--- id: wiki-2026-0508-modern-review-workflow title: Modern Review Workflow category: 10_Wiki/Topics status: verified canonical_id: self aliases: [AI Code Review, PR Review 2026, Augmented Review] duplicate_of: none source_trust_level: A confidence_score: 0.9 verification_status: applied tags: [code-review, ci-cd, ai-augmented, pr-workflow] raw_sources: [] last_reinforced: 2026-05-10 github_commit: pending tech_stack: language: typescript framework: github-actions --- # Modern Review Workflow ## 매 한 줄 > **"매 review = human judgment + AI scaffolding"**. 2026년 PR review 매 single-reviewer linting → multi-agent triage 의 진화. Claude Opus 4.7 / Codex 가 매 first-pass (style, security, regression) 를 처리, human 의 매 architectural / product 판단에 집중. ## 매 핵심 ### 매 단계 - **Pre-PR**: 매 author-side `claude review` local 의 self-check. - **CI gate**: 매 automated agent 의 매 diff scan — security, perf, test coverage. - **Human review**: 매 design intent / API contract / UX trade-off 의 deep dive. - **Post-merge**: 매 deploy preview + canary metrics 의 watch. ### 매 agent layer - **Linter agent**: style, type, dead code. - **Security agent**: secret scan, OWASP, dependency CVE. - **Test agent**: coverage delta, flaky detect, mutation score. - **Review agent**: 매 prose summary + risk flag (Claude Opus 4.7). ### 매 응용 1. Solo dev: 매 CI agent 만 = 매 reviewer 효과. 2. 팀 (10+): tiered — agent gate → senior architect. 3. OSS: 매 maintainer triage 의 cost 감소. ## 💻 패턴 ### GitHub Actions: Claude review hook ```yaml name: ai-review on: pull_request: types: [opened, synchronize] jobs: review: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: { fetch-depth: 0 } - uses: anthropics/claude-code-action@v1 with: api-key: ${{ secrets.ANTHROPIC_API_KEY }} model: claude-opus-4-7 mode: review target-base: ${{ github.base_ref }} comment-style: inline ``` ### Inline comment poster ```typescript import Anthropic from "@anthropic-ai/sdk"; import { Octokit } from "@octokit/rest"; const a = new Anthropic(); const gh = new Octokit({ auth: process.env.GH_TOKEN }); export async function reviewDiff(owner: string, repo: string, pr: number) { const { data: files } = await gh.pulls.listFiles({ owner, repo, pull_number: pr }); const diff = files.map((f) => `### ${f.filename}\n${f.patch ?? ""}`).join("\n\n"); const res = await a.messages.create({ model: "claude-opus-4-7", max_tokens: 4096, system: "You are a senior reviewer. Output JSON: {comments: [{path, line, body, severity}]}.", messages: [{ role: "user", content: diff }], }); const { comments } = JSON.parse((res.content[0] as any).text); for (const c of comments) { await gh.pulls.createReviewComment({ owner, repo, pull_number: pr, ...c, commit_id: process.env.HEAD_SHA!, }); } } ``` ### Local pre-PR self-check ```bash # .git/hooks/pre-push #!/usr/bin/env bash set -e git diff origin/main...HEAD | claude -p "Review this diff. Flag bugs, security, perf only. No style." --model claude-opus-4-7 ``` ### Risk-tiered routing ```typescript type Risk = "low" | "medium" | "high"; function classify(diff: string): Risk { if (/migrations\/|schema\./.test(diff)) return "high"; if (/auth|payment|crypto/i.test(diff)) return "high"; if (diff.split("\n").length > 500) return "medium"; return "low"; } function reviewers(r: Risk): string[] { return { low: ["ai-bot"], medium: ["ai-bot", "@team-lead"], high: ["ai-bot", "@security", "@architect"], }[r]; } ``` ### Mutation-test gate ```yaml - name: stryker run: npx stryker run --threshold.break 70 ``` ### Coverage delta comment ```typescript const before = await coverage("main"); const after = await coverage("HEAD"); const delta = after.lines - before.lines; if (delta < -1) await gh.issues.createComment({ ...ctx, body: `⚠️ Coverage dropped ${delta.toFixed(1)}%`, }); ``` ### Auto-merge on green + AI ack ```yaml - if: ${{ steps.ai-review.outputs.severity == 'none' && steps.tests.outcome == 'success' }} run: gh pr merge ${{ github.event.pull_request.number }} --squash --auto ``` ## 매 결정 기준 | 상황 | Approach | |---|---| | Solo / OSS | AI agent only, human spot-check | | Small team | AI gate + 1 human (rotating) | | Regulated (fin/health) | AI + 2 humans + audit log | | Hot path / migrations | Mandatory architect review | **기본값**: AI first-pass + 1 human reviewer + risk-tiered escalation. ## 🔗 Graph - 부모: [[CI-CD]] - 변형: [[Pair-Programming]] · [[Mob-Programming]] - 응용: [[Trunk-Based-Development]] - Adjacent: [[Static-Analysis]] · [[Mutation-Testing]] ## 🤖 LLM 활용 **언제**: 매 diff scan, security triage, coverage summary, prose explanation 의 PR description. **언제 X**: 매 architectural decision, API contract negotiation, domain-specific business rule — human 의 judgment. ## ❌ 안티패턴 - **AI rubber-stamp**: 매 agent approve = 매 human 의 skip. 매 critical path 의 review 누락. - **Comment flood**: agent 의 매 nitpick → noise. Severity threshold 의 setting. - **No risk tiering**: schema migration 매 typo fix 와 동급 review → bottleneck. - **Secrets in prompt**: diff 의 secret 의 leak. Pre-scan + redact. ## 🧪 검증 / 중복 - Verified (GitHub blog 2025, Anthropic Claude Code docs 2026, Google Eng Practices). - 신뢰도 A. ## 🕓 Changelog | 날짜 | 변경 | |---|---| | 2026-05-08 | Phase 1 | | 2026-05-10 | Manual cleanup — AI-augmented PR review workflow with Claude Opus 4.7 patterns |