- AI-Powered Pull Request Reviews with GitHub CLI and Claude Code
- Build a Simple PR Review Bot Using
gh, Git, and Claude - Speed Up Code Reviews with Claude Code and GitHub CLI
- Review GitHub PRs Locally with Claude: A Practical Bash Script
- From PR to AI Review: Automating Developer Feedback with
ghand Claude - Using Claude Code as Your Terminal-Based PR Reviewer
- A Practical Guide to AI-Assisted GitHub PR Reviews
- Automated PR Review Workflow with Bash, GitHub CLI, and Claude
- How I Use Claude to Review Pull Requests from the Command Line
- Claude + GitHub CLI: A Fast Workflow for Pull Request Reviews
How to Review GitHub Pull Requests from the Terminal Using gh and Claude Code
Introduction
Code review is one of the most important parts of software development, but it can also be time-consuming. Every pull request needs to be checked for correctness, security issues, missing tests, edge cases, and maintainability concerns.
With tools like GitHub CLI, Git, and Claude Code, we can create a simple terminal workflow that helps review pull requests faster.
In this blog, we will build a Bash script that:
- accepts a GitHub PR number
- checks out the pull request locally
- collects PR metadata and diff
- asks Claude to review the PR
- writes the review to a Markdown file
- optionally posts the review back to the GitHub PR
This is not meant to replace human review. Instead, it acts like an extra reviewer that can quickly spot bugs, risks, missing tests, and suspicious changes.
Prerequisites
Before using the script, your system should have the following tools installed and configured:
git --version
gh --version
claude --version
You also need to authenticate GitHub CLI:
gh auth login
It is also useful to configure GitHub CLI with Git credentials:
gh auth setup-git
This helps avoid authentication prompts when the script fetches PR branches.
Why use gh?
gh is the official GitHub command-line tool. It allows us to work with GitHub directly from the terminal.
For pull request reviews, gh gives us useful commands like:
gh pr view 56
gh pr checkout 56
gh pr diff 56
gh pr comment 56
Instead of manually opening GitHub in the browser, copying the diff, and pasting it into Claude, we can automate the whole flow.
Basic workflow
The workflow looks like this:
PR number
โ
gh pr checkout
โ
collect PR metadata
โ
collect changed files
โ
collect patch/diff
โ
send context to Claude
โ
save review as Markdown
โ
optionally post review to GitHub
Code language: JavaScript (javascript)This is simple, transparent, and easy to customize.
The review script
Save the following as:
review.sh
Code language: CSS (css)#!/usr/bin/env bash
set -euo pipefail
PR="${1:?Usage: ./review.sh <pr-number> [--post]}"
POST="${2:-}"
OUT="claude-pr-${PR}-review.md"
CTX="/tmp/pr-${PR}-context.md"
BRANCH="pr-${PR}"
REMOTE="${GH_REMOTE:-origin}"
require_cmd() {
command -v "$1" >/dev/null 2>&1 || {
echo "Error: required command not found: $1"
exit 1
}
}
require_cmd git
require_cmd gh
require_cmd claude
echo "Checking GitHub authentication..."
gh auth status >/dev/null
echo "Checking Git remote..."
if ! git remote get-url "$REMOTE" >/dev/null 2>&1; then
echo "Error: Git remote '$REMOTE' not found."
echo
echo "Available remotes:"
git remote -v
echo
echo "You can run with a different remote like this:"
echo " GH_REMOTE=upstream ./review.sh $PR"
exit 1
fi
REMOTE_URL="$(git remote get-url "$REMOTE")"
echo "Reading PR metadata..."
PR_STATE="$(gh pr view "$PR" --json state --jq '.state')"
BASE_REF="$(gh pr view "$PR" --json baseRefName --jq '.baseRefName')"
HEAD_REF="$(gh pr view "$PR" --json headRefName --jq '.headRefName')"
REPO_FULL="$(gh repo view --json nameWithOwner --jq '.nameWithOwner')"
echo "Repository: $REPO_FULL"
echo "Remote: $REMOTE"
echo "Remote URL: $REMOTE_URL"
echo "PR: #$PR"
echo "State: $PR_STATE"
echo "Base: $BASE_REF"
echo "Head: $HEAD_REF"
echo
CHECKOUT_OK="false"
echo "Checking out PR #$PR..."
if gh pr checkout "$PR" --force; then
echo "Checked out PR using gh pr checkout."
CHECKOUT_OK="true"
else
echo "gh pr checkout failed."
echo "Trying GitHub pull-request ref via local remote '$REMOTE'..."
gh auth setup-git >/dev/null 2>&1 || true
if git fetch "$REMOTE" "+refs/pull/${PR}/head:refs/remotes/${REMOTE}/${BRANCH}"; then
git switch -C "$BRANCH" "refs/remotes/${REMOTE}/${BRANCH}"
echo "Checked out PR using refs/pull/${PR}/head."
