submit-github-review

# Submit GitHub Review Skill

An **output skill** that submits code review findings to GitHub via the API. This is the final step in the review pipeline, posting the review to the PR.

## Role

- **Format**: Transform review findings into GitHub review format
- **Submit**: Post the review via GitHub API
- **Annotate**: Add inline comments to specific lines

## Inputs

| Input | Required | Description |
|-------|----------|-------------|
| `owner` | Yes | Repository owner (username or organization) |
| `repo` | Yes | Repository name |
| `pull_number` | Yes | Pull Request number |
| `commit_id` | Yes | SHA of the commit to review (from retrieve-diff-from-github-pr) |
| `findings` | Yes | Array of review findings from specialist skills |
| `review_event` | Optional | APPROVE, REQUEST_CHANGES, or COMMENT (default: COMMENT) |

## Outputs

| Output | Description |
|--------|-------------|
| `review_id` | ID of the created review |
| `review_url` | URL to view the review |
| `comments_posted` | Number of inline comments posted |

## Required MCP Tools

This skill uses the GitHub MCP server with:

| Tool | Purpose |
|------|---------|
| `create_pull_request_review` | Submit the review with body and inline comments |

## Step 1: Aggregate Findings

Collect all findings from specialist skills:

```json
{
  "findings": [
    {
      "severity": "blocker",
      "category": "security",
      "evidence": {
        "file": "src/auth/login.ts",
        "line": 42,
        "snippet": "password = req.body.password"
      },
      "impact": "Password logged in plaintext",
      "fix": "Remove logging or hash before logging",
      "test": "Check logs for sensitive data"
    }
  ]
}
```

## Step 2: Determine Review Event

Based on findings severity, determine the review action:

| Findings | Event | Rationale |
|----------|-------|-----------|
| Any **blocker** | `REQUEST_CHANGES` | PR should not be merged |
| Any **major** | `REQUEST_CHANGES` | Significant issues need fixing |
| Only