Skip to content
Octo E-Shop Demos

Review Agent

What This Demonstrates

Section titled “What This Demonstrates”

The Copilot Review Agent reviews pull requests for correctness, security vulnerabilities, and maintainability — prioritizing critical issues and suggesting concrete fixes.

Prerequisites

Section titled “Prerequisites”
  • A pull request open on the repository
  • GitHub web UI or VS Code with the PR checked out

Prompts

Section titled “Prompts”

Prompt A — Full Review

Section titled “Prompt A — Full Review”
Review this PR for correctness, security, and maintainability. Prioritize
critical issues first, then medium/low findings. Suggest concrete patch-level
fixes.

What to look for:

  • Severity-based ordering (critical → medium → low)
  • Concrete code suggestions (not just “consider fixing this”)
  • Security findings (injection, auth bypass, secret exposure)

Prompt B — Targeted Review

Section titled “Prompt B — Targeted Review”
Focus this review on API contract consistency (`success/data/error/meta` shape),
error handling, and TypeScript strictness across touched files.

What to look for:

  • API response shape validation against the project standard
  • Missing error handling (unhandled promise rejections, missing try/catch)
  • TypeScript any usage or missing type annotations

Prompt C — Infrastructure Review

Section titled “Prompt C — Infrastructure Review”
Review Terraform and Kubernetes changes for least-privilege, secret handling,
and safe defaults. Flag anything risky for production.

What to look for:

  • Overly permissive IAM roles or NSG rules
  • Hardcoded secrets or missing Key Vault references
  • Missing resource limits or unsafe defaults

Follow-Up Prompts

Section titled “Follow-Up Prompts”
  • “Summarize the 3 most important changes I should make before merging.”
  • “Generate a commit that addresses the critical findings.”
  • “Compare this review with what CodeQL would catch.”