Skip to content

feat(pr-review-toolkit): add address-pr-feedback skill#76

Merged
cblecker merged 1 commit into
mainfrom
feat/address-pr-feedback
Jul 8, 2026
Merged

feat(pr-review-toolkit): add address-pr-feedback skill#76
cblecker merged 1 commit into
mainfrom
feat/address-pr-feedback

Conversation

@cblecker

@cblecker cblecker commented Jul 8, 2026

Copy link
Copy Markdown
Owner

Summary

  • Moves the address-pr-feedback skill from user-local config (~/.config/claude-code/skills/) into the pr-review-toolkit plugin
  • Adds auto-fetch of PR review comments via GitHub MCP as the default mode (detects PR from current branch, fetches all comment types, normalizes into structured items)
  • Adds --interactive flag to preserve the original manual paste-feedback flow
  • Adds Phase 6: reply posting — after implementation, drafts reply comments and posts them to GitHub with per-reply user approval via add_reply_to_pull_request_comment / add_issue_comment
  • Reorders Phase 0 to validate branch before entering plan mode
  • Bumps plugin version 1.11.1 → 1.12.0

Test plan

  • claude plugin validate ./pr-review-toolkit passes
  • uvx skillsaw --strict passes with no errors/warnings
  • npx markdownlint-cli2 passes on pr-review-toolkit/**/*.md
  • Invoke /pr-review-toolkit:address-pr-feedback on a PR with review comments — verify auto-fetch, scoring, confirmation, plan generation
  • Invoke with --interactive — verify manual collection flow still works
  • Complete implementation on a test item and verify reply posting via MCP
  • Remove local skill (~/.config/claude-code/skills/address-pr-feedback/) and verify plugin version works as sole source

Summary by CodeRabbit

  • New Features
    • Added a new address-pr-feedback workflow for collecting PR review feedback and drafting/posting responses, with an optional --interactive mode for step-by-step handling and approval.
  • Documentation
    • Updated the README “Usage” guidance into a clearer “Skills” format, including details for review-pr and the new address-pr-feedback workflow.
  • Chores
    • Bumped the plugin manifest version to 1.12.0.

Copilot AI review requested due to automatic review settings July 8, 2026 18:45
@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

This PR adds a new address-pr-feedback skill, documents it in the README, and bumps the plugin manifest version. The skill defines a multi-phase workflow for collecting, analyzing, planning, and posting PR review feedback.

Changes

Address PR Feedback Skill

Layer / File(s) Summary
Plugin version bump and README skill docs
pr-review-toolkit/.claude-plugin/plugin.json, pr-review-toolkit/README.md
Bumps manifest version from 1.11.1 to 1.12.0 and updates README usage text to document review-pr and address-pr-feedback [--interactive].
Skill metadata and branch validation
pr-review-toolkit/skills/address-pr-feedback/SKILL.md
Defines the skill frontmatter, user-facing title, and Phase 0 branch validation with plan-mode entry.
Feedback collection
pr-review-toolkit/skills/address-pr-feedback/SKILL.md
Implements Phase 1 feedback collection through PR auto-detection and comment normalization, plus the interactive Haiku parsing loop.
Analysis, scoring, and action confirmation
pr-review-toolkit/skills/address-pr-feedback/SKILL.md
Implements Phase 2 deduplication, analysis, and scoring, then Phase 3 per-item action confirmation.
Plan generation, execution, and reply posting
pr-review-toolkit/skills/address-pr-feedback/SKILL.md
Implements Phase 4 plan generation, Phase 5 plan-mode exit and task execution, and Phase 6 reply posting through GitHub MCP.

