Claude marks everything NEEDS A HUMAN

Your standard is too vague to act on. Replace 'good code' with concrete triggers: 'flag any new endpoint without an auth check', 'flag any DB write without a transaction'. Specific rules produce confident verdicts.

Reviews miss bugs that are obvious to you

Claude only read the diff. Add to the prompt: 'read the full changed files and their direct imports, not just the diff lines.' Most missed bugs live in the unchanged code the diff interacts with.

It tries to review 200-file PRs and stalls

Scope it: 'for any PR over 40 files, don't review it — just mark NEEDS A HUMAN and list the riskiest 3 files.' Huge PRs are a process problem, not a review problem.

GitHub MCP can't post comments, only read

The personal access token is read-only. Regenerate it with the pull request write scope (see the GitHub MCP page) or keep step 4 as draft-only and paste manually.

How long does it take to automated pr review queue with claude + github mcp?

About 20 minutes (10 to set up the first time, 10 per backlog sweep after). Difficulty: intermediate.

What do I need for this?

GitHub. Turn them on in Claude or ChatGPT, then run the prompts — no code.

Do I need to know how to code?

No. Turn the connectors on in your AI's settings and paste the prompts in plain words.

Recipe

Automated PR review queue with Claude + GitHub MCP

Clear a backlog of open pull requests in one pass — Claude reviews each one to your standards and tells you which ones are safe to merge.

20 minutes (10 to set up the first time, 10 per backlog sweep after) intermediate 2 connectors for Developers who don't want to context-switch between editor and GitHub for every diff

What you'll need

GitHub Lists open PRs, reads each diff plus the surrounding files, and posts the review back.

Required

Memory Stores your review standards once so every PR is judged against the same bar.

Optional

Do this, in order

1
Teach Claude your review bar once

Here is what I care about in a code review, in priority order: 1) security and auth changes, 2) anything touching money or user data, 3) missing tests on new logic, 4) breaking API changes, 5) style only if it hurts readability. Remember this as 'my review standard'.

You'll get: Claude confirms it saved the standard (needs Memory MCP). Without Memory MCP, paste this at the top of each sweep instead.
2
Pull the queue

List all open PRs in your-org/your-repo that are not drafts and not mine. For each, give me title, author, files changed, and how long it's been open.

You'll get: A table of open PRs. This is the backlog you're about to clear.
3
Review the whole queue against the standard

Review each PR in that list against 'my review standard'. For each, give a verdict — SAFE TO MERGE / NEEDS CHANGES / NEEDS A HUMAN — the top risk in one sentence, and the file:line it's on. Don't review style unless it blocks readability.

You'll get: One verdict block per PR. SAFE TO MERGE means nothing in your priority list is at risk; NEEDS A HUMAN means Claude isn't confident and you should look yourself.
4
Post the reviews you approve

For the PRs marked NEEDS CHANGES, draft a review comment in my voice — direct, specific, no hedging — and show it to me before posting. Post only the ones I approve.

You'll get: Draft comments you read and approve one by one. Claude posts approved comments to GitHub; you never auto-post unreviewed.

You're done when

A backlog of open PRs goes from 'I'll get to it' to a triaged list in 10 minutes: which are safe to merge, which need changes (with the comment already written), and which need your own eyes. The mechanical 80% is done; you spend your judgment on the 20% that needs it.

Why this workflow exists

There’s a single-PR version of this — paste a PR, get a review. This is the other one: you have a queue. Six PRs sat over the weekend, three of them are one-liners, one is scary, and you don’t know which is which until you’ve opened all six. The cost isn’t reviewing the scary one. It’s the opening, scanning, and context-loading on the five that didn’t need you.

This workflow front-loads the triage. Claude reads the whole queue against a bar you set once, and hands you a sorted list: merge these, fix these (comment written), look at these yourself. You stop paying the open-and-scan cost on PRs that were always going to be fine.

The first run takes ~20 minutes because you’re installing the server and writing your review standard. Every sweep after that is ~10 minutes for a full backlog.

Install in 10 minutes

You need GitHub MCP. Memory MCP is optional but it’s what makes “my review standard” persist across sweeps instead of being re-pasted every time.

1. Install GitHub MCP

claude mcp add github -- npx -y @modelcontextprotocol/server-github

Set GITHUB_PERSONAL_ACCESS_TOKEN in the env block. To post review comments in step 4, the token needs pull request write scope, not just read. The exact scopes and the maintained command are on the GitHub MCP page. Verify with /mcp in Claude Code.

2. (Optional) Install Memory MCP

claude mcp add memory -- npx -y @modelcontextprotocol/server-memory

No env vars. This stores your review standard so step 1 only happens once, ever.

The first run

Run prompt 1 to set your standard — be specific, vague standards produce useless “NEEDS A HUMAN” on everything. Pull the queue with prompt 2. Run the sweep with prompt 3 and read the verdicts.

The first sweep is where you calibrate. If a verdict is wrong, tell Claude exactly why (“this was SAFE TO MERGE but it adds an unauthenticated route”) and, with Memory MCP, that correction sticks. By the third sweep the bar matches your own.

Step 4 is deliberately gated: Claude drafts comments, you approve, only approved comments post. Nothing reaches GitHub without you reading it.

What success looks like

You ran one sweep. You got: three SAFE TO MERGE you merged immediately, two NEEDS CHANGES with the comment already written in your voice, one NEEDS A HUMAN you opened and handled. Ten minutes, full backlog, and your attention only went where judgment was actually required.

Going further

On a schedule. Run the sweep every morning as the first thing — the queue never builds past a day.
Risk-only mode. For a fast pass: “only show me PRs where the verdict is NEEDS CHANGES or NEEDS A HUMAN — hide the safe ones entirely.”
Pair with the single-PR recipe. Use this queue sweep for triage, then the single-PR review for a deep read on the one PR that scared you.

GitHub MCP — reads the queue and posts reviews
Memory MCP — persists your review standard
PR review with GitHub MCP — the deep single-PR version

If something breaks

Claude marks everything NEEDS A HUMAN: Fix: Your standard is too vague to act on. Replace 'good code' with concrete triggers: 'flag any new endpoint without an auth check', 'flag any DB write without a transaction'. Specific rules produce confident verdicts.
Reviews miss bugs that are obvious to you: Fix: Claude only read the diff. Add to the prompt: 'read the full changed files and their direct imports, not just the diff lines.' Most missed bugs live in the unchanged code the diff interacts with.
It tries to review 200-file PRs and stalls: Fix: Scope it: 'for any PR over 40 files, don't review it — just mark NEEDS A HUMAN and list the riskiest 3 files.' Huge PRs are a process problem, not a review problem.
GitHub MCP can't post comments, only read: Fix: The personal access token is read-only. Regenerate it with the pull request write scope (see the GitHub MCP page) or keep step 4 as draft-only and paste manually.

People ask their AI

“review pull requests automatically”“review all open PRs in my repo”“clear my PR review backlog”

GitHub Memory pr review with github mcp