Personal OpenCode configuration for automated pull request reviews using a multi-specialist orchestrator pattern.
The review system uses an orchestrator + specialist fan-out model:
pr-reviewer-orchestratorgathers PR context, selects relevant lenses, and dispatches specialist agents in parallel- Each specialist reviews the diff through a single focused lens and returns a structured JSON report
- The orchestrator synthesises findings, deduplicates, resolves conflicts, and posts an inline GitHub PR review
pr-reviewer-orchestrator
├── pr-review-design
├── pr-review-solid
├── pr-review-security
├── pr-review-consistency
└── pr-review-testing
Each specialist is activated conditionally based on what changed — not all lenses run on every PR.
Principal-level engineering lead. Does not review code itself — gathers PR context, selects relevant lenses, dispatches specialists in parallel, collects their JSON reports, validates findings against the diff, resolves conflicts, and posts the final review via gh-pr-review.
Senior software architect. Evaluates whether the chosen approach is appropriate, proportionate, and well-suited to the problem: problem-solution fit, proportionality, alternative approaches, architectural fit, future implications, and abstraction level.
Senior software engineer focused on code structure. Evaluates SOLID principles (SRP, OCP, LSP, ISP, DIP) plus function size and complexity, duplication, naming clarity, and coupling/cohesion.
Senior application security engineer. Reviews against OWASP Top 10: broken access control, cryptographic failures, injection, insecure design, security misconfiguration, vulnerable components, authentication failures, data integrity failures, logging gaps, and SSRF. Also checks for secrets in code and information disclosure.
Consistency guardian. Ensures new code follows the established patterns of the codebase: naming conventions, file organization, architectural patterns, error handling, API design, import patterns, configuration, and observability.
Senior QA engineer. Verifies that changed or added functionality is properly tested: coverage of new and changed functionality, edge cases, test quality, isolation, mock appropriateness, naming, and regression risk.
Each specialist returns a JSON object:
{
"lens": "security",
"verdict": "REQUEST_CHANGES",
"confidence": "HIGH",
"summary": "...",
"findings": [
{
"severity": "critical",
"path": "src/api/users.ts",
"line": 42,
"end_line": null,
"description": "...",
"suggestion": "...",
"rationale": "...",
"references": ["https://owasp.org/..."]
}
],
"positive": ["..."],
"out_of_scope": ["..."]
}The orchestrator uses the gh-pr-review skill to post the final review directly as a GitHub (or GitLab) inline PR review — with inline diff comments, line validation, and 422 error recovery built in.
If no PR number is provided, the review is printed to stdout instead.
Prompts live in ~/.config/opencode/prompts/ and the skill in ~/.config/opencode/skills/gh-pr-review/.
Recommended: symlink the directories so this repo stays the single source of truth.
# Prompts
for f in prompts/*.md; do
ln -sf "$(pwd)/$f" ~/.config/opencode/prompts/$(basename $f)
done
# Skill
ln -sf "$(pwd)/skills/gh-pr-review" ~/.config/opencode/skills/gh-pr-reviewFrom within a git repo, open OpenCode and use the /review command:
/review 42
Or non-interactively:
opencode run --agent pr-reviewer "Review the current branch against main. PR #42."| Single-agent | This setup | |
|---|---|---|
| Lenses | One generalised reviewer | 5 independent specialists |
| Parallelism | Sequential | Parallel fan-out |
| Output | Text | Structured JSON per lens |
| Posting | Manual | Automated inline PR review |
| Conflict resolution | N/A | Explicit orchestrator synthesis |
| Activation | Always full | Conditional per lens |