PR Reviews That Actually Find Bugs
Stop rubber-stamping PRs. Use Claude to catch real bugs, identify untested code paths, and write review comments that actually help.
Most PR reviews miss the bugs that matter. Reviewers skim for style issues and obvious mistakes, but miss the subtle logic errors, the missing edge case handling, and the code paths that have zero test coverage. This tutorial shows you how to use Claude as a second pair of eyes that reads the diff, understands the context, and flags the things humans routinely miss.
Pull down a PR
Use the gh CLI to check out the PR branch locally. This gives Claude access to the full file context, not just the diff. You want Claude reading real code, not a stripped-down patch.
# List open PRs and pick one
gh pr list
# Check out a specific PR by number
gh pr checkout 247
# Or check out by branch name
gh pr checkout feature/user-auth-refactor
# See the PR description and file list before starting
gh pr view
gh pr diff 247 --name-onlyAsk Claude to review
With the branch checked out, ask Claude to review the PR. Give it the diff plus context about what the PR is trying to do. The more specific your prompt, the more useful the review.
# Get the full diff and pipe it to Claude
gh pr diff 247 | claude "Review this PR diff. Focus on: correctness,
security issues, missing error handling, and edge cases.
The PR description says: Refactor user authentication to use JWT tokens
instead of session cookies."
# Or work interactively inside a Claude session
claude
# Then paste the diff and ask:
# The author says this refactors auth from sessions to JWTs.
# What are the biggest risks in this change?Go deeper on suspicious code
When Claude flags something, follow up. Ask it to read the specific file, trace the data flow, and explain exactly what could go wrong. This is where the real bugs surface.
# Trace what happens with an expired token
claude "Read src/auth/jwt.ts and src/middleware/auth.ts together.
Trace what happens when a JWT token is expired: does the middleware
return a 401, silently continue, or redirect? Show me the code path."
# Check a pattern across the whole codebase
claude "Find every place we check authentication in the API routes.
Are they all using the new JWT middleware or are some still on sessions?"
# Think through the deployment impact
claude "What happens to users currently logged in when this PR deploys?
Their existing session cookies will not be valid. What is the transition path?"Write missing tests
Claude can identify which code paths have no test coverage and write the tests. This is faster than hunting for gaps manually and produces tests that reflect real failure modes, not just happy paths.
# Ask Claude to find untested paths first
claude "Look at src/auth/jwt.ts and the existing tests in __tests__/auth/.
Which code paths have no test coverage? List them."
# Then ask Claude to write the tests
claude "Write vitest tests for the expired token case in src/auth/jwt.ts.
Cover: token expired, invalid signature, missing token, token with wrong audience.
Use the existing test setup in __tests__/auth/session.test.ts as the pattern."
# Run the new tests to confirm they catch the real bugs
npm test -- --testPathPattern auth/jwtLeave better review comments
Use Claude to draft the actual review comments. Good review comments explain the risk, point to the specific code path, and suggest a concrete fix. Claude can draft these faster than you can type them, and at a consistently high quality.
# Draft a single targeted review comment
claude "Draft a GitHub PR review comment for this issue:
- File: src/auth/jwt.ts
- Problem: logout() clears the cookie but the JWT stays valid for 30 days
- Impact: stolen tokens remain valid after logout
- Tone: collegial, specific, not condescending
Include the problematic code snippet and a concrete fix suggestion."
# Draft the full review body
claude "Write the full review for PR #247 as a GitHub review body.
3 blocking issues, 2 suggestions. Tone: direct and helpful.
The author is a mid-level developer who appreciates specific examples."
# Post the review directly via gh CLI
gh pr review 247 --request-changes --body "$(cat review-draft.md)"Share what you built
Let your network know. Pre-filled post (edit before posting).
Just completed "PR Reviews That Actually Find Bugs" on Claude Code Guide in 15 min. No coding experience needed. Claude does the work, you do the thinking. 👇 Free tutorial: https://claudecodeguide.dev/tutorials/pr-review-workflow
What's next?
Back to all tutorials