- 10
- March
In EP 1, we explained what Claude Code Review is and how it works with Multi-Agent architecture — in EP 2 we'll get hands-on, from installing the GitHub App, configuring Trigger Mode, creating CLAUDE.md for Review Rules, to reading Review results and customizing project-specific rules.
Quick Summary — What Does EP 2 Cover?
A complete Step-by-Step guide to installing and configuring Claude Code Review in one article — from Prerequisites, GitHub App installation, choosing Trigger Mode, creating CLAUDE.md + REVIEW.md for Review Rules, reading results and responding to Comments, to Best Practices for development teams.
Prerequisites — What You Need Before Starting
Before enabling Claude Code Review, you need to prepare the following:
| No. | Items | Details |
|---|---|---|
| 1 | Anthropic Plan | Claude for Teams (Premium — $150/user/month) or Claude for Enterprise |
| 2 | GitHub Organization | Must have a GitHub Organization (not just a Personal Account) |
| 3 | Repository Admin | Must have Admin access to the Repository you want to enable |
| 4 | Claude Code CLI | Installed and logged in via claude.ai OAuth (for CLI Mode) |
Note: Currently, Claude Code Review supports GitHub only. GitLab and Bitbucket are not yet supported — Anthropic may add them in the future.
Step 1 — Enable Code Review from Admin Settings
The first thing to do is enable the feature from Anthropic's Admin page:
- Go to claude.ai/admin-settings/claude-code
- Scroll down to the "Code Review" section
- Click "Setup" to begin the GitHub App installation process
The system will redirect you to GitHub to install the Claude GitHub App.
Step 2 — Install the Claude GitHub App
Claude Code Review works through a GitHub App called "Claude" — it must be installed in your Organization first:
- Go to github.com/apps/claude
- Click "Install"
- Select the desired Organization
- Select Repositories — you can choose "All repositories" or select specific ones
- Review the Permissions requested by the App:
| Permission | Level | Why It's Needed |
|---|---|---|
| Contents | Read & Write | Read code for analysis + suggest fixes |
| Issues | Read & Write | Link Review results to related Issues |
| Pull Requests | Read & Write | Read Diffs + Post Comments on PRs |
- Click "Install & Authorize"
Alternative: If you already use Claude Code CLI, you can run /install-github-app in Terminal to start the Guided Flow without accessing Admin Settings.
Step 3 — Choose Trigger Mode
After installing the GitHub App, choose when Claude should Review:
| Trigger Mode | How It Works | Suitable for | Advantages |
|---|---|---|---|
| PR Creation Only (default) | Reviews once when PR is created | Small teams, limited budget | Cost-effective |
| After Every Push | Re-reviews every time new code is pushed | Large teams, complex projects | Catches new issues + Auto-resolves when fixed |
| CLI Manual | Run /code-review manually |
Developers who want to review specific PRs | Full control |
Recommended: Start with "PR Creation Only" — then switch to "After Every Push" when you see the Reviews are truly useful.
Step 4 — Create CLAUDE.md for Review Rules
The standout feature of Claude Code Review is the ability to define Review rules using natural language via the CLAUDE.md file — no YAML or Regex required.
What is CLAUDE.md?