CHECKOUT_OK="true"
else
echo
echo "Could not checkout PR branch."
echo "This can happen when:"
echo "- the PR is merged or closed"
echo "- the source branch was deleted"
echo "- your Git remote auth is not configured"
echo "- origin points somewhere unexpected"
echo
echo "Continuing with diff-only review using gh pr diff."
CHECKOUT_OK="false"
fi
fi
echo
echo "Collecting PR context..."
{
echo "# PR #$PR Review Context"
echo
echo "Repository: $REPO_FULL"
echo "Remote: $REMOTE"
echo "PR state: $PR_STATE"
echo "Base branch: $BASE_REF"
echo "Head branch: $HEAD_REF"
echo "Checkout available: $CHECKOUT_OK"
echo
echo "## PR metadata"
gh pr view "$PR" --json title,body,author,state,baseRefName,headRefName,headRepositoryOwner,headRepository,isCrossRepository,files,commits
echo
echo "## Changed files"
gh pr diff "$PR" --name-only
echo
echo "## Patch"
gh pr diff "$PR" --patch
} > "$CTX"
echo "PR context written to $CTX"
echo
echo "Asking Claude to review..."
cat "$CTX" | claude -p "
You are a senior software engineer reviewing GitHub PR #$PR.
Repository:
$REPO_FULL
PR state:
$PR_STATE
Checkout available:
$CHECKOUT_OK
Review goals:
- Find correctness bugs.
- Find security or data-leak risks.
- Find missing tests for changed behavior.
- Find API compatibility issues.
- Find race conditions, error handling gaps, and edge cases.
- Avoid nitpicks unless they materially affect maintainability.
Instructions:
- Do not edit files.
- Use the PR metadata and patch.
- If checkout is available, inspect changed files in the repository if needed.
- If checkout is not available, review from the supplied diff only.
- If there are no serious issues, say so clearly.
- Keep the review practical and actionable.
- Include file paths and reasoning.
- Clearly separate must-fix issues from suggestions.
- End with a concise comment suitable for posting on the GitHub PR.
Output format:
## Claude PR Review
### Summary
### Must fix
### Should consider
### Tests to run or add
### Suggested PR comment
" > "$OUT"
echo
echo "Review written to $OUT"
if [[ "$POST" == "--post" ]]; then
echo "Posting review comment to PR #$PR..."
gh pr comment "$PR" --body-file "$OUT"
echo "Posted."
else
echo "Not posted. Review the file first:"
echo " less $OUT"
echo
echo "To post it:"
echo " gh pr comment $PR --body-file $OUT"
echo
echo "Or run:"
echo " ./review.sh $PR --post"
fi
Code language: PHP (php)Make the script executable
chmod +x review.sh
Code language: CSS (css)Usage
To review a PR:
./review.sh 56
This creates a file like:
claude-pr-56-review.md
Code language: CSS (css)You can inspect the result:
less claude-pr-56-review.md
Code language: CSS (css)After reviewing the generated comment, post it manually:
gh pr comment 56 --body-file claude-pr-56-review.md
Code language: CSS (css)Or post automatically:
./review.sh 56 --post
For real team usage, I recommend reviewing the generated Markdown before posting. AI review is helpful, but it should not blindly comment on teammatesโ PRs without a human pass.
How the script works
1. Strict Bash mode
set -euo pipefail
Code language: JavaScript (javascript)This makes the script safer:
-eexits when a command fails-ufails on undefined variablespipefailcatches failures inside pipelines
This is a good default for automation scripts.
2. Read the PR number
PR="${1:?Usage: ./review.sh <pr-number> [--post]}"
POST="${2:-}"
Code language: JavaScript (javascript)The first argument is required:
./review.sh 56
The second argument is optional:
./review.sh 56 --post
If the PR number is missing, the script shows usage instructions.
3. Check required tools
require_cmd git
require_cmd gh
require_cmd claude
The script confirms that git, gh, and claude are available before doing anything else.
This avoids confusing errors later.
4. Check GitHub authentication
gh auth status >/dev/null
Code language: JavaScript (javascript)This confirms that GitHub CLI is authenticated.
If authentication is missing, run:
gh auth login
5. Read PR metadata
gh pr view "$PR" --json state --jq '.state'
gh pr view "$PR" --json baseRefName --jq '.baseRefName'
gh pr view "$PR" --json headRefName --jq '.headRefName'
Code language: JavaScript (javascript)The script reads useful PR details:
- PR state
- base branch
- head branch
- repository name
This metadata helps Claude understand the context before reviewing the diff.
6. Try normal PR checkout
gh pr checkout "$PR" --force
Code language: JavaScript (javascript)This is the cleanest way to check out a PR.
