githuman

🥈Silver

GitHuman reviews AI-generated code changes before they are committed. It benefits developers and operations teams by ensuring code quality and adherence to standards. It integrates with GitHub and supports Claude AI agents.

24470Updated Today

Intermediate30min to implementautomation

Quick InstallView Source

git clone https://github.com/mcollina/githuman.git

Works with:

Claude

Overview

About This Skill

How to Use

1. **Trigger the Skill:** Paste the prompt template into your AI agent (e.g., Claude) and replace placeholders like `[PR_NUMBER]` with your GitHub PR details. For automation, use a GitHub Action or webhook to send PR data to your AI agent. 2. **Customize Checks:** Specify your project’s style guide (e.g., `Google Go Style Guide`), critical files, or sensitive functions to focus the review. 3. **Review Output:** GitHuman will return a structured report with severity ratings, fixes, and a summary. Copy the suggested fixes into your PR comments or code. 4. **Iterate:** If the AI misses edge cases, refine the prompt with more context (e.g., `Check for race conditions in concurrent map access`). 5. **Integrate:** Use GitHub Actions to auto-trigger GitHuman on PRs. Example workflow: ```yaml - name: Review PR with GitHuman run: | gh pr view ${{ github.event.pull_request.number }} --json number,title,body > pr.json cat pr.json | ai-review --skill=githuman ``` *Tip:* For large PRs, split the review into chunks (e.g., by file) to avoid token limits.

Setup & Installation

Quick Install

No install command available. Check the GitHub repository for manual installation instructions.

Alternative Install (Git Clone)

git clone https://github.com/mcollina/githuman

Requirements

Claude Code or compatible AI agent
Works with: Claude

Quick Start Guide

Install the Skill

Copy the install command above and run it in your terminal.

Open Your AI Agent

Launch Claude Code, Cursor, or your preferred AI coding agent.

Try It Out

Use the prompt template or examples below to test the skill.

Customize

Adapt the skill to your specific use case and workflow.

Usage Examples

Prompt Template

Review the AI-generated code changes in the pull request [PR_NUMBER] for [REPOSITORY_NAME]. Check for: (1) adherence to [PROJECT_STYLE_GUIDE], (2) potential bugs or edge cases in [SPECIFIC_FILES_OR_MODULES], (3) performance implications in [CRITICAL_PATHS], and (4) security vulnerabilities in [SENSITIVE_FUNCTIONS]. Flag any issues with severity (High/Medium/Low) and suggest fixes. Include a summary for the developer with actionable next steps.

Example Output

### GitHuman Code Review Report
**PR:** #42 | **Repository:** `acme-corp/web-app` | **Author:** @dev-alice
**Review Date:** 2024-05-15

#### 🔴 High Severity Issues (2)
1. **Memory Leak in `src/api/handlers/user.go` (Line 42-67)**
   - **Issue:** The `fetchUserData` function allocates a new `[]byte` slice for each request but never releases it, causing a 15% memory spike under load.
   - **Fix:** Replace with `sync.Pool` for byte slices or use `io.ReadAll` with a buffer.
   - **Impact:** Could crash the service during traffic spikes (observed in staging).

2. **SQL Injection in `src/db/user_queries.go` (Line 89)**
   - **Issue:** Direct string interpolation in `fmt.Sprintf("SELECT * FROM users WHERE id = %s", userID)` allows injection if `userID` is user-controlled.
   - **Fix:** Use parameterized queries: `db.Query("SELECT * FROM users WHERE id = ?", userID)`.
   - **Impact:** Critical security risk; exploit demonstrated in test environment.

#### 🟡 Medium Severity Issues (3)
1. **Race Condition in `src/cache/redis.go` (Line 112)**
   - **Issue:** Concurrent writes to `cache.Set()` without locking may corrupt data.
   - **Fix:** Add `sync.Mutex` or use Redis' `SET` with `NX` flag.
   - **Impact:** Inconsistent cache reads; observed in 3% of requests.

2. **Missing Error Handling in `src/main.go` (Line 201)**
   - **Issue:** `http.ListenAndServe()` errors are ignored, causing silent failures.
   - **Fix:** Log errors and exit gracefully: `log.Fatal(http.ListenAndServe(...))`.

3. **Hardcoded API Key in `src/config/env.go`**
   - **Issue:** `API_KEY = "sk-12345"` is committed to the repo.
   - **Fix:** Use environment variables or a secrets manager.

#### ✅ Approved Changes (No Action Required)
- **`src/utils/logger.go`:** Added structured logging (consistent with team standards).
- **`src/models/user.go`:** Updated `User` struct to include `LastLoginAt` field (backward-compatible).

#### 📋 Summary for Developer
- **Critical:** Fix SQL injection and memory leak **before merging**. These are blocking issues.
- **High Priority:** Address race condition and error handling in the next sprint.
- **Low Priority:** Refactor hardcoded API key and add unit tests for `fetchUserData`.

**Next Steps:**
1. Push fixes to a new branch and request a re-review.
2. Verify fixes with `go test -race` and `docker-compose up --scale api=2`.
3. Update PR description with changes made.

---
*Generated by GitHuman for PR #42 | [View Full Report](https://github.com/acme-corp/web-app/pull/42/files)*