nsheaps/pr-workflow
plugins/scm-utils/skills/pr-workflow/SKILL.md
Full PR lifecycle management: creating, iterating on feedback, and merging. Triggers on: "review my PR", "iterate on PR feedback", "address review comments", "PR workflow", "get this merged", "respond to reviewer", "handle PR feedback".
$ install --global
skillsauthnpx skillsauth add nsheaps/ai-mktpl pr-workflowInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 4:14 PM32.4s1 file scanned
SKILL.md
- name:
- pr-workflow
- description:
- >
- Full PR lifecycle management:
- creating, iterating on feedback, and merging.
- Triggers on:
- review my PR", "iterate on PR feedback", "address review comments",
- allowed-tools:
- Bash, Read, Grep, Glob
PR Workflow
End-to-end PR lifecycle from creation to merge. See also: request-a-review, pr-feedback.
1. Create
- Open as draft PR, assign handler, add
request-reviewlabel for CI review bot - See
request-a-reviewskill for PR body format andgh apicommands
2. Review Arrives
- Read all feedback threads before doing anything
- Understand the full scope of requested changes before responding
3. Respond to Threads First
Before making any code changes, reply to each reviewer thread:
- Acknowledge what you'll fix, OR
- Explain (politely) why you disagree
NEVER re-request review without responding to all open threads first.
gh api repos/<owner>/<repo>/pulls/<PR>/reviews \
--hostname github.com \
--method POST \
--field body="Addressed in latest commit. [details]" \
--field event="COMMENT"
Use gh pr review --comment for formal reviews; use inline replies for specific thread responses.
4. Fix
- Work in a worktree:
~/src/nsheaps/{repo}.worktrees/{branch}/ - Commit normally — NO rebase, NO force push on pushed branches
- Merge main in if behind:
git merge origin/main - Always review the diff of sub-agent changes before reporting the PR as fixed
5. Re-Request Review
After responding to all threads AND pushing fixes:
gh pr edit <PR_NUMBER> --add-label "request-review"
Minimize stale review comments where applicable.
6. Approved
- Report approval to handler with PR link and CI status
- Include links to CI run and specific log lines if discussing failures
- NEVER merge without explicit handler approval
- If you ask "should I merge?", WAIT for the answer before doing anything
7. Merge
Only after handler explicitly says yes:
gh pr merge <PR_NUMBER> --squash --delete-branch --hostname github.com
Rules
| Rule | Detail | | ------------------------------------------ | ---------------------------------------------------------- | | No rebase on pushed branches | Merge main instead | | No force push | Add commits on top | | Always respond before re-requesting review | Non-negotiable | | Never merge without handler approval | STRIKE ONE — asking then acting before answer is worse | | Review sub-agent diffs | Before reporting PR as fixed |
Related Skills
nsheaps/claude-code
tools
VerifiedTrustedCommunity
Reference material for Claude Code internals — the on-disk layout under ~/.claude and project-scope .claude, the plugin cache, session-env propagation, and the full hook lifecycle. Auto-recall when working on Claude-Code-related tasks: writing or debugging hooks, authoring plugins, inspecting session state, troubleshooting why an env var is or isn't visible to a Bash tool call, or when paths under ~/.claude or ~/.claude/plugins/ come up.
3SKILL.mdUpdated May 6, 2026
nsheaps/github-app-token
development
VerifiedTrustedCommunity
Manage GitHub App installation tokens in Claude Code sessions. Use when tokens expire, auth errors occur in long-running sessions, or when setting up GitHub App credentials for agent teams. <example>my github token expired</example> <example>refresh the github app token</example> <example>check token status</example> <example>set up github app authentication for this session</example>
3SKILL.mdUpdated Apr 22, 2026
nsheaps/auto-config
tools
VerifiedTrustedCommunity
Auto-detect project formatting tools and configure edit-utils settings
3SKILL.mdUpdated Apr 22, 2026
nsheaps/op
tools
VerifiedTrustedCommunity
Use this skill when the user asks about 1Password, secrets management, retrieving credentials, using op CLI, service accounts, secret references, vault operations, or any task involving the 1Password CLI (op). Also use when needing to inject secrets into environment variables, read passwords or API keys from 1Password, or manage 1Password items from the command line.
3SKILL.mdUpdated Apr 22, 2026