Auto PR Review

Automatically review pull requests when they are opened.

Overview

Auto PR review gives you a consistent first-pass review before a human reviewer arrives. It works best when you already know what you want the agent to prioritize.

Auto review flow
01 Open event

PR Opens

A new pull request or merge request enters the review queue.

02 Analysis

Analyze Diff

Forkline inspects changed files, context, and likely risk areas.

03 Review policy

Apply Prompt

Your configured scope and custom prompt shape the review.

04 Output

Post Findings

Feedback lands as a comment or direct follow-up commit.

Auto review is best when you want a consistent first-pass review before human attention arrives.

Info: Auto PR review requires pull request or merge request opened events.

Enabling Auto PR Review

  1. Navigate to Repositories
  2. Find your repository
  3. Click Settings on the repository card
  4. Select the Automation tab
  5. Find Auto PR Review
  6. Set the mode to Enable
  7. Configure scope and action
  8. Click Save

Configuration Options

Scope

Choose which pull requests get automatic review:

ScopeReviews
Forkline-authored PRs onlyPRs created by @forkline-bot from automation flows
All PRsEvery PR in the repository

Tip: Start with Forkline-authored PRs only if you want signal without review noise.

Action

Choose how feedback is delivered:

ActionDescription
CommentPost a review comment with findings
CommitPush suggested changes directly to the PR branch

Custom Prompts

Define what the AI should focus on during reviews.

Security-Focused Review

Focus on security vulnerabilities:
- SQL injection risks
- XSS vulnerabilities
- Hardcoded secrets
- Authentication issues

Prioritize critical issues. Ignore style suggestions.

Performance Review

Check for performance issues:
- N+1 queries
- Memory leaks
- Unnecessary loops
- Missing caching

Focus on database queries and API endpoints.

Documentation Review

Check for documentation issues:
- Missing README sections
- Undocumented public APIs
- Unclear function comments

Ignore internal helpers and test files.

Payment Integration Example

This PR adds a new payment integration. Focus on:
1. Security: PCI compliance, no hardcoded credentials, proper encryption
2. Error handling: Network failures, timeouts, retries
3. Testing: Happy path, error cases, edge cases

Provide severity ratings (Critical/High/Medium/Low) for each finding.

Skip Conditions

Auto PR review is skipped when:

  • The PR is a draft
  • The PR has the no-auto-review label

Example Review

🔍 Auto PR Review

## Summary

This PR adds user authentication. Good implementation with a few suggestions.

## Findings

### Security
- ⚠️ Password is logged in debug mode (src/auth/login.ts:45)
- ✅ Using bcrypt for password hashing

### Performance
- 💡 Consider caching user sessions (src/auth/middleware.ts:23)

### Suggestions

1. Remove debug logging of sensitive data
2. Add rate limiting to login endpoint

---
*This is an automated review. Validate all suggestions before applying.*

Next Steps