CLAUDE.md is a file placed at the Repository root to tell Claude:
- What Coding Standards this project uses
- What Architecture Decisions must be maintained
- What specific rules must always be checked (e.g., "never commit secrets")
Example CLAUDE.md
# Project: E-Commerce Backend ## Tech Stack - Python 3.12, FastAPI, PostgreSQL - ORM: SQLAlchemy 2.0 (async) - Testing: pytest + httpx ## Coding Standards - Use Type Hints for every function - Do not use print() in production code — use the logging module - Every API Endpoint must have a Pydantic schema - Database queries must always use parameterized queries ## Security Rules - Do not hardcode API keys, passwords, tokens - Input validation for every endpoint - Rate limiting for public endpoints ## Architecture - Clean Architecture: Controller → Service → Repository - Do not import Repository layer directly from Controller
REVIEW.md — Review-Specific Rules
In addition to CLAUDE.md, you can create a REVIEW.md file (or .claude/review.md) to define rules used specifically during Code Review:
Example REVIEW.md
# Review Rules ## Always Check - SQL Injection vulnerabilities - Functions longer than 100 lines - Missing error handling in async operations - N+1 query patterns ## Ignore - Formatting/style issues (handled by black + isort) - Type annotation completeness (handled by mypy) - Import ordering (handled by isort) ## Severity - Security issues → always flag as Critical - Missing tests for new endpoints → flag as High
.claude/rules/ — Modular Rules
For large projects, you can create Rules as separate .md files in .claude/rules/ — Claude loads all files automatically, equivalent to CLAUDE.md.
| File | Scope | Usage Example |
|---|---|---|
CLAUDE.md |
Used always (Code Review + Code Gen) | Coding Standard, Architecture |
REVIEW.md |
Used only for Code Review | Rules to always check, things to ignore |
.claude/rules/*.md |
Used always (same as CLAUDE.md) | Separate rules by module, e.g., security.md, api.md |
Step 5 — Test Your First Review
Once setup is complete, test by opening a PR:
- Create a new Branch from existing code
- Modify some code (try introducing a minor issue, e.g., remove error handling)
- Push the Branch and open a Pull Request
- Wait ~20 minutes — you'll see Check Run "Claude Code Review" appear
- When the Review is complete, you'll see:
| Results | Details |
|---|---|
| Summary Comment | A summary Comment listing all issues found, prioritized by severity |
| Inline Comments | Comments on specific code lines with issues, including explanations and Suggested Fixes |
| Severity Labels | Every Finding has a Severity (Critical, High, Medium) for prioritization |
Don't see the Check Run? Verify: (1) Claude GitHub App is installed and the correct Repository is selected (2) Your Anthropic account is Teams Premium or Enterprise (3) The Repository matches what's configured in Admin Settings.
Step 6 — Read and Respond to Review Results
When Claude Code Review finishes, Comments will appear on the PR — here's how to handle them:
Reading Review Comments
- Summary Comment — read the overview first to see how many issues and at what severity levels
- Inline Comment — click to view each Finding on the problematic code lines
- Suggested Fix — some Findings include corrected code to review
Responding
| Scenario | How to Handle |
|---|---|
| Agree with Finding | Fix code per Suggestion → Push again → if "After Every Push" is enabled, the system will Auto-resolve the Thread |
| Disagree | Reply with your reasoning → Resolve the Thread yourself (just like normal Human Review) |
| Need More Information | Reply asking Claude → but currently it cannot respond back (not a Chat) |
Important: Claude Code Review will not Approve PRs — it only shows issues found. Approval remains the responsibility of Human Reviewers always.