Estimated code review effort: 3 (Moderate) | ~25 minutes

Sequence Diagram(s)

sequenceDiagram
  participant User
  participant Skill
  participant GitHubMCP
  participant HaikuAgent
  participant SonnetAgent

  User->>Skill: Invoke address-pr-feedback
  Skill->>GitHubMCP: Detect PR and fetch comments
  GitHubMCP-->>Skill: Reviews, threads, conversation comments
  alt --interactive
    User->>Skill: Paste feedback
    Skill->>HaikuAgent: Parse feedback text
    HaikuAgent-->>Skill: Structured items
  else auto-fetch
    Skill->>Skill: Normalize items with comment/thread IDs
  end
  Skill->>SonnetAgent: Analyze items and draft replies
  SonnetAgent-->>Skill: Analysis results
  Skill->>HaikuAgent: Score items
  HaikuAgent-->>Skill: Scores and rationale
  Skill->>User: AskUserQuestion per item
  User-->>Skill: Confirmed action
  Skill->>HaikuAgent: Generate execution plan
  HaikuAgent-->>Skill: Plan
  Skill->>GitHubMCP: Post approved replies
Loading

Possibly related PRs

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: adding the new address-pr-feedback skill to pr-review-toolkit.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/address-pr-feedback

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR promotes the address-pr-feedback skill from a user-local Claude Code config into the pr-review-toolkit plugin, making it a versioned, shareable part of the marketplace. It complements the existing review-pr skill by handling the other side of a review cycle: collecting reviewer feedback, scoring it, planning fixes, and posting reply comments. The default mode auto-detects the current branch's open PR and fetches comments via the GitHub MCP, with an --interactive flag preserving the original manual paste flow.

Changes:

  • Adds pr-review-toolkit/skills/address-pr-feedback/SKILL.md with a 7-phase flow (branch validation → collection → scoring → confirmation → plan → execution → reply posting).
  • Documents the new skill in the plugin README under a new ## Skills section.
  • Bumps the plugin version 1.11.1 → 1.12.0 (minor, for the new skill).

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File Description
pr-review-toolkit/skills/address-pr-feedback/SKILL.md New skill defining the auto-fetch/interactive feedback flow, scoring rubric, plan template, and MCP reply posting.
pr-review-toolkit/README.md Adds a ## Skills section documenting review-pr and the new address-pr-feedback skill and its flow.
pr-review-toolkit/.claude-plugin/plugin.json Version bump to 1.12.0.

Notable review findings:

  • Phase 0 and the allowed-tools frontmatter reference an EnterPlanMode tool that does not exist in this marketplace's plan-mode model (sibling skills only detect/exit plan mode); the enter/exit flow won't work as written.
  • The skill grants unrestricted Bash, deviating from the plugin's documented least-privilege convention of scoping Bash to specific git patterns.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread pr-review-toolkit/skills/address-pr-feedback/SKILL.md Outdated
Comment thread pr-review-toolkit/skills/address-pr-feedback/SKILL.md Outdated
Comment thread pr-review-toolkit/skills/address-pr-feedback/SKILL.md Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@pr-review-toolkit/skills/address-pr-feedback/SKILL.md`:
- Around line 189-195: The workflow text references TaskCreate, but that tool
name is unsupported and inconsistent with the allowed task primitive. Update the
instructions in SKILL.md to use the actual Task tool name consistently wherever
the task creation flow is described, including the phase list and any related
“create tasks” steps, so the documented process matches the supported mechanism.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 22f15a4a-1fe3-47d6-8362-80194bd9f757

📥 Commits

Reviewing files that changed from the base of the PR and between 93262ed and b1d5c74.

📒 Files selected for processing (3)
  • pr-review-toolkit/.claude-plugin/plugin.json
  • pr-review-toolkit/README.md
  • pr-review-toolkit/skills/address-pr-feedback/SKILL.md

Comment thread pr-review-toolkit/skills/address-pr-feedback/SKILL.md Outdated
Copilot AI review requested due to automatic review settings July 8, 2026 19:17
@cblecker cblecker force-pushed the feat/address-pr-feedback branch from b1d5c74 to f8024cd Compare July 8, 2026 19:17

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

Comment thread pr-review-toolkit/skills/address-pr-feedback/SKILL.md Outdated
Move the address-pr-feedback skill from user-local config into the
pr-review-toolkit plugin. Adds auto-fetch of PR comments via GitHub
MCP (with --interactive flag for manual mode) and a new Phase 6 for
posting reply comments with per-reply user approval.

