pedronauck/fix-coderabbit-review
skills/mine/fix-coderabbit-review/SKILL.md
End-to-end remediation workflow for PR review feedback by PR number. Use when Codex must export CodeRabbit issues for a PR, fix every issue completely, commit all fixes in a single commit, and resolve GitHub review threads afterward. Don't use for general PR reviews unrelated to CodeRabbit, draft PRs without review threads, or merge-strategy decisions.
$ install --global
skillsauthnpx skillsauth add pedronauck/skills fix-coderabbit-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 26, 2026, 6:19 AM83.9s4 files scanned
SKILL.md
- name:
- fix-coderabbit-review
- description:
- End-to-end remediation workflow for PR review feedback by PR number. Use when Codex must export CodeRabbit issues for a PR, fix every issue completely, commit all fixes in a single commit, and resolve GitHub review threads afterward. Don't use for general PR reviews unrelated to CodeRabbit, draft PRs without review threads, or merge-strategy decisions.
- author:
- Pedro Nauck
- github:
- https://github.com/pedronauck
- repository:
- https://github.com/pedronauck/skills
Fix CodeRabbit Review
Execute PR review remediation in a strict sequence: export issues, fix all issues, commit once, resolve threads.
Core principle: evaluate each review item technically before changing code. Do not apply suggestions blindly.
Required Inputs
- PR number (integer).
GITHUB_TOKENin environment.ghauthenticated for the target repository.
Workflow
- Export review issues for the PR.
- Triage and validate every unresolved issue.
- Fix every validated issue completely.
- Commit all remediation changes together in one commit.
- Resolve review threads and mark exported issues resolved.
Run commands from repository root.
Step 1: Export CodeRabbit Issues
Use bundled exporter script:
PR_NUMBER=<pr-number>
uv run .claude/skills/fix-coderabbit-review/scripts/pr_review.py "$PR_NUMBER" --hide-resolved
Read generated files in:
ai-docs/reviews-pr-<PR_NUMBER>/_summary.mdai-docs/reviews-pr-<PR_NUMBER>/issues/*.md
If _summary.md shows unresolved issues, continue until all are addressed in code.
Step 2: Triage and Validate Issues
Review each unresolved issue file before implementation.
For each issue:
- Restate the concrete technical change required.
- Verify against current codebase behavior and tests.
- Decide one of:
VALID: suggestion is correct and should be implemented.INVALID: suggestion is incorrect or not actionable for this codebase.
Rules:
- If an issue is ambiguous, treat it as
INVALID, document rationale and assumptions in the issue file, and continue execution. - If an issue is
INVALID, document technical rationale directly in the issue file and do not force a bad change. - Prefer technical evidence over agreement language.
Step 3: Fix Issues Completely
Process all unresolved issue files under ai-docs/reviews-pr-<PR_NUMBER>/issues/.
- Implement production-quality fixes in source code.
- Add or update tests so each fix is verified.
- Execute fixes one issue at a time and validate each before moving to the next.
- Do not leave partial fixes.
- Do not skip issues unless they are invalid; for invalid issues, keep rationale in the issue file.
After finishing all issue fixes, run full verification before commit:
pnpm run lint
pnpm run typecheck
pnpm run test
Step 4: Commit All Fixes Together
Create exactly one remediation commit containing all related code, test, and issue-tracking changes.
git add -A
git commit -m "fix(repo): resolve PR #<PR_NUMBER> review issues"
Do not split fixes across multiple commits.
Step 5: Resolve Review Threads
After the single commit is created, resolve exported issue threads.
Determine the issue range from issue files (example: 001 to 018) and run:
uv run .claude/skills/fix-coderabbit-review/scripts/resolve_pr_issues.py \
--pr-dir ai-docs/reviews-pr-<PR_NUMBER> \
--from <first-issue-number> \
--to <last-issue-number>
Re-open ai-docs/reviews-pr-<PR_NUMBER>/_summary.md and confirm unresolved count is 0.
If thread resolution fails for specific IDs, keep those issues marked unresolved and report exact failures instead of claiming completion.
Output Contract
Deliver:
- One commit containing all remediation changes.
- Per-issue technical disposition (
VALIDorINVALID) recorded during triage. - Updated
ai-docs/reviews-pr-<PR_NUMBER>/issues/*.mdstatuses. - Updated
ai-docs/reviews-pr-<PR_NUMBER>/_summary.mdcounts/checklist. - Resolved review threads for addressed issues.
Related Skills
pedronauck/qa-report
tools
VerifiedTrustedCommunity
Plans real-user QA deliverables: personas, journey maps, exploratory charters, persona/journey/tour/CFR test cases, regression suites, Figma validation checks, automation intent, and user-impact bug reports. Writes artifacts under <qa-output-path>/qa/ for qa-execution to consume. Use when planning QA before execution, documenting journey-driven test strategy, marking flows that need E2E follow-up, or filing structured bug reports. Do not use for live execution, AI implementation audits, CI gate ownership, or technical integration/security/performance suites; use qa-execution or agent-output-audit instead.
374SKILL.mdUpdated May 26, 2026
pedronauck/qa-execution
development
VerifiedTrustedCommunity
Executes real-user QA sessions through public interfaces using personas, journeys, exploratory charters, test tours, edge-case probes, CFR checks, and browser evidence. Reads qa-report artifacts from <qa-output-path>/qa/ when present, captures issues/screenshots/reports under the same output tree, and classifies bugs by user impact. Use when validating a release candidate, migration, refactor, or user-facing change against production-like behavior. Do not use for AI implementation audits, task-status reconciliation, CI gate runs, integration/security/performance templates, or flaky-test triage; use agent-output-audit for those.
374SKILL.mdUpdated May 26, 2026
pedronauck/outside-to-issue
development
VerifiedTrustedCommunity
Transform outside-of-diff review files into properly formatted issue files for a given PR. Use when converting review files from ai-docs/reviews-pr-<PR>/outside/ into issue format in ai-docs/reviews-pr-<PR>/issues/. Automatically determines starting issue number and preserves all metadata (file path, date, status) from original review files. Don't use for inline-diff review files, non-PR review artifacts, or creating GitHub issues directly.
374SKILL.mdUpdated May 26, 2026
pedronauck/no-workarounds
development
VerifiedTrustedCommunity
Enforce root-cause fixes over workarounds, hacks, and symptom patches in all software engineering tasks. Use when debugging issues, fixing bugs, resolving test failures, planning solutions, making architectural decisions, or reviewing code changes. Activates gate functions that detect and reject common workaround patterns such as type assertions, lint suppressions, error swallowing, timing hacks, and monkey patches. Don't use for trivial formatting changes or documentation-only edits.
374SKILL.mdUpdated May 26, 2026