Step 7 — Use CLI Mode for Local Review
Besides automatic Reviews via the GitHub App, you can also run Reviews directly from the Claude Code CLI:
Run Code Review from CLI
# Review current PR (output in Terminal) /code-review # Review PR and Post Comment to GitHub /code-review --comment # Review a specific PR by number /code-review --pr 123
Advantages of CLI Mode:
- Preview Reviews before pushing — no need to wait for a PR
- Choose to review specific PRs only — no need to review every PR
- Use with
--commentto post results to GitHub immediately
Best Practices — Getting the Most from Claude Code Review
| No. | Best Practice | Reason |
|---|---|---|
| 1 | Write a detailed CLAUDE.md | The more Context Claude has, the more targeted Reviews become |
| 2 | Use REVIEW.md to define what not to Review | Reduce noise from issues already handled by Linters |
| 3 | Small PRs (<500 lines) | Faster Reviews + lower costs + more accurate results |
| 4 | Don't ignore Critical Findings | Claude rejects <1% — if it says Critical, it's usually real |
| 5 | Use alongside other Security Scans | Claude excels at Logic + Context but should be paired with SAST/DAST |
| 6 | Review the Reviews — continuously adjust Rules | If recurring False Positives occur → add them to REVIEW.md's "Ignore" section |
GitHub Actions — Advanced Workflow Configuration
For teams wanting more control, you can use GitHub Actions instead of the GitHub App:
Example .github/workflows/claude-review.yml
name: Claude Code Review
on:
pull_request:
types: [opened, synchronize]
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Run Claude Code Review
uses: anthropics/claude-code-review@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
github_token: ${{ secrets.GITHUB_TOKEN }}
confidence_threshold: 80
Setting up the API Key:
- Go to Repository → Settings → Secrets and variables → Actions
- Click "New repository secret"
- Name it ANTHROPIC_API_KEY
- Paste the API Key from console.anthropic.com
GitHub App vs GitHub Actions
- GitHub App: Easier, no need to manage API Keys yourself — Anthropic handles it
- GitHub Actions: More flexible, customize Workflows as needed — but you manage API Keys yourself
Confidence Threshold — Adjusting Strictness
Confidence Threshold is a 0-100 number that determines how confident Claude must be before reporting an Issue:
| Threshold | Results | Suitable for |
|---|---|---|
| 60 | Reports many issues — more False Positives | Projects requiring extremely thorough inspection (e.g., Security-Critical systems) |
| 80 (default) | Balanced — reports only high-confidence issues | Most teams |
| 95 | Reports few — only truly severe issues | Teams wanting to minimize Noise |
Real-World Statistics from Anthropic's Usage
Anthropic uses Claude Code Review on every internal PR — results:
| Key indicators | Before | After |
|---|---|---|
| PRs receiving Substantive Comments | 16% | 54% (+238%) |
| Large PRs (>1,000 lines) with issues found | — | 84% (average 7.5 issues) |
| Small PRs (<50 lines) with issues found | — | 31% (average 0.5 issues) |
| Rejection Rate | — | <1% |
These numbers show that Claude Code Review significantly improves Review quality — especially for large PRs that people often don't have time to review thoroughly.
Claude Code Review in the Thai Enterprise Context
For Thai organizations with software development teams, Claude Code Review can help in many scenarios:
- Small teams without Senior Reviewers — use Claude as a "second Senior Developer" to review code
- ERP projects with large codebases — ERP systems often have hundreds of Modules, too many for human review alone
- Compliance with security standards — define in CLAUDE.md what to check, e.g., SQL Injection, 2FA
- Outsourced or AI-written code — verify code quality from external sources before Merge
Summary — Claude Code Review Setup Checklist
| Steps | Items | Status |
|---|---|---|
| 1 | Have Claude for Teams Premium or Enterprise | |
| 2 | Enable Code Review from Admin Settings | |
| 3 | Install Claude GitHub App + select Repositories | |
| 4 | Choose Trigger Mode (PR Creation / Every Push / CLI) | |
| 5 | Create CLAUDE.md + REVIEW.md | |
| 6 | Test with the first PR + verify Check Run appears | |
| 7 | Adjust Confidence Threshold as appropriate |
Claude Code Review doesn't replace Human Reviewers — it serves as a "second pair of eyes" that never gets tired, never forgets, and never skims through code — all the team needs to do is "tell it what to look for" via CLAUDE.md.
— Saeree ERP Team
Continue Reading — EP 1 and EP 3
- EP 1: What is Claude Code Review? — Multi-Agent Automated Code Review System
- EP 3: Claude Code Review vs Competitors + Price and Value
References
- Claude Code Official Docs — Code Review
- Claude Code Official Docs — GitHub Actions
- TechCrunch — Anthropic launches code review tool
- The New Stack — Anthropic launches multi-agent code review
If your organization is looking for an ERP system developed with high standards and a focus on software quality, you canschedule a demo or contact our advisory teamfor further discussion
