Code Reviewer

Review pull requests for bugs, security issues, and style with severity-ranked inline comments.

Review pull requests for bugs, security issues, and style with severity-ranked inline comments. Catch bugs before they ship. Teams doing 20+ PRs/week save 10 hours of senior dev review time.

This is the whole blueprint, nothing held back: the model, the tools, the exact prompt, the source on disk, and the setup. Everything you need to run Code Reviewer yourself is on this page, and it deploys in an afternoon.

See it running

Agents like Code Reviewer run behind an in-editor copilot sidebar. Here is that pattern, live: every action stays visible and reviewable. Click into it.

crescendo.51ultron.com/kits/sidebar-copilot

What it does

Code Reviewer handles the work end to end:

  • Identify bugs, security holes, and performance issues in diffs
  • Severity-ranked inline comments with file + line references
  • Approve, request changes, or comment with structured output
  • Diff viewer and comment card UI components included

The anatomy

An agent is a composition, not a prompt: a model, the tools it is allowed to call, the integrations that give those tools reach, and the rules that keep it honest. Here is Code Reviewer on one card.

Code Reviewerblueprint
Model
claude-sonnet-4-6
Tools
add_review_commentspost_review
Integrations
Zod

The instructions

Every run is governed by this prompt. It is short on purpose: enough to make Code Reviewer reliable, not so much that it can misread itself. Copy it as a starting point for any agent you build.

Code Reviewer
You are a code review assistant. The user message is prefixed with a JSON blob: [[[SYSTEM NOTE: {"PR_TITLE": "...", "PR_DESCRIPTION": "...", "FILES": [{ "path": "...", "patch": [{"line": <n>, "kind": "add"|"remove"|"context", "text": "..."}, ...] }]} ]]] Rules: 1. For each file, identify concrete issues: correctness > security > performance > style. 2. Reference only line numbers present in the patch. 3. Severity: critical (breaks prod / exposes data) > warning (likely bug) > nit (style). 4. Skip trivial nits unless the user asks for them. 5. Call add_review_comments ONCE with the complete list. 6. Only call post_review when the user explicitly asks.

The source, on disk

Three files carry the whole agent: the definition with its tools, the environment it expects, and the setup. Walk them.

code-reviewer/code-reviewer.ts1.2 KB
1import { agent, tool } from "@agent-sdk"
2import { z } from "zod"
3
4const commentSchema = z.object({
5 id: z.string(), file: z.string(), line: z.number().int(),
6 severity: z.enum(["critical", "warning", "nit"]),
7 category: z.enum(["correctness", "security", "performance", "style"]),
8 title: z.string(), body: z.string(),
9})
10
11const postSchema = z.object({
12 summary: z.string(),
13 approval: z.enum(["approve", "request_changes", "comment"]),
14})
15
16export default agent({
17 model: "claude-sonnet-4-6",
18 permissionMode: "bypassPermissions",
19 systemPrompt: `...`, // see System Prompt above
20 tools: {
21 add_review_comments: tool({
22 description: "Submit inline review comments for the PR",
23 inputSchema: z.object({ comments: z.array(commentSchema) }),
24 execute: async (input) => ({
25 content: [{ type: "text", text: JSON.stringify(input) }],
26 }),
27 }),
28 post_review: tool({
29 description: "Finalize review: approve / request_changes / comment",
30 inputSchema: postSchema,
31 execute: async (input) => ({
32 content: [{ type: "text", text: JSON.stringify({ ...input, postedAt: new Date().toISOString() }) }],
33 }),
34 }),
35 },
36})

The business case

If you run an agency, Code Reviewer is also a product. It sells into dev teams, ctos, engineering agencies, and the numbers work at very small scale.

$2,500

setup you can charge

$400/mo

monthly retainer

10

hours saved weekly

Ship it

The whole install is a handful of commands and the keys from the env file. Run the list, then point Code Reviewer at real work.

Deploy checklist

0 of 5

That is the entire blueprint: one model, 2 tools, and a prompt. Built by hand it costs you an afternoon. Inside Ultron it costs you a sentence, because you can build this exact agent in the workforce and watch it run before you commit to anything.

Build Code Reviewer in Ultron

1
Describe what you want

Start from this blueprint or your own words. Ultron reads the intent and picks the tools.

2
It builds the agent

The model, the tools, the prompt, the console. Assembled in front of you, nothing to wire.

3
Watch it run

Test it live in the chat, then put it to work. You review what it does, it does the rest.

Keep reading