But sometimes this fails, especially when:
- the PR branch was deleted
- the PR is already merged
- the PR came from a fork
- the local remote is not configured correctly
- GitHub CLI tries to fetch a branch that no longer exists
That is why the script includes a fallback.
7. Fallback checkout using GitHub PR refs
git fetch "$REMOTE" "+refs/pull/${PR}/head:refs/remotes/${REMOTE}/${BRANCH}"
git switch -C "$BRANCH" "refs/remotes/${REMOTE}/${BRANCH}"
Code language: JavaScript (javascript)This fetches the PR directly from GitHubโs pull request reference.
For example, for PR 56, it fetches:
refs/pull/56/head
This is often more reliable than fetching the original branch name.
This fallback fixed your earlier issue:
fatal: couldn't find remote ref refs/heads/update_aws
Code language: HTTP (http)That happened because the branch update_aws was no longer available as a normal branch.
8. Continue even if checkout fails
If checkout still fails, the script does not stop immediately.
Instead, it continues with:
gh pr diff "$PR" --patch
Code language: JavaScript (javascript)That means Claude can still review the pull request from the diff, even if the branch cannot be checked out locally.
This is useful for merged or closed PRs.
9. Collect PR context
The script writes everything to:
/tmp/pr-56-context.md
It includes:
- repository name
- PR state
- base branch
- head branch
- checkout status
- PR metadata
- changed files
- patch/diff
This context is then sent to Claude.
10. Ask Claude to review
The script pipes the context into Claude:
cat "$CTX" | claude -p "..."
Code language: JavaScript (javascript)The prompt tells Claude to focus on important review areas:
- correctness bugs
- security risks
- missing tests
- API compatibility issues
- race conditions
- edge cases
- maintainability issues that matter
It also tells Claude not to edit files.
That matters because for review workflows, we want feedback, not automatic code changes.
11. Save the review
Claudeโs output is saved to:
claude-pr-56-review.md
Code language: CSS (css)This lets you review the AI output before posting.
12. Optionally post to GitHub
If you run:
./review.sh 56 --post
The script posts the review using:
gh pr comment "$PR" --body-file "$OUT"
Code language: JavaScript (javascript)For safer usage, I prefer:
./review.sh 56
less claude-pr-56-review.md
gh pr comment 56 --body-file claude-pr-56-review.md
That keeps a human in the loop.
Real-world use cases
Use case 1: Quick review before approving a PR
A teammate opens a PR. Before you manually inspect it, run:
./review.sh 123
Claude gives you a first-pass review. You can then focus your human review on the risky areas.
Use case 2: Reviewing infrastructure changes
For Terraform, Kubernetes, Helm, or AWS modules, this is especially useful.
Claude can help spot:
- overly broad IAM permissions
- missing encryption
- accidental public exposure
- risky security group changes
- missing variable validation
- breaking module interface changes
- missing README or example updates
For Terraform repositories, you can customize the prompt with infrastructure-specific review goals.
Use case 3: Reviewing merged PRs
Sometimes you want to analyze an old PR after it has already been merged.
Normal branch checkout may fail because the source branch was deleted.
This script still tries to review from:
gh pr diff
That makes it useful for audits, postmortems, and learning.
Use case 4: Preparing better code review comments
Instead of posting Claudeโs full output directly, you can use it as a draft.
You read the generated Markdown, remove anything unnecessary, and post only the useful comments.
This avoids noisy AI-generated reviews.
Suggested improvements
You can improve the script further by adding:
Terraform-specific mode
Example:
./review.sh 56 --terraform
Then use a Terraform-specific Claude prompt.
Security-only mode
Example:
./review.sh 56 --security
This would focus only on security and data exposure.
Review without posting
Default behavior should stay safe:
./review.sh 56
Auto-posting should remain explicit:
./review.sh 56 --post
That is the right default.
Best practices
Do not blindly post AI-generated reviews.
Use Claude as an assistant, not as the final reviewer.
Prefer this flow:
./review.sh 56
less claude-pr-56-review.md
gh pr comment 56 --body-file claude-pr-56-review.md
Keep prompts specific to the repository type.
For example, a Terraform module review should focus on AWS security, IAM, networking, variables, outputs, examples, and provider compatibility.
A backend service review should focus on API behavior, database changes, error handling, concurrency, and tests.
A frontend review should focus on UI behavior, state management, accessibility, performance, and browser compatibility.
Final summary
This script gives you a lightweight AI-assisted PR review workflow using tools many developers already use:
Git + GitHub CLI + Claude Code + Bash
It is fast, transparent, and easy to customize.
The best part is that it keeps the human reviewer in control. Claude provides a first-pass review, but you decide what gets posted to the PR.
That is exactly how AI code review should work: helpful, practical, and human-supervised.
Iโm a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.
Do you want to learn Quantum Computing?
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND
Find Trusted Cardiac Hospitals
Compare heart hospitals by city and services โ all in one place.
Explore Hospitals