feat(pr-review-toolkit): add address-pr-feedback skill#76
Conversation
📝 WalkthroughWalkthroughThis PR adds a new ChangesAddress PR Feedback Skill
Estimated code review effort: 3 (Moderate) | ~25 minutes Sequence Diagram(s)sequenceDiagram
participant User
participant Skill
participant GitHubMCP
participant HaikuAgent
participant SonnetAgent
User->>Skill: Invoke address-pr-feedback
Skill->>GitHubMCP: Detect PR and fetch comments
GitHubMCP-->>Skill: Reviews, threads, conversation comments
alt --interactive
User->>Skill: Paste feedback
Skill->>HaikuAgent: Parse feedback text
HaikuAgent-->>Skill: Structured items
else auto-fetch
Skill->>Skill: Normalize items with comment/thread IDs
end
Skill->>SonnetAgent: Analyze items and draft replies
SonnetAgent-->>Skill: Analysis results
Skill->>HaikuAgent: Score items
HaikuAgent-->>Skill: Scores and rationale
Skill->>User: AskUserQuestion per item
User-->>Skill: Confirmed action
Skill->>HaikuAgent: Generate execution plan
HaikuAgent-->>Skill: Plan
Skill->>GitHubMCP: Post approved replies
Possibly related PRs
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
This PR promotes the address-pr-feedback skill from a user-local Claude Code config into the pr-review-toolkit plugin, making it a versioned, shareable part of the marketplace. It complements the existing review-pr skill by handling the other side of a review cycle: collecting reviewer feedback, scoring it, planning fixes, and posting reply comments. The default mode auto-detects the current branch's open PR and fetches comments via the GitHub MCP, with an --interactive flag preserving the original manual paste flow.
Changes:
- Adds
pr-review-toolkit/skills/address-pr-feedback/SKILL.mdwith a 7-phase flow (branch validation → collection → scoring → confirmation → plan → execution → reply posting). - Documents the new skill in the plugin README under a new
## Skillssection. - Bumps the plugin version
1.11.1 → 1.12.0(minor, for the new skill).
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| pr-review-toolkit/skills/address-pr-feedback/SKILL.md | New skill defining the auto-fetch/interactive feedback flow, scoring rubric, plan template, and MCP reply posting. |
| pr-review-toolkit/README.md | Adds a ## Skills section documenting review-pr and the new address-pr-feedback skill and its flow. |
| pr-review-toolkit/.claude-plugin/plugin.json | Version bump to 1.12.0. |
Notable review findings:
- Phase 0 and the
allowed-toolsfrontmatter reference anEnterPlanModetool that does not exist in this marketplace's plan-mode model (sibling skills only detect/exit plan mode); the enter/exit flow won't work as written. - The skill grants unrestricted
Bash, deviating from the plugin's documented least-privilege convention of scoping Bash to specific git patterns.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@pr-review-toolkit/skills/address-pr-feedback/SKILL.md`:
- Around line 189-195: The workflow text references TaskCreate, but that tool
name is unsupported and inconsistent with the allowed task primitive. Update the
instructions in SKILL.md to use the actual Task tool name consistently wherever
the task creation flow is described, including the phase list and any related
“create tasks” steps, so the documented process matches the supported mechanism.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 22f15a4a-1fe3-47d6-8362-80194bd9f757
📒 Files selected for processing (3)
pr-review-toolkit/.claude-plugin/plugin.jsonpr-review-toolkit/README.mdpr-review-toolkit/skills/address-pr-feedback/SKILL.md
b1d5c74 to
f8024cd
Compare
Move the address-pr-feedback skill from user-local config into the pr-review-toolkit plugin. Adds auto-fetch of PR comments via GitHub MCP (with --interactive flag for manual mode) and a new Phase 6 for posting reply comments with per-reply user approval. Assisted-by: Claude:claude-opus-4-6
f8024cd to
cf13fee
Compare
|
@CodeRabbit review |
✅ Action performedReview finished.
|
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@pr-review-toolkit/skills/address-pr-feedback/SKILL.md`:
- Around line 63-64: The auto-fetch path is currently including every comment,
which re-ingests replies created by the current automation and can reopen
handled items. Update the comment collection logic in the feedback workflow to
exclude comments authored by the current actor or this tool’s own replies before
scoring, and keep the filtering centralized where the fetch/list step prepares
the comments for downstream processing.
