eslintrc and the patterns described in AGENTS.md. It must not flag preferences or opinions that are not in those files. For each violation, the comment must reference the specific rule name and a one-line explanation. Write the prompt and the comment format.

Write the prompt for the agent to generate the opening summary comment on each PR in [YOUR_PROJECT]. The summary should: describe what the PR does in two sentences, list the files changed grouped by type (feature code, tests, config), state the overall verdict with one sentence of justification, and list any blocking issues as a numbered list. This summary should appear as the first comment the agent posts, before any inline comments.

Write the approval prompt for the code review agent in [YOUR_PROJECT]. The agent should only post an APPROVE verdict if all of the following are true: no blocking issues were found, at least one test was added or modified in the PR, the PR description is not empty, and the PR title follows the conventional commits format. Write the approval prompt and the approval comment template that explains clearly what was checked.