Claude Code Review: How to Use /code-review and Ultrareview
Claude Code ships a built-in /code-review command that scans diffs for correctness bugs and improvement opportunities at five effort levels, from a quick local pass to a multi-agent cloud analysis. This guide covers command syntax, effort level selection, the --comment and --fix flags, ultrareview's deep multi-agent pipeline, and managed Code Review for GitHub pull requests so you can pick the right review depth for every change.
The Review Gap AI-Assisted Code Created
Sonar's 2025 State of Code survey found that 42% of committed code is now AI-assisted, yet 96% of the developers writing it say they don't fully trust what the AI produces. That trust gap means someone still has to read every line before it ships.
The verification burden has grown faster than the productivity gains. Reviewing AI-generated code frequently demands more effort than reviewing human-written code, according to the same survey. Output has increased, but confidence hasn't kept pace. Teams write more code, then spend more time checking it.
Claude Code addresses this with a /code-review command built directly into the CLI. Instead of copying diffs into a chat window or configuring a third-party review tool, you run a single command in your terminal. The reviewer runs against your working diff, understands your full codebase context, and reports findings ranked by severity. Five effort levels let you choose between a fast confidence check and a deep multi-agent analysis, depending on what the change demands.
For teams on GitHub, Anthropic also offers a managed Code Review service that installs as a GitHub App and posts findings as inline PR comments automatically. Both paths, local and managed, use the same underlying review engine.
How the /code-review Command Works
The /code-review command runs inside any Claude Code session. By default it reviews your branch's commits ahead of its upstream plus any uncommitted changes in the working tree.
/code-review
That single command scans the diff for correctness bugs and improvement opportunities like reuse, simplification, and efficiency cleanups. Findings appear in your terminal, each tagged with a severity level:
- Important (red circle): a bug that should be fixed before merging
- Nit (yellow circle): a minor issue worth fixing but not blocking
- Pre-existing (purple circle): a bug in the codebase that this PR did not introduce
You can also pass a specific target instead of reviewing the default diff:
/code-review src/auth/session.ts
/code-review 1234
/code-review main...my-feature
A file path narrows the review to that file. A PR number reviews the pull request. A ref range like main...my-feature reviews the committed diff that a pull request from my-feature into main would contain, regardless of how the branch's upstream is configured.
Each finding includes a collapsible reasoning section that explains why Claude flagged the issue and how it verified the problem against actual code behavior. This transparency lets you assess findings quickly rather than guessing whether the reviewer understood your intent.
How to Choose the Right Effort Level
The effort argument controls how deeply /code-review analyzes your changes. Five levels are available, each trading speed for coverage.
Low and medium return fewer, higher-confidence findings. These levels work well for small patches, config changes, or situations where you want a fast sanity check before pushing. They complete in seconds and focus on clear-cut correctness bugs.
High and max give broader coverage and may surface uncertain findings alongside the confident ones. Use these when you're about to merge a feature branch or touch code paths with complex state. The reviewer spends more time exploring edge cases, verifying assumptions, and checking for subtle regressions.
Ultra is a different category entirely. It launches a fleet of specialized agents in a remote cloud sandbox that analyze the diff in parallel, then independently verify each finding before reporting it. Ultra takes 5 to 10 minutes and costs $5 to $20 per review depending on the size of the change. Pro and Max subscribers get three free ultrareview runs to try it.
To set the effort level, pass it as an argument:
/code-review low
/code-review high
/code-review ultra
Without an effort argument, the review uses whatever effort level your current session is set to. For most daily work, the default or medium level catches the obvious problems. Save high and max for pre-merge reviews on significant changes. Reserve ultra for the changes where a missed bug would be expensive: database migrations, auth flows, payment logic, or anything touching shared infrastructure.
Store review artifacts where your agents can reach them
Fast.io gives your agents intelligent storage with built-in RAG and a MCP server for programmatic access. Starts with a 14-day free trial.
Posting PR Comments and Auto-Fixing with --comment and --fix
Two flags extend /code-review beyond terminal output.
--comment posts each finding as an inline comment on your GitHub pull request, attached to the exact lines where the issue was found. This is useful when you want the review visible to your team without switching context or copying findings manually.
/code-review high --comment
The comments appear in the PR's "Files changed" tab just like human review comments. They include the severity tag and reasoning so teammates can evaluate the finding on its own. Claude doesn't approve or block the PR, so your existing review workflow stays intact.
--fix applies the findings directly to your working tree after the review completes. Instead of reading each finding and making the changes yourself, Claude modifies the files for you. You still see every change in your git diff and can accept, reject, or adjust each one before committing.
/code-review high --fix
You can combine both flags. Running /code-review high --comment --fix posts findings to the PR and applies them locally, which is a convenient workflow for solo development: fix the issues, verify the diff, then push.
The /code-review ultra --fix combination runs the deeper ultrareview in the cloud, then applies its findings to your working tree when they arrive back in your session. This gives you the thoroughness of multi-agent analysis with the convenience of automatic fixes.
One related command worth knowing: /simplify runs a separate cleanup-only review that applies fixes without hunting for bugs. If you want tidier code without a full correctness pass, /simplify is the faster path.
Ultrareview: Deep Multi-Agent Analysis in the Cloud
Ultrareview is the highest tier of Claude Code's review system. When you run /code-review ultra, Claude Code bundles your repository state and uploads it to a remote sandbox where a fleet of reviewer agents examines the code in parallel.
Each agent specializes in a different class of issue. After the initial pass, a verification step independently reproduces every candidate finding against actual code behavior. Findings that can't be verified get filtered out. The result is a shorter, higher-signal list of confirmed bugs rather than a long list of style suggestions.
