Issue 07 | /caveman-review β Single-line Code Review
π― Learning Objectives
After this issue, you will master:
/caveman-review's output format and severity level system- How to trigger code reviews on different platforms
- Hands-on: Reviewing an Express middleware code snippet
- Integrating with GitHub Actions for automated PR reviews
π Core Content
7.1 Why Caveman for Code Review?
Problems with traditional AI code review:
β Normal Claude's code review (each issue is a long paragraph):
"I noticed that on line 42, you're accessing `user.name` without
first checking if the `user` object is null or undefined. This could
lead to a TypeError at runtime if the database query returns no results.
I'd suggest adding a null check before accessing the property, perhaps
using optional chaining (`user?.name`) or an explicit guard clause..."
(120 tokens to describe a null pointer issue)
Caveman's response:
β
L42: π΄ bug: user null. Add guard.
(10 tokens. Same issue.)
7.2 Output Format Specification
L<line_number>: <severity_level> <type>: <one-line_diagnosis>. <fix_suggestion>.
Severity Level System
graph LR
subgraph Levels["Severity Levels"]
A["π΄ bug
Must fix
Leads to runtime errors"]
B["π‘ warn
Recommended fix
Potential issues or performance traps"]
C["π΅ nit
Optional optimization
Code style or naming"]
D["β
ok
Good code
No changes needed"]
end
A --> B --> C --> D| Level | Icon | Meaning | Requirement |
|---|---|---|---|
bug |
π΄ | Runtime error / Security vulnerability | Must fix |
warn |
π‘ | Performance issue / Potential Bug / Anti-pattern | Strongly recommended fix |
nit |
π΅ | Naming / Style / Readability | Optional |
ok |
β | Overall good | No changes needed |
7.3 Hands-on: Reviewing an Express Middleware
Code to be reviewed:
// auth.middleware.js
const jwt = require('jsonwebtoken');
const db = require('./database');
module.exports = async (req, res, next) => {
const token = req.headers.authorization; // L6
try {
const decoded = jwt.verify(token, SECRET); // L9
const user = await db.findUser(decoded.id); // L10
req.user = user; // L11
req.userRole = user.role; // L12
next(); // L13
} catch (err) {
res.status(401).json({ error: err.message }); // L15
}
};
πͺ¨ Caveman Review Output:
L6: π΄ bug: no Bearer prefix strip. `authorization` includes "Bearer ".
Split: `token.split(' ')[1]`
L9: π΄ bug: SECRET undefined. Should be `process.env.JWT_SECRET`.
L10: π‘ warn: no user found check. `findUser` may return null β L12 crash.
L12: π΄ bug: `user.role` throws if user null. Guard after L10.
L15: π‘ warn: leaking jwt error details to client. Use generic message.
`{ error: "Authentication failed" }`
Summary: 3 π΄ 3 π‘. Auth middleware has critical null-safety gaps.
Compared to normal Claude's output which takes about 500+ tokens, Caveman achieves the same depth of review in only about 80 tokens.
7.4 Usage on Various Platforms
Claude Code
# Review current staged changes
> /caveman-review
# Review a specific file
> /caveman-review src/middleware/auth.js
# Review a PR's diff
> Review the changes in this PR, using caveman-review format
Antigravity
# Triggered by natural language
> Review src/middleware/auth.js in caveman-review format
# Or more concisely
> review auth.js, caveman style, one line per issue
Gemini CLI
> /caveman-review
# Or
> /caveman-review src/middleware/auth.js
Codex
> $caveman-review
# Or review a specific file
> $caveman-review src/middleware/auth.js
OpenCode
# Triggered by natural language (no slash command)
> Review current changes, format: L<line_number> + level(π΄π‘π΅) + one-line diagnosis
7.5 Integrating with GitHub Actions
Integrate caveman-review into your CI/CD to automatically get one-line reviews for every PR:
# .github/workflows/caveman-review.yml
name: Caveman Code Review
on:
pull_request:
types: [opened, synchronize]
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get changed files
id: diff
run: |
echo "files=$(git diff --name-only origin/${{ github.base_ref }}...HEAD | tr '\n' ' ')" >> $GITHUB_OUTPUT
- name: Caveman Review
uses: anthropics/claude-code-action@v1
with:
prompt: |
Review these changed files using caveman-review format.
Rules:
- One line per issue: L<line>: <π΄|π‘|π΅> <type>: <diagnosis>
- No throat-clearing, no pleasantries
- End with summary: N π΄ N π‘ N π΅
Files: ${{ steps.diff.outputs.files }}
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
graph TD
A["Developer submits PR"] --> B["GitHub Actions triggered"]
B --> C["Get changed files"]
C --> D["Call Claude Code Action
+ caveman-review rules"]
D --> E["Generate one-line review comments"]
E --> F["Automatically comment on PR"]
F --> G["Developer receives concise feedback"]
G -->|"Push after fixing"| Aπ Five-Platform Review Workflow Comparison
| Dimension | Claude Code | Antigravity | Gemini CLI | Codex | OpenCode |
|---|---|---|---|---|---|
| Trigger Command | /caveman-review |
Natural language | /caveman-review |
$caveman-review |
Natural language |
| Automatic Diff Reading | β | β | β | β | β |
| Precise Line Number Reference | β | β | β | β | β |
| CI/CD Integration | β claude-code-action | β οΈ Requires custom setup | β οΈ Limited | β codex-action | β οΈ Requires custom setup |
| Multi-file Review | β | β | β | β | β |
| Format Consistency | βββββ | βββ | ββββ | ββββ | βββ |
π‘ Advanced Tips
Focus only on Bugs
> /caveman-review # Only report π΄ level issues
Review by File Type
> /caveman-review *.tsx # Only review React components
> /caveman-review *.sql # Only review SQL files
Custom Review Dimensions
> /caveman-review Focus on: security vulnerabilities, SQL injection, XSS
π Key Takeaways from This Issue
/caveman-reviewoutput format:L<line_number>: π΄/π‘/π΅ Type: One-line diagnosis- Three severity levels: π΄ bug (must fix) / π‘ warn (recommended) / π΅ nit (optional)
- For the same depth of review, Token consumption reduced by 80%+
- Can be integrated with GitHub Actions for automated PR reviews
- Codex uses
$caveman-review, Antigravity and OpenCode use natural language triggers