Assisted-by: Claude:claude-opus-4-6
Copilot AI review requested due to automatic review settings July 8, 2026 19:37
@cblecker cblecker force-pushed the feat/address-pr-feedback branch from f8024cd to cf13fee Compare July 8, 2026 19:37

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

Comment thread pr-review-toolkit/skills/address-pr-feedback/SKILL.md
@cblecker

cblecker commented Jul 8, 2026

Copy link
Copy Markdown
Owner Author

@CodeRabbit review

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@pr-review-toolkit/skills/address-pr-feedback/SKILL.md`:
- Around line 63-64: The auto-fetch path is currently including every comment,
which re-ingests replies created by the current automation and can reopen
handled items. Update the comment collection logic in the feedback workflow to
exclude comments authored by the current actor or this tool’s own replies before
scoring, and keep the filtering centralized where the fetch/list step prepares
the comments for downstream processing.
- Around line 41-52: The PR detection logic in the current branch flow is too
brittle because the origin slug parsing only handles HTTPS remotes and the
presence of an `upstream` remote is being used as a fork signal. Update the
branch detection steps around `git remote get-url origin`, `git branch
--show-current`, and the `list_pull_requests` call to correctly parse both SSH
and HTTPS remote URL forms, and determine fork status from tracked repo/branch
metadata rather than from `upstream` existing alone. Keep the fork and non-fork
`head` construction in the same detection path, but ensure the repo owner/repo
scoping is derived from the parsed remote data.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 80a0d898-1247-40f9-8b79-034c19f7d00d

📥 Commits

Reviewing files that changed from the base of the PR and between b1d5c74 and cf13fee.

📒 Files selected for processing (3)
  • pr-review-toolkit/.claude-plugin/plugin.json
  • pr-review-toolkit/README.md
  • pr-review-toolkit/skills/address-pr-feedback/SKILL.md
✅ Files skipped from review due to trivial changes (2)
  • pr-review-toolkit/.claude-plugin/plugin.json
  • pr-review-toolkit/README.md

Comment on lines +41 to +52
1. **Detect PR from current branch:**
- Run `git remote get-url origin` and extract owner/repo
(strip protocol prefix, `.git` suffix, and hosting domain)
- Run `git branch --show-current` to get the branch name
- Determine if this is a fork workflow:
- Run `git remote get-url upstream 2>/dev/null` — if it succeeds, this is
a fork workflow; extract the upstream owner/repo
- Find the open PR:
- Fork workflow: use `list_pull_requests` with `state: "open"` and
`head: "<fork-owner>:<branch>"`, scoped to the upstream owner/repo
- Non-fork workflow: use `list_pull_requests` with `state: "open"` and
`head: "<owner>:<branch>"`, scoped to the owner/repo

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Make PR detection robust for SSH remotes and non-fork upstream remotes.

The current slug extraction only works reliably for HTTPS-style origin URLs, and treating any upstream remote as a fork can send list_pull_requests to the wrong repository. Parse both SSH/HTTPS URL forms and derive fork status from the tracked repo/branch metadata instead of remote presence alone.

