posting-review-summary
Posting Review Summary
Context Detection
Check contexts in this order — use the first match:
| Context | How to Detect | Action |
|---|---|---|
| Agent Mode | Sticky comment context provided in prompt (comment ID + <!-- bitwarden-code-review --> marker) |
Write summary to /tmp/review-summary.md |
| GitHub Actions (tag mode) | mcp__github_comment__update_claude_comment available AND no sticky comment context |
Update sticky comment via MCP tool |
| Local review | Neither agent mode context nor MCP tool available | Write to review-summary.md in working directory |
FORBIDDEN: Do not use gh pr comment to create summary comments.
PR Metadata Assessment
If PR title, description, or test plan is genuinely deficient, add as a finding in the Code Review Details collapsible section.
Rules
- DO NOT comment on minor improvements
- DO NOT comment on adequate-but-imperfect metadata
- NEVER add as an inline comment
- DO NOT exceed 3 lines of feedback on the PR Metadata Assessment
Examples
Genuinely deficient means:
- Title is literally "fix bug", "update", "changes", or single word
- Description is empty or just "See Jira"
- UI changes with zero screenshots
- No test plan AND changes are testable
Adequate (DO NOT flag):
- Title describes the change even if imperfect: "Fix login issue for SSO users"
- Description exists and explains the change, even briefly
- Test plan references Jira task with testing details
Format
- ❓ **QUESTION**: PR title could be more specific
- Suggested: "Fix null check in UserService.getProfile"
Summary Format
## 🤖 Bitwarden Claude Code Review
**Overall Assessment:** APPROVE / REQUEST CHANGES
[Up to 4 neutral sentences describing what was reviewed]
<details>
<summary>Code Review Details</summary>
[Findings grouped by severity - see ordering below]
[Optional PR Metadata Assessment - only for truly deficient metadata]
</details>
Dependency Changes Table
When the PR diff includes dependency manifest file changes, add a Dependency Changes subsection inside the <details> block, after the findings list and before the optional PR Metadata Assessment.
Only render this table when there are meaningful version changes — not for lock file-only churn with no manifest changes.
### Dependency Changes
| Package | Change | Ecosystem |
| ----------------- | --------------------- | --------- |
| `@foo/bar` | New (1.2.0) | npm |
| `lodash` | 3.x → 4.x (**major**) | npm |
| `Newtonsoft.Json` | 13.0.1 → 13.0.3 | NuGet |
| `old-package` | Removed | npm |
Bold the word "major" for major version bumps. Mark new additions as "New (version)" and removals as "Removed".
Findings in Details Section
Ordering: Group findings by severity in this exact order:
- ❌ : CRITICAL
- ⚠️ : IMPORTANT
- ♻️ : DEBT
- 🎨 : SUGGESTED
- ❓ : QUESTION
Omit empty categories entirely.
Format per finding:
- [emoji]: [One-line description]
- `filename.ts:42`
Example:
<details>
<summary>Code Review Details</summary>
- ❌ : SQL injection in user query builder
- `src/auth/queries.ts:87`
- ⚠️ : Missing null check on optional config
- `src/config/loader.ts:23`
</details>
Output Execution
Agent Mode (Sticky Comment)
When sticky comment context is provided in the prompt (comment ID + marker):
- Write the summary to
/tmp/review-summary.mdusing the Write tool - Append
\n\n<!-- bitwarden-code-review -->at the end of the file content - Do NOT use
mcp__github_comment__update_claude_comment - Do NOT use
gh pr commentorgh api
The workflow post-step will read this file and update the placeholder comment automatically.
GitHub Actions (Tag Mode)
Use mcp__github_comment__update_claude_comment to update the sticky comment with the summary.
Local
Write summary to review-summary.md in working directory.