GitHuman reviews AI-generated code changes before they are committed. It benefits developers and operations teams by ensuring code quality and adherence to standards. It integrates with GitHub and supports Claude AI agents.
git clone https://github.com/mcollina/githuman.gitGitHuman moves code review earlier in the workflow by letting you inspect staged changes before committing, rather than waiting for pull requests. It provides a GitHub-like web interface for reviewing diffs, adding inline comments with code suggestions, and creating todos for follow-up work. The tool supports human-in-the-loop agent handoffs via the `githuman ask` command, allowing AI agents to request human feedback and incorporate responses. Everything runs locally on your machine with no external data sharing, making it suitable for developers and ops teams working with AI coding agents like Claude, Copilot, and Cursor.
1. **Trigger the Skill:** Paste the prompt template into your AI agent (e.g., Claude) and replace placeholders like `[PR_NUMBER]` with your GitHub PR details. For automation, use a GitHub Action or webhook to send PR data to your AI agent. 2. **Customize Checks:** Specify your project’s style guide (e.g., `Google Go Style Guide`), critical files, or sensitive functions to focus the review. 3. **Review Output:** GitHuman will return a structured report with severity ratings, fixes, and a summary. Copy the suggested fixes into your PR comments or code. 4. **Iterate:** If the AI misses edge cases, refine the prompt with more context (e.g., `Check for race conditions in concurrent map access`). 5. **Integrate:** Use GitHub Actions to auto-trigger GitHuman on PRs. Example workflow: ```yaml - name: Review PR with GitHuman run: | gh pr view ${{ github.event.pull_request.number }} --json number,title,body > pr.json cat pr.json | ai-review --skill=githuman ``` *Tip:* For large PRs, split the review into chunks (e.g., by file) to avoid token limits.
Review staged changes from Claude or other AI agents before committing
Add inline comments and code suggestions to AI-generated code
Create todos and track follow-up work from code reviews
Implement human-in-the-loop workflows where agents request human feedback
No install command available. Check the GitHub repository for manual installation instructions.
git clone https://github.com/mcollina/githumanCopy the install command above and run it in your terminal.
Launch Claude Code, Cursor, or your preferred AI coding agent.
Use the prompt template or examples below to test the skill.
Adapt the skill to your specific use case and workflow.
Review the AI-generated code changes in the pull request [PR_NUMBER] for [REPOSITORY_NAME]. Check for: (1) adherence to [PROJECT_STYLE_GUIDE], (2) potential bugs or edge cases in [SPECIFIC_FILES_OR_MODULES], (3) performance implications in [CRITICAL_PATHS], and (4) security vulnerabilities in [SENSITIVE_FUNCTIONS]. Flag any issues with severity (High/Medium/Low) and suggest fixes. Include a summary for the developer with actionable next steps.
### GitHuman Code Review Report
**PR:** #42 | **Repository:** `acme-corp/web-app` | **Author:** @dev-alice
**Review Date:** 2024-05-15
#### 🔴 High Severity Issues (2)
1. **Memory Leak in `src/api/handlers/user.go` (Line 42-67)**
- **Issue:** The `fetchUserData` function allocates a new `[]byte` slice for each request but never releases it, causing a 15% memory spike under load.
- **Fix:** Replace with `sync.Pool` for byte slices or use `io.ReadAll` with a buffer.
- **Impact:** Could crash the service during traffic spikes (observed in staging).
2. **SQL Injection in `src/db/user_queries.go` (Line 89)**
- **Issue:** Direct string interpolation in `fmt.Sprintf("SELECT * FROM users WHERE id = %s", userID)` allows injection if `userID` is user-controlled.
- **Fix:** Use parameterized queries: `db.Query("SELECT * FROM users WHERE id = ?", userID)`.
- **Impact:** Critical security risk; exploit demonstrated in test environment.
#### 🟡 Medium Severity Issues (3)
1. **Race Condition in `src/cache/redis.go` (Line 112)**
- **Issue:** Concurrent writes to `cache.Set()` without locking may corrupt data.
- **Fix:** Add `sync.Mutex` or use Redis' `SET` with `NX` flag.
- **Impact:** Inconsistent cache reads; observed in 3% of requests.
2. **Missing Error Handling in `src/main.go` (Line 201)**
- **Issue:** `http.ListenAndServe()` errors are ignored, causing silent failures.
- **Fix:** Log errors and exit gracefully: `log.Fatal(http.ListenAndServe(...))`.
3. **Hardcoded API Key in `src/config/env.go`**
- **Issue:** `API_KEY = "sk-12345"` is committed to the repo.
- **Fix:** Use environment variables or a secrets manager.
#### ✅ Approved Changes (No Action Required)
- **`src/utils/logger.go`:** Added structured logging (consistent with team standards).
- **`src/models/user.go`:** Updated `User` struct to include `LastLoginAt` field (backward-compatible).
#### 📋 Summary for Developer
- **Critical:** Fix SQL injection and memory leak **before merging**. These are blocking issues.
- **High Priority:** Address race condition and error handling in the next sprint.
- **Low Priority:** Refactor hardcoded API key and add unit tests for `fetchUserData`.
**Next Steps:**
1. Push fixes to a new branch and request a re-review.
2. Verify fixes with `go test -race` and `docker-compose up --scale api=2`.
3. Update PR description with changes made.
---
*Generated by GitHuman for PR #42 | [View Full Report](https://github.com/acme-corp/web-app/pull/42/files)*IronCalc is a spreadsheet engine and ecosystem
Get more done every day with Microsoft Teams – powered by AI
Enterprise workflow automation and service management platform
Automate your spreadsheet tasks with AI power
Agentic AI Workflow platform
Connected workspace for docs, wikis, and projects
Take a free 3-minute scan and get personalized AI skill recommendations.
Take free scan