Suggested adjustment
- - Run `git remote get-url origin` and extract owner/repo
-   (strip protocol prefix, `.git` suffix, and hosting domain)
+ - Run `git remote get-url origin` and parse owner/repo from both HTTPS and SSH URL forms.
...
- - Determine if this is a fork workflow:
-   - Run `git remote get-url upstream 2>/dev/null` — if it succeeds, this is
-     a fork workflow; extract the upstream owner/repo
+ - Determine fork workflow from branch tracking / repo slug comparison, not just the
+   presence of an `upstream` remote.
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
1. **Detect PR from current branch:**
- Run `git remote get-url origin` and extract owner/repo
(strip protocol prefix, `.git` suffix, and hosting domain)
- Run `git branch --show-current` to get the branch name
- Determine if this is a fork workflow:
- Run `git remote get-url upstream 2>/dev/null` — if it succeeds, this is
a fork workflow; extract the upstream owner/repo
- Find the open PR:
- Fork workflow: use `list_pull_requests` with `state: "open"` and
`head: "<fork-owner>:<branch>"`, scoped to the upstream owner/repo
- Non-fork workflow: use `list_pull_requests` with `state: "open"` and
`head: "<owner>:<branch>"`, scoped to the owner/repo
1. **Detect PR from current branch:**
- Run `git remote get-url origin` and parse owner/repo from both HTTPS and SSH URL forms.
- Run `git branch --show-current` to get the branch name
- Determine if this is a fork workflow from branch tracking / repo slug comparison, not just the
presence of an `upstream` remote.
- Find the open PR:
- Fork workflow: use `list_pull_requests` with `state: "open"` and
`head: "<fork-owner>:<branch>"`, scoped to the upstream owner/repo
- Non-fork workflow: use `list_pull_requests` with `state: "open"` and
`head: "<owner>:<branch>"`, scoped to the owner/repo
🧰 Tools
🪛 SkillSpector (2.3.7)

[warning] 187: [RA2] Session Persistence: Skill establishes unauthorized persistence across sessions via cron jobs, startup scripts, or state files. Session persistence allows an attacker to maintain access beyond the current interaction.

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.

(Rogue Agent (RA2))

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pr-review-toolkit/skills/address-pr-feedback/SKILL.md` around lines 41 - 52,
The PR detection logic in the current branch flow is too brittle because the
origin slug parsing only handles HTTPS remotes and the presence of an `upstream`
remote is being used as a fork signal. Update the branch detection steps around
`git remote get-url origin`, `git branch --show-current`, and the
`list_pull_requests` call to correctly parse both SSH and HTTPS remote URL
forms, and determine fork status from tracked repo/branch metadata rather than
from `upstream` existing alone. Keep the fork and non-fork `head` construction
in the same detection path, but ensure the repo owner/repo scoping is derived
from the parsed remote data.

Comment on lines +63 to +64
Include all comments — no bot filtering, no trust filtering. The scoring
phase handles relevance naturally.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Skip comments authored by the current automation.

With Phase 6 writing replies back as normal PR comments, the default auto-fetch path will re-ingest those replies on the next run and can re-open already handled items. Exclude the tool’s own replies (or any comments from the current actor) from the auto-fetch set.

Suggested adjustment
- Include all comments — no bot filtering, no trust filtering. The scoring
- phase handles relevance naturally.
+ Include all comments, but skip comments authored by the current automation
+ so Phase 6 replies are not reprocessed on subsequent runs. The scoring phase
+ still handles relevance for everything else.
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
Include all comments — no bot filtering, no trust filtering. The scoring
phase handles relevance naturally.
Include all comments, but skip comments authored by the current automation
so Phase 6 replies are not reprocessed on subsequent runs. The scoring phase
still handles relevance for everything else.
🧰 Tools
🪛 SkillSpector (2.3.7)

[warning] 187: [RA2] Session Persistence: Skill establishes unauthorized persistence across sessions via cron jobs, startup scripts, or state files. Session persistence allows an attacker to maintain access beyond the current interaction.

Remediation: Remove any persistence mechanisms (cron jobs, startup scripts, state files). Skills should not maintain state across sessions without explicit user consent.

(Rogue Agent (RA2))

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pr-review-toolkit/skills/address-pr-feedback/SKILL.md` around lines 63 - 64,
The auto-fetch path is currently including every comment, which re-ingests
replies created by the current automation and can reopen handled items. Update
the comment collection logic in the feedback workflow to exclude comments
authored by the current actor or this tool’s own replies before scoring, and
keep the filtering centralized where the fetch/list step prepares the comments
for downstream processing.

@cblecker cblecker merged commit 12bd916 into main Jul 8, 2026
14 checks passed
@cblecker cblecker deleted the feat/address-pr-feedback branch July 8, 2026 19:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants