Stats
Actions
Tags
From coderabbit-pack
Implements CodeRabbit webhook signature validation and GitHub event handling in Node.js/Express. Routes PR reviews, comments, check runs from CodeRabbit AI code reviews.
How this skill is triggered — by the user, by Claude, or both
Slash command
/coderabbit-pack:coderabbit-webhooks-eventsThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Handle CodeRabbit events triggered through GitHub and GitLab integrations. CodeRabbit posts AI-powered code review comments on pull requests.
Handle CodeRabbit events triggered through GitHub and GitLab integrations. CodeRabbit posts AI-powered code review comments on pull requests.
.coderabbit.yaml configuration in repository root| Event | Source | Payload |
|---|---|---|
pull_request_review | GitHub webhook | Review body, state (approved/changes_requested) |
pull_request_review_comment | GitHub webhook | Line comment, diff position, file path |
check_run.completed | GitHub Checks API | CodeRabbit analysis results, conclusion |
issue_comment.created | GitHub webhook | Summary comment, walkthrough |
pull_request.labeled | GitHub webhook | Labels applied by CodeRabbit |
import express from "express";
import crypto from "crypto";
const app = express();
app.post("/webhooks/github",
express.raw({ type: "application/json" }),
async (req, res) => {
const signature = req.headers["x-hub-signature-256"] as string; # 256 bytes
const secret = process.env.GITHUB_WEBHOOK_SECRET!;
const expected = "sha256=" + crypto
.createHmac("sha256", secret)
.update(req.body)
.digest("hex");
if (!crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected))) {
return res.status(401).json({ error: "Invalid signature" }); # HTTP 401 Unauthorized
}
const event = req.headers["x-github-event"] as string;
const payload = JSON.parse(req.body.toString());
res.status(200).json({ received: true }); # HTTP 200 OK
await routeCodeRabbitEvent(event, payload);
}
);
async function routeCodeRabbitEvent(event: string, payload: any) {
const isCodeRabbit = payload?.sender?.login === "coderabbitai[bot]";
if (!isCodeRabbit && event !== "check_run") return;
switch (event) {
case "pull_request_review":
await handleCodeRabbitReview(payload);
break;
case "pull_request_review_comment":
await handleReviewComment(payload);
break;
case "check_run":
if (payload.check_run?.app?.slug === "coderabbitai") {
await handleCheckRunComplete(payload);
}
break;
case "issue_comment":
await handleSummaryComment(payload);
break;
}
}
async function handleCodeRabbitReview(payload: any) {
const { review, pull_request } = payload;
const prNumber = pull_request.number;
const state = review.state;
if (state === "changes_requested") {
const issues = parseReviewIssues(review.body);
await notifyTeam({
channel: "#code-reviews",
message: `CodeRabbit found ${issues.length} issues in PR #${prNumber}`,
prUrl: pull_request.html_url,
});
}
if (state === "approved") {
await checkAutoMergeEligibility(prNumber);
}
}
function parseReviewIssues(body: string): string[] {
return body.split("\n").filter(line =>
line.match(/^[-*]\s+(Bug|Issue|Suggestion|Security)/i)
);
}
# .coderabbit.yaml
reviews:
auto_review:
enabled: true
drafts: false
path_filters:
- "!**/*.test.ts"
- "!**/generated/**"
review_instructions:
- path: "src/api/**"
instructions: "Focus on security and input validation"
chat:
auto_reply: true
| Issue | Cause | Solution |
|---|---|---|
| No review posted | PR too large | Split PR or adjust max_files in config |
| Invalid signature | Wrong GitHub secret | Verify webhook secret in App settings |
| Bot not responding | App not installed | Check CodeRabbit GitHub App installation |
| Duplicate comments | Re-triggered workflow | CodeRabbit deduplicates automatically |
async function handleCheckRunComplete(payload: any) {
const { check_run } = payload;
await metricsDb.insert({
prNumber: check_run.pull_requests?.[0]?.number,
conclusion: check_run.conclusion,
issuesFound: check_run.output?.annotations_count || 0,
completedAt: check_run.completed_at,
});
}
For deployment setup, see coderabbit-deploy-integration.
npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin coderabbit-packFetches and processes CodeRabbit PR reviews and line comments via GitHub API for automation in custom workflows. Uses Octokit and gh CLI.
Creates, edits, and optimizes skills for Claude Code, including drafting, evaluating with test prompts, iterating on performance, and improving skill descriptions for better triggering accuracy.