Skip to main content

PR Review Dashboard

@bonsai/pr-review-dashboard is a single-user local web app for reviewing GitHub pull requests. It runs Claude and Codex headless against a PR diff, merges their findings into a deduplicated draft-comment list, anchors comments inline on the diff, generates a no-context PR summary with important-code annotations, and posts only the comments you approve.

The dashboard is designed for local use against your own checked-out PR worktree. Nothing is posted to GitHub until you confirm in the UI.

V1 Scope

Included:

  • PR ingestion through gh pr view and gh pr diff.
  • Whole-PR Claude and Codex review lanes.
  • Finding validation, merge, dedupe, severity sorting, and claude/codex/both source badges.
  • Inline draft triage with edit, accept, and reject states.
  • One GitHub Review payload containing accepted comments and an optional verdict.
  • A progress panel with per-file status, elapsed timers, raw model output, draft counts, and SSE heartbeat.
  • No-context PR summary and important-code annotations.
  • analyze-comments, a companion CLI that builds a team review framework from historical PR comments.

Deferred:

  • The async code-selection Q&A sidecar.

Install and Launch

cd apps/pr-review-dashboard
bun install
bun run build
bun link

Launch from the worktree of the PR:

cd /path/to/pr-worktree
pr-review-dashboard .

Or pass the worktree explicitly:

pr-review-dashboard /path/to/pr-worktree

Open:

http://localhost:4178

If the worktree is Bonsai-managed, bonsai open can open the configured URL.

Runtime Requirements

  • Authenticated GitHub CLI (gh) in the selected worktree.
  • Claude Code CLI authenticated for the Claude-labeled review and summary lanes.
  • Codex CLI authenticated for the Codex-labeled review lane.
  • A built dist/ directory for the SPA served by the Bun server.

The review lanes use local CLI auth so subscription-backed sessions can be used. The server removes ANTHROPIC_API_KEY from Claude child processes and OPENAI_API_KEY from Codex child processes to avoid accidentally switching to API-key billing when subscription auth is intended.

Dashboard Flow

  1. POST /api/session detects the PR, captures title/body, head SHA, and unified diff.
  2. The server parses the diff into anchor maps for both RIGHT/new and LEFT/old lines.
  3. GET /api/session/:id/stream streams per-file progress over SSE.
  4. Oversized files are skipped for model review but still rendered.
  5. Claude and Codex review the whole PR independently.
  6. The server validates JSON, merges findings, resolves anchors, and streams merged buckets to the client.
  7. You edit, accept, or reject drafts in the UI.
  8. POST /api/session/:id/post submits one GitHub Review through gh api.

Model crashes or timeouts are treated as failed lanes; surviving findings still flow and the session converges.

Commands

pr-review-dashboard [worktree]

Arguments:

  • worktree: path to the PR worktree. Defaults to the current directory.

Options:

  • -h, --help: show usage.

Development commands:

bun run dev
bun run dev:server
bun run dev:web
bun run test
bun run typecheck
bun run build

Environment

VariablePurpose
PR_REVIEW_PORTServer port. Default: 4178.
PR_REVIEW_CLAUDE_MODELClaude Code model or alias. Default: sonnet.
PR_REVIEW_CODEX_MODELOptional Codex CLI model override.
PR_REVIEW_MODEL_TIMEOUT_MSPer-model review timeout. Default: 30 minutes.
PR_REVIEW_MAX_CONCURRENT_REVIEWSWhole-PR sessions allowed at once. Default: 4.

analyze-comments

The companion analyze-comments command harvests PR review comments across a GitHub repository and synthesizes a Markdown team review framework. It is useful for reviewer onboarding, living review standards, and prompt context.

bun run analyze-comments
bun run analyze-comments --repo owner/repo --since 2025-01-01 --out ./comment-insights

Options:

--repo <owner/repo>   Repository to analyze. Defaults to current directory's repo.
--out <dir>           Output directory. Default: ./comment-insights.
--since <ISO date>    Only include comments created on or after this date.
--include-bots        Include bot comments.
--model <name>        Claude model alias. Default: PR_REVIEW_CLAUDE_MODEL or sonnet.
--limit <n>           Max comments sent to the model. Default: 800.
-h, --help            Show help.

Outputs:

comment-insights/team-review-framework.md
comment-insights/harvested-comments.json

Requires authenticated gh and the Claude CLI.

Optional Vercel Frontend Gate

The SPA can be deployed to Vercel behind a Better Auth GitHub sign-in gate. This deploys the frontend and auth gate only. The review backend that spawns gh, Claude, Codex, and local worktree operations still runs on your machine.

Setup requirements:

  • Postgres connection string in DATABASE_URL.
  • GitHub OAuth app with callback https://<your-app>.vercel.app/api/auth/callback/github.
  • BETTER_AUTH_SECRET, BETTER_AUTH_URL, GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, and DATABASE_URL in Vercel.
  • Auth tables created once with bunx @better-auth/cli migrate.

Limits

  • Session state is in memory; a server restart drops in-flight triage.
  • Files with patches larger than 256 KB are skipped for model review.
  • Findings that cannot resolve to a side-specific line degrade to file-level comments instead of being dropped.
  • Posting is idempotent per session. A second submit returns 409.
  • The default verdict is COMMENT.

Verification

Offline coverage includes parser, anchor maps, merge/dedupe, payload golden tests, GitHub adapter tests, review/summary adapters, partial-failure behavior, and post idempotency.

bun test
bun run typecheck
bun run build

A live smoke test still requires opening the app on a real PR, triaging findings, and posting a review.