- Around line 41-52: The PR detection logic in the current branch flow is too
brittle because the origin slug parsing only handles HTTPS remotes and the
presence of an `upstream` remote is being used as a fork signal. Update the
branch detection steps around `git remote get-url origin`, `git branch
--show-current`, and the `list_pull_requests` call to correctly parse both SSH
and HTTPS remote URL forms, and determine fork status from tracked repo/branch
metadata rather than from `upstream` existing alone. Keep the fork and non-fork
`head` construction in the same detection path, but ensure the repo owner/repo
scoping is derived from the parsed remote data.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 80a0d898-1247-40f9-8b79-034c19f7d00d
📒 Files selected for processing (3)
pr-review-toolkit/.claude-plugin/plugin.jsonpr-review-toolkit/README.mdpr-review-toolkit/skills/address-pr-feedback/SKILL.md
✅ Files skipped from review due to trivial changes (2)
- pr-review-toolkit/.claude-plugin/plugin.json
- pr-review-toolkit/README.md
| 1. **Detect PR from current branch:** | ||
| - Run `git remote get-url origin` and extract owner/repo | ||
| (strip protocol prefix, `.git` suffix, and hosting domain) | ||
| - Run `git branch --show-current` to get the branch name | ||
| - Determine if this is a fork workflow: | ||
| - Run `git remote get-url upstream 2>/dev/null` — if it succeeds, this is | ||
| a fork workflow; extract the upstream owner/repo | ||
| - Find the open PR: | ||
| - Fork workflow: use `list_pull_requests` with `state: "open"` and | ||
| `head: "<fork-owner>:<branch>"`, scoped to the upstream owner/repo | ||
| - Non-fork workflow: use `list_pull_requests` with `state: "open"` and | ||
| `head: "<owner>:<branch>"`, scoped to the owner/repo |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
Make PR detection robust for SSH remotes and non-fork upstream remotes.
The current slug extraction only works reliably for HTTPS-style origin URLs, and treating any upstream remote as a fork can send list_pull_requests to the wrong repository. Parse both SSH/HTTPS URL forms and derive fork status from the tracked repo/branch metadata instead of remote presence alone.
Suggested adjustment
- - Run `git remote get-url origin` and extract owner/repo
- (strip protocol prefix, `.git` suffix, and hosting domain)
+ - Run `git remote get-url origin` and parse owner/repo from both HTTPS and SSH URL forms.
...
- - Determine if this is a fork workflow:
- - Run `git remote get-url upstream 2>/dev/null` — if it succeeds, this is
- a fork workflow; extract the upstream owner/repo
+ - Determine fork workflow from branch tracking / repo slug comparison, not just the
+ presence of an `upstream` remote.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| 1. **Detect PR from current branch:** | |
| - Run `git remote get-url origin` and extract owner/repo | |
| (strip protocol prefix, `.git` suffix, and hosting domain) | |
| - Run `git branch --show-current` to get the branch name | |
| - Determine if this is a fork workflow: | |
| - Run `git remote get-url upstream 2>/dev/null` — if it succeeds, this is | |
| a fork workflow; extract the upstream owner/repo | |
| - Find the open PR: | |
| - Fork workflow: use `list_pull_requests` with `state: "open"` and | |
| `head: "<fork-owner>:<branch>"`, scoped to the upstream owner/repo | |
| - Non-fork workflow: use `list_pull_requests` with `state: "open"` and | |
| `head: "<owner>:<branch>"`, scoped to the owner/repo | |
| 1. **Detect PR from current branch:** | |
| - Run `git remote get-url origin` and parse owner/repo from both HTTPS and SSH URL forms. | |
| - Run `git branch --show-current` to get the branch name | |
| - Determine if this is a fork workflow from branch tracking / repo slug comparison, not just the | |
| presence of an `upstream` remote. | |
| - Find the open PR: | |
| - Fork workflow: use `list_pull_requests` with `state: "open"` and | |
| `head: "<fork-owner>:<branch>"`, scoped to the upstream owner/repo | |
| - Non-fork workflow: use `list_pull_requests` with `state: "open"` and | |
| `head: "<owner>:<branch>"`, scoped to the owner/repo |
🧰 Tools
🪛 SkillSpector (2.3.7)
[warning] 187: [RA2] Session Persistence: Skill establishes unauthorized persistence across sessions via cron jobs, startup scripts, or state files. Session persistence allows an attacker to maintain access beyond the current interaction.
Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.
(Rogue Agent (RA2))
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@pr-review-toolkit/skills/address-pr-feedback/SKILL.md` around lines 41 - 52,
The PR detection logic in the current branch flow is too brittle because the
origin slug parsing only handles HTTPS remotes and the presence of an `upstream`
remote is being used as a fork signal. Update the branch detection steps around
`git remote get-url origin`, `git branch --show-current`, and the
`list_pull_requests` call to correctly parse both SSH and HTTPS remote URL
forms, and determine fork status from tracked repo/branch metadata rather than
from `upstream` existing alone. Keep the fork and non-fork `head` construction
in the same detection path, but ensure the repo owner/repo scoping is derived
from the parsed remote data.
| Include all comments — no bot filtering, no trust filtering. The scoring | ||
| phase handles relevance naturally. |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Skip comments authored by the current automation.
With Phase 6 writing replies back as normal PR comments, the default auto-fetch path will re-ingest those replies on the next run and can re-open already handled items. Exclude the tool’s own replies (or any comments from the current actor) from the auto-fetch set.
Suggested adjustment
- Include all comments — no bot filtering, no trust filtering. The scoring
- phase handles relevance naturally.
+ Include all comments, but skip comments authored by the current automation
+ so Phase 6 replies are not reprocessed on subsequent runs. The scoring phase
+ still handles relevance for everything else.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| Include all comments — no bot filtering, no trust filtering. The scoring | |
| phase handles relevance naturally. | |
| Include all comments, but skip comments authored by the current automation | |
| so Phase 6 replies are not reprocessed on subsequent runs. The scoring phase | |
| still handles relevance for everything else. |
🧰 Tools
🪛 SkillSpector (2.3.7)
[warning] 187: [RA2] Session Persistence: Skill establishes unauthorized persistence across sessions via cron jobs, startup scripts, or state files. Session persistence allows an attacker to maintain access beyond the current interaction.
Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.
(Rogue Agent (RA2))
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@pr-review-toolkit/skills/address-pr-feedback/SKILL.md` around lines 63 - 64,
The auto-fetch path is currently including every comment, which re-ingests
replies created by the current automation and can reopen handled items. Update
the comment collection logic in the feedback workflow to exclude comments
authored by the current actor or this tool’s own replies before scoring, and
keep the filtering centralized where the fetch/list step prepares the comments
for downstream processing.
Summary
address-pr-feedbackskill from user-local config (~/.config/claude-code/skills/) into thepr-review-toolkitplugin--interactiveflag to preserve the original manual paste-feedback flowadd_reply_to_pull_request_comment/add_issue_commentTest plan
claude plugin validate ./pr-review-toolkitpassesuvx skillsaw --strictpasses with no errors/warningsnpx markdownlint-cli2passes onpr-review-toolkit/**/*.md/pr-review-toolkit:address-pr-feedbackon a PR with review comments — verify auto-fetch, scoring, confirmation, plan generation--interactive— verify manual collection flow still works~/.config/claude-code/skills/address-pr-feedback/) and verify plugin version works as sole sourceSummary by CodeRabbit
address-pr-feedbackworkflow for collecting PR review feedback and drafting/posting responses, with an optional--interactivemode for step-by-step handling and approval.review-prand the newaddress-pr-feedbackworkflow.1.12.0.