Automate Code Reviews with Claude API and GitHub Actions

Automate Code Reviews with Claude API and GitHub Actions in TypeScript

This system utilizes the Claude API and GitHub Actions to perform automated pull request reviews on every code change. By leveraging prompt caching, teams can reduce review costs to approximately $0.0015 per run while catching critical security and logic errors.

Why This Matters

Engineering bottlenecks arise when senior contributors spend excessive time on trivial PR feedback, such as style violations or basic syntax errors. Automating these checks via Claude API transforms the review process into a high-signal activity where AI handles the first pass of security and correctness verification. This approach moves beyond simple linting by identifying complex logical issues like race conditions and N+1 database queries. By utilizing prompt caching for style guides, teams achieve a cost-efficient middle ground between static analysis and human oversight, costing less than a dollar per month for active teams.

Key Insights

• Prompt caching on Claude API reduces input costs by 90% for subsequent PR reviews (Anthropic, 2026)
• Severity-rated findings (CRITICAL to INFO) allow for automated merge blocking in CI/CD pipelines
• Octokit REST API is used to manage PR comments and minimize notification noise by updating existing bot comments
• Structured JSON output enforcement ensures LLM feedback can be parsed into actionable GitHub check annotations
• Context management via diff truncation (100KB limit) prevents token overflow while maintaining review quality

Working Examples

Core review logic using Claude Sonnet with prompt caching for efficiency.

async function reviewWithClaude(diff: string): Promise<ReviewResult> {
  const client = new Anthropic();
  const response = await client.messages.create({
    model: "claude-sonnet-4-6",
    max_tokens: 4096,
    system: [
      {
        type: "text",
        text: REVIEW_RULES,
        cache_control: { type: "ephemeral" },
      },
    ],
    messages: [
      {
        role: "user",
        content: `Review this pull request diff:\n\n\`\`\`diff\n${diff}\n\`\`\`\n\nReturn only valid JSON.`,
      },
    ],
  });
  const text = response.content[0].type === "text" ? response.content[0].text : "{}";
  const cleaned = text.replace(/^```json?\n?/, "").replace(/\n?```$/, "").trim();
  return JSON.parse(cleaned) as ReviewResult;
}

GitHub Actions workflow configuration for triggering the AI review.

# .github/workflows/claude-review.yml
name: Claude Code Review
on:
  pull_request:
    types: [opened, synchronize, reopened]
    paths:
      - "src/**"
      - "*.ts"
jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: "20"
      - name: Run Claude Review
        uses: ./.github/actions/claude-review
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}

Practical Applications

• Use case: Development teams use Claude to flag unparameterized SQL queries in Node.js applications to prevent injections. Pitfall: Truncating diffs over 100KB may cause the model to miss context in extremely large PRs.
• Use case: Automated style enforcement where functions over 50 lines are flagged for refactoring. Pitfall: Failing to parse malformed JSON from the LLM can result in silent review failures without robust error handling.
• Use case: Automated security scanning for hardcoded secrets and API keys before human review. Pitfall: Over-reliance on AI may lead to ‘automation bias’ where human reviewers miss architectural flaws not covered by the prompt rules.

References:

• https://dev.to/whoffagents/automate-code-reviews-with-claude-api-and-github-actions-in-typescript-4j2e
• https://whoffagents.com
• https://github.com/Wh0FF24/whoff-automation