GitHub PR Review Agent
This guide shows you how to build a fully automated PR review agent using webhooks and MCP.
Architecture
GitHub PR → Webhook → Mona → Review → GitHub Comment
Step 1: Set up the GitHub MCP server
# ~/.monoclaw/config.yaml
mcp_servers:
github:
command: npx
args: ["-y", "@modelcontextprotocol/server-github"]
env:
GITHUB_PERSONAL_ACCESS_TOKEN: "ghp_xxx"
tool_filter:
include:
- "get_pull_request"
- "get_pull_request_files"
- "create_pull_request_review"
- "get_file_contents"
Generate a GitHub token with repo scope at github.com/settings/tokens.
Step 2: Create the webhook subscription
monoclaw webhook subscribe pr-review \
--events "pull_request" \
--prompt "Review PR #{pull_request.number}: {pull_request.title} by {pull_request.user.login}.
1. Get the PR details and changed files
2. Read each changed file (up to 10 files)
3. Check for:
- Security issues (SQL injection, XSS, secrets)
- Code quality (complexity, duplication, tests)
- Documentation (README updates, comments)
- Breaking changes
4. Create a review with:
- Overall summary
- File-level comments for issues
- Approval or request changes
Be constructive and specific." \
--skills "github-code-review" \
--deliver github_comment
Step 3: Configure GitHub webhook
- Go to your repository → Settings → Webhooks
- Add webhook:
- Payload URL:
https://your-domain.com/webhooks/github - Content type:
application/json - Secret: Your webhook secret
- Events: Pull requests
- Payload URL:
Step 4: Test
Create a test PR. Mona should:
- Receive the webhook
- Fetch the PR and files
- Analyze the code
- Post a review comment
Enhancing the reviewer
Add custom rules
Create a skill for your team's standards:
cat > ~/.monoclaw/skills/pr-rules/SKILL.md << 'EOF'
---
title: PR Review Rules
description: Team-specific PR review criteria.
triggers: ["pull request", "PR", "review"]
---
## Security checklist
- [ ] No hardcoded secrets
- [ ] Input validation on all endpoints
- [ ] Proper auth checks
## Code quality
- [ ] Functions under 50 lines
- [ ] Tests for new features
- [ ] Error handling for all async operations
## Style
- [ ] TypeScript strict mode compliance
- [ ] No console.log in production code
EOF
Update the webhook:
monoclaw webhook edit pr-review --skills "github-code-review,pr-rules"
Filter by branch
Only review PRs to main:
monoclaw webhook edit pr-review \
--filter "pull_request.base.ref == 'main'"
Add reviewers
Ping specific people for certain files:
monoclaw webhook edit pr-review \
--prompt "...additional instructions: If auth files are changed, suggest @security-team review."
Limiting scope
Prevent runaway reviews:
webhooks:
pr-review:
max_files: 10
max_lines: 500
skip_drafts: true
Monitoring
Check review activity:
monoclaw webhook logs pr-review
Full configuration example
mcp_servers:
github:
command: npx
args: ["-y", "@modelcontextprotocol/server-github"]
env:
GITHUB_PERSONAL_ACCESS_TOKEN: "${GITHUB_TOKEN}"
tool_filter:
include:
- "get_pull_request"
- "get_pull_request_files"
- "create_pull_request_review"
webhooks:
pr-review:
events: ["pull_request"]
filter: "pull_request.base.ref == 'main' && !pull_request.draft"
prompt: "Review this PR..."
skills: ["github-code-review"]
deliver: github_comment
Best practices
- Start in dry-run mode — Log reviews without posting until confident
- Tune the prompt — Adjust based on false positive rate
- Respect developers — Keep feedback constructive and actionable
- Monitor costs — Large PRs consume significant API tokens
- Handle edge cases — Binary files, generated code, vendor directories