Stow.PR Review Pipeline: GitHub + Slack + Notion
AI AgentsApril 19, 20264 min read

PR Review Pipeline: GitHub + Slack + Notion

New PR opened → Claude reads the diff and comments → summary posted to Slack → review notes saved to Notion. The AI reviewer that never forgets to log its work.

Claude
Notion

Code review is the bottleneck in most engineering teams. Claude can do a first pass — reading the diff, checking for obvious issues, summarizing the change — and surface that summary to the right people. The AI review isn't a replacement for human review. It's the prep work that makes human review faster.

The PR Review Pipeline

PR openedClaude reviewsNotion logYou approve → Slack

Permission Configuration

GitHub

Read PR diff and descriptionAllowed
Read existing comments on the PRAllowed
Comment on PR (add review notes)Approval Required

Goes to the PR — visible to the author and reviewers

Approve or request changesOff

AI should never formally approve code changes

Merge the PROff

Notion

Create PR review log entryAllowed
Read existing review databaseAllowed
Delete pagesOff

Slack

Read #engineering for contextAllowed
Post review summary to #engineering or #pr-reviewApproval Required
DM to PR authorAllowed

The Review Prompt

"Review the open PR titled '[PR title]' in the [repo] repo. Read the diff carefully and provide: 1) A 2-3 sentence plain-English summary of what the PR does. 2) Any obvious issues, missing edge cases, or things the reviewer should pay close attention to. 3) Questions the author should answer before this merges. Log the review notes to Notion in the PR Reviews database. Draft a Slack summary for #engineering with the PR link and key points. Show me everything before posting or commenting on GitHub."

Why AI Approval Is Permanently Off

The GitHub "Approve PR" permission is set to Off — not Approval Required, but completely disabled. This is intentional. AI reviewers can miss context, misunderstand business logic, or be fooled by prompt injection in PR descriptions (a real attack vector where malicious content in the PR description tries to manipulate the AI reviewer's output).

AI review notes are input to human reviewers, not a replacement for them. A human approves the code. The AI surfaces the initial analysis.

What Good AI PR Review Looks Like

Useful AI output

  • "This PR adds rate limiting to the login endpoint. Reviewer should check the threshold value (currently 5 attempts) and confirm it matches the product spec."
  • "The new UserService.delete() method doesn't handle the case where the user has active subscriptions."

AI overreach (keep Off)

  • "I've approved this PR — the changes look correct."
  • "I've merged the PR since the tests are passing."

The Notion Log Value

Every PR review logged to Notion creates a searchable history. Six months from now when a bug surfaces in production, you can search "PR reviews — auth service" and find Claude's original analysis from when the change was introduced. The AI reviewer that doesn't forget is also the one that documents automatically.

Faster Reviews. Better Records.

AI does the first pass. Humans do the approval. Every review logged automatically to Notion.

S

Stow Security Team

April 19, 2026