// Review a contribution PR for safety, quality, and readiness. Checks for security concerns, test coverage, size appropriateness, and intent alignment. Use when reviewing external contributions.
| name | contrib-pr-review |
| description | Review a contribution PR for safety, quality, and readiness. Checks for security concerns, test coverage, size appropriateness, and intent alignment. Use when reviewing external contributions. |
| argument-hint | <pr-number> |
| allowed-tools | Bash, Read, Grep, Glob, WebFetch |
Review PR #$ARGUMENTS from external contributor for safety, quality, and readiness.
PR Metadata:
!`gh pr view $ARGUMENTS --repo homeassistant-ai/ha-mcp --json author,additions,deletions,files,commits,closingIssuesReferences,isDraft,reviews,url,title,body`
Contributor Stats:
!`gh api /repos/homeassistant-ai/ha-mcp/pulls/$ARGUMENTS --jq '{author: .user.login, user_id: .user.id}' | jq -r '.author' | xargs -I {} gh api /repos/homeassistant-ai/ha-mcp/contributors --jq '.[] | select(.login == "{}") | {login: .login, contributions: .contributions}'`
Files Changed:
!`gh api /repos/homeassistant-ai/ha-mcp/pulls/$ARGUMENTS/files --jq '.[] | {filename: .filename, status: .status, additions: .additions, deletions: .deletions, changes: .changes, patch: .patch}' | head -50`
Note: Gemini Code Assist now handles security assessment automatically. Check if Gemini flagged any security concerns.
# Check if Gemini posted security-related comments
gh pr view $ARGUMENTS --repo homeassistant-ai/ha-mcp --json comments --jq '.comments[] | select(.author.login == "gemini-code-assist" or .body | contains("security") or contains("Security")) | {author: .author.login, body: .body}'
If Gemini flagged security issues:
If NO Gemini security flags but you notice concerning patterns:
.github/ workflow modifications with pull_request_target.claude/ agent/skill changes that could affect behaviorIf security assessment passes and PR has workflow changes or new workflows:
# Check current workflow status
gh api /repos/homeassistant-ai/ha-mcp/pulls/$ARGUMENTS/requested_reviewers
# Enable workflows if not enabled (requires WRITE permission)
# This command may fail if already enabled - that's OK
gh api -X PUT /repos/homeassistant-ai/ha-mcp/actions/workflows/pr.yml/enable 2>/dev/null || echo "Workflows already enabled or no permission"
Pre-existing tests (easier review if modified code is already tested):
# For each modified source file, check if tests exist
gh api /repos/homeassistant-ai/ha-mcp/pulls/$ARGUMENTS/files --jq '.[] | select(.filename | startswith("src/")) | .filename' | while read file; do
basename=$(basename "$file" .py)
echo "Checking tests for: $file"
# Method 1: Look for test files by naming convention
find tests/ -name "test_${basename}.py" -o -name "test_*${basename}*.py" 2>/dev/null | head -3
# Method 2: Grep for function/class names from the modified file
# Extract function/class names and search for them in tests
grep -E '^(def|class|async def) [a-zA-Z_]' "$file" 2>/dev/null | head -5 | while read line; do
name=$(echo "$line" | sed -E 's/.*(def|class) ([a-zA-Z_][a-zA-Z0-9_]*).*/\2/')
if [ -n "$name" ]; then
grep -r "$name" tests/ 2>/dev/null | head -1
fi
done
done
New tests added:
# Check if PR adds or modifies tests
gh api /repos/homeassistant-ai/ha-mcp/pulls/$ARGUMENTS/files --jq '.[] | select(.filename | startswith("tests/")) | {filename: .filename, status: .status, additions: .additions}'
Output Test Summary:
๐งช Test Coverage:
- Pre-existing tests: โ
Modified code has tests / โ ๏ธ No tests for modified code
- New tests: โ
PR adds X test files / โ ๏ธ No new tests
- Assessment: [Easy/Medium/Hard to review based on test coverage]
Calculate PR size and assess appropriateness:
# From metadata: additions + deletions
total_lines=$(gh pr view $ARGUMENTS --repo homeassistant-ai/ha-mcp --json additions,deletions --jq '.additions + .deletions')
echo "Total lines changed: $total_lines"
# Get contributor experience
author=$(gh pr view $ARGUMENTS --repo homeassistant-ai/ha-mcp --json author --jq -r '.author.login')
# Check 1: Contributions to this project
project_contributions=$(gh api /repos/homeassistant-ai/ha-mcp/contributors --jq ".[] | select(.login == \"$author\") | .contributions" || echo "0")
# Check 2: Total GitHub commits (overall experience)
total_commits=$(gh api /users/$author --jq '.public_repos + .total_private_repos' 2>/dev/null || echo "unknown")
echo "Contributor: $author"
echo "Project contributions: $project_contributions"
echo "GitHub experience: $total_commits repos"
Assess:
First-time to project (0-2 project contributions):
500 lines: ๐ด Too large - suggest splitting
