Code Review
Friday Dev provides AI-powered code review capabilities for both AI-generated changes and human pull requests.
Overview
Code review in Friday Dev works in two modes:
- Agent Output Review - Review code written by AI agents
- PR Review - Review pull requests from team members
Reviewing Agent Output
When an AI agent completes a task, you'll see the changes in the review panel.
The Review Interface
┌─────────────────────────────────────────────────────────────────┐
│ Task: Add user authentication │
├─────────────────────────────────────────────────────────────────┤
│ Agent: Friday Agent │ Status: Complete │ Files: 5 │
├─────────────────────────────────────────────────────────────────┤
│ │
│ 📁 src/auth/login.ts +45 -0 │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ + import { hash, verify } from 'bcrypt'; │ │
│ │ + │ │
│ │ + export async function login(email, password) { │ │
│ │ + const user = await db.user.findByEmail(email); │ │
│ │ + if (!user) throw new Error('User not found'); │ │
│ │ + ... │ │
│ │ └─────────────────────────────────────────────────────────┘ │
│ │
│ 📁 src/auth/register.ts +38 -0 │
│ 📁 src/routes/auth.ts +22 -5 │
│ 📁 src/middleware/auth.ts +15 -0 │
│ 📁 tests/auth.test.ts +67 -0 │
│ │
├─────────────────────────────────────────────────────────────────┤
│ [Approve] [Request Changes] [Re-run Agent] │
└─────────────────────────────────────────────────────────────────┘
Review Actions
| Action | Description |
|---|---|
| Approve | Accept changes and merge |
| Request Changes | Send feedback to agent |
| Re-run Agent | Run agent again with feedback |
| Edit Manually | Open in editor to modify |
Adding Comments
Click on any line to add a comment:
Line 15: Consider using argon2 instead of bcrypt for better security
Comments will be used if you request changes or re-run the agent.
PR Review
Friday Dev can also review pull requests from GitHub/GitLab.
Automatic PR Review
When a PR is opened, Friday Dev can automatically:
- Analyze the changes
- Check for common issues
- Suggest improvements
- Approve or request changes
Running a PR Review
# Review a specific PR
friday-dev review pr 123
# Review with specific agent
friday-dev review pr 123 --agent claude
# Review all open PRs
friday-dev review prs --repo owner/repo
Review Output
┌─────────────────────────────────────────────────────────────────┐
│ PR Review: #123 - Add user authentication │
├─────────────────────────────────────────────────────────────────┤
│ │
│ 📊 Summary │
│ ───────────────────────────────────────────── │
│ This PR adds user authentication using JWT tokens. │
│ Overall quality: Good ✅ │
│ │
│ 🔍 Findings │
│ ───────────────────────────────────────────── │
│ │
│ ⚠️ Security (1 issue) │
│ Line 45: Password not hashed before storage │
│ │
│ 💡 Suggestions (2 items) │
│ Line 23: Consider using environment variable for secret │
│ Line 67: Add rate limiting to login endpoint │
│ │
│ ✅ Good Practices │
│ - Proper error handling │
│ - Input validation present │
│ - Tests included │
│ │
└─────────────────────────────────────────────────────────────────┘
Review Checklist
Friday Dev checks for:
Security
- SQL injection vulnerabilities
- XSS vulnerabilities
- Hardcoded secrets
- Insecure dependencies
- Missing input validation
Code Quality
- Code style consistency
- Error handling
- Type safety
- Dead code
- Duplicate code
Performance
- N+1 queries
- Missing indexes
- Memory leaks
- Unnecessary re-renders
Testing
- Test coverage
- Edge cases covered
- Mocking properly used
Configuration
Auto-review Settings
{
"review": {
"autoReview": true,
"agent": "claude",
"checks": ["security", "quality", "performance"],
"autoApprove": false
}
}
GitHub Integration
Connect to GitHub for automatic PR reviews:
# Connect GitHub account
friday-dev github connect
# Enable auto-review for a repo
friday-dev github auto-review enable owner/repo
CLI Commands
# Review agent output for a task
friday-dev review task 123
# Review a PR
friday-dev review pr 456
# Review local changes
friday-dev review local
# Review a specific file
friday-dev review file src/auth.ts
Best Practices
For AI-Generated Code
- Always review - Never blindly approve
- Check security - Look for vulnerabilities
- Verify logic - Ensure it does what's expected
- Test locally - Run the code before merging
For PR Reviews
- Be specific - Point to exact lines/issues
- Explain why - Help the author understand
- Suggest fixes - Provide solutions, not just problems
- Be constructive - Focus on improvement
Next Steps
- AI Agents - Learn about review agents
- GitHub Integration - Set up auto-review
- CLI Commands - Review from terminal