Regular contributor (3+ project contributions):
1000 lines: ๐ด Very large - suggest splitting
Experienced GitHub user (many repos/commits overall):
Output Size Summary:
๐ PR Size:
- Lines changed: [total]
- Contributor: [first-time / regular] ([X] contributions)
- Assessment: [size appropriateness]
Check linked issues:
# From metadata: closingIssuesReferences
gh pr view $ARGUMENTS --repo homeassistant-ai/ha-mcp --json closingIssuesReferences --jq '.closingIssuesReferences[] | {number: .number, title: .title}'
If issue linked:
If no issue linked:
Output Intent Summary:
๐ฏ Intent & Linkage:
- Linked issue: #X "title" / โ ๏ธ No issue linked
- Solves issue: โ
Fully addresses requirements / โ ๏ธ Partial / โ Doesn't match
- Scope: โ
Focused / โ ๏ธ Scope creep detected
Note: Gemini Code Assist provides automated code review on all PRs. This step focuses on what Gemini cannot assess:
Breaking change assessment:
Quick checks:
# Check if ruff/mypy would complain (from workflow logs if available)
gh pr checks $ARGUMENTS --repo homeassistant-ai/ha-mcp | grep -E "(ruff|mypy|lint)"
# Check for common issues in diff
grep -E "(TODO|FIXME|XXX|HACK)" /tmp/pr_$ARGUMENTS.diff
Output Quality Summary:
โจ Code Quality:
- Architecture fit: [assessment - service layer, context engineering]
- Breaking changes: โ
None / โ ๏ธ Detected - [describe what's genuinely lost]
- Gemini reviews: [check if Gemini flagged anything critical]
After completing all steps, present a short summary of what the PR does and the review findings, then ask: "Should I post this comment to the PR?"
After completing the analysis, draft a comment for the PR following these guidelines:
Comment Length:
Style:
Structure for "Good to Merge" (10-15 lines):
[Positive opening line about the contribution]
[1-2 sentences on what works well - focus on functionality, tests, architecture]
[Any minor suggestions or notes - optional, technical only]
[Closing line about readiness to merge]
Note: Do NOT mention security assessment in comment unless issues were found. Security checks are internal.
Structure for "Changes Needed" (max 25 lines):
[Positive opening line acknowledging the work]
[Brief summary of the issue being solved]
**[Concern 1]:**
[1-2 lines explanation + suggestion - focus on: tests, functionality, architecture, breaking changes]
**[Concern 2]:** (if applicable)
[1-2 lines explanation + suggestion]
**[Concern 3]:** (if applicable)
[1-2 lines explanation + suggestion]
[Closing line about next steps]
Note: Security concerns should be raised immediately when found, not in final structured comment.
Example - Good to Merge:
Great work on [feature/fix]. [Performance/quality metric] is impressive.
The implementation follows existing patterns and the [specific aspect] is well-designed. [Optional: Minor note about something noticed].
Ready to merge once CI passes.
Example - Changes Needed:
Thanks for tackling [problem]. [Metric/impact] shows this addresses a real need.
**Test coverage:**
Missing tests for the new [feature]. Please add at least one E2E test validating [behavior]. Performance tests not required.
**[Second concern if applicable]:**
[Brief explanation and request]
Once [change 1] and [change 2] are addressed, this should be good to merge.
Implement a GitHub issue end-to-end โ create a worktree branch, implement the feature with tests, create a draft PR, then iteratively resolve all CI failures and review comments until the PR is clean. Use when you need to fully implement a GitHub issue from start to merge-ready. Triggers on "implement issue", "resolve issue", "/issue-to-pr-resolver <number>".
Manage your own GitHub pull requests โ check CI status, inline review comments, PR-level comments, resolve review threads, fix issues, and iterate until all checks pass and threads are resolved. Use for managing your own PRs (not external contributions). Triggers on "check my PR", "check PR", "/my-pr-checker <number>".
Deep analysis of a single GitHub issue with codebase exploration, implementation planning, and architectural assessment. Use when you need to analyze a GitHub issue, assess its complexity, plan implementation approaches, and post a structured analysis comment. Triggers on "analyze issue", "deep analysis", "/issue-analysis <number>".
Create a git worktree in worktree/ subdirectory with up-to-date master
Run bot acceptance tests to validate MCP tools work correctly from a real AI agent's perspective. Use when testing PRs, detecting regressions, or verifying tool changes end-to-end with Claude/Gemini CLIs.
Compare MCP tool behavior between target and baseline versions using pre-built and custom stories with diff-based triage.