The review runs entirely in the cloud. Your terminal stays free for other work while it processes. Use /tasks to monitor progress, view completed reviews, or stop a review that's in progress. When the review finishes, findings appear as a notification in your session with file locations and explanations.
For CI pipelines and scripts, the claude ultrareview subcommand starts the same review non-interactively:
claude ultrareview
claude ultrareview 1234
claude ultrareview origin/main
It blocks until the review finishes, prints findings to stdout, and exits with code 0 on success or 1 on failure. The --json flag outputs the raw findings payload for machine parsing. --timeout <minutes> sets the maximum wait time, defaulting to 30 minutes.
Ultrareview requires a Claude.ai account (API-key-only users need to run /login first). It's not available with Amazon Bedrock, Google Vertex AI, or Microsoft Foundry backends, or for organizations with zero data retention enabled. Pro and Max plans include three free runs. After that, each review bills to usage credits at $5 to $20 per run depending on diff size.
If your repository is too large to bundle, Claude Code prompts you to use PR mode instead. Push your branch, open a draft PR, then pass the PR number: /code-review ultra 1234.
Setting Up Managed Code Review for GitHub Pull Requests
For teams that want automatic reviews on every PR without running a CLI command, Anthropic offers a managed Code Review service through a GitHub App. This is available on Team and Enterprise plans.
Setup takes a few minutes. An organization admin goes to the Claude Code admin settings at claude.ai, installs the Claude GitHub App to the GitHub organization, selects which repositories to enable, and configures the review trigger for each repo. Three trigger options are available:
- Once after PR creation: a single review when the PR opens or becomes ready for review
- After every push: reviews on each push, with auto-resolution of threads when flagged issues are fixed
- Manual: reviews only when someone comments
@claude reviewon the PR
The managed service uses the same multi-agent review engine as ultrareview. Multiple specialized agents analyze the diff and surrounding code in parallel, verify findings against actual code behavior, deduplicate the results, and post inline comments on the specific lines where issues were found. Reviews complete in about 20 minutes on average and cost $15 to $25 per review, billed as usage credits separate from plan usage.
You can customize what the reviewer flags by adding a REVIEW.md file to your repository root. This file gets injected as the highest-priority instruction into every agent in the review pipeline. Use it to redefine severity thresholds, cap the number of nit comments, skip generated files or lockfiles, and add repo-specific checks like "new API routes must have an integration test."
CLAUDE.md files also influence reviews. The reviewer reads them as project context and flags newly introduced violations as nit-level findings. For review-specific rules that shouldn't affect general Claude Code sessions, put them in REVIEW.md instead.
To trigger a one-off review on any PR regardless of the configured trigger, comment @claude review once as a top-level PR comment. This starts a single review without subscribing the PR to future push-triggered reviews.
Teams building agent workflows around code review can store review templates, guidelines, and intermediate outputs in a shared workspace. Fast.io provides intelligent workspaces where files are auto-indexed and queryable through built-in RAG, with a MCP server that agents can use to read, write, and organize review artifacts programmatically. Every org starts with a 14-day free trial, with storage and monthly credits scaled to each plan.
Frequently Asked Questions
How do I use Claude Code for code review?
Run `/code-review` inside any Claude Code session. By default it reviews your working diff (commits ahead of upstream plus uncommitted changes). You can pass a specific file, PR number, or ref range as a target. Add an effort level argument (low, medium, high, max, or ultra) to control review depth. Use `--comment` to post findings as inline PR comments and `--fix` to apply fixes to your working tree automatically.
What is Claude Code ultrareview?
Ultrareview is a deep code review that runs on Anthropic's cloud infrastructure. When you run `/code-review ultra`, Claude Code uploads your repository to a remote sandbox where a fleet of specialized agents analyze the code in parallel. Each finding is independently verified before being reported, which produces higher-signal results than a local review. It takes 5 to 10 minutes and costs $5 to $20 per run after three free runs for Pro and Max subscribers.
Can Claude Code post comments on my PR?
Yes, two ways. The `/code-review --comment` flag posts findings as inline comments on your GitHub pull request from your local session. For automatic PR reviews, the managed Code Review service (Team and Enterprise plans) installs as a GitHub App and posts inline comments on every PR based on your configured trigger. Both options tag findings by severity and never approve or block the PR.
What is the difference between code review effort levels in Claude Code?
Low and medium return fewer, higher-confidence findings and complete in seconds. High and max give broader coverage and may include uncertain findings alongside confident ones. Ultra launches a multi-agent fleet in a remote cloud sandbox that independently verifies each finding, taking 5 to 10 minutes. Without an effort argument, the review uses your current session's effort level.
How much does Claude Code Review cost?
Local `/code-review` at low through max effort levels counts toward your normal Claude Code usage. Ultrareview (`/code-review ultra`) costs $5 to $20 per run depending on diff size, with three free runs for Pro and Max subscribers. The managed Code Review GitHub App averages $15 to $25 per review for Team and Enterprise plans, billed as usage credits separate from plan inclusion.
What is REVIEW.md and how does it customize Claude Code Review?
REVIEW.md is a file at your repository root that overrides how Code Review behaves. Its contents are injected as the highest-priority instruction into every review agent. Use it to redefine what counts as an Important finding, cap the number of nit comments per review, skip specific file paths or patterns, and add repo-specific checks. Keep it focused on review behavior and put general project context in CLAUDE.md instead.
Can I run ultrareview in CI without an interactive session?
Yes. The `claude ultrareview` subcommand starts the same review non-interactively, blocks until completion, prints findings to stdout, and exits with code 0 (success) or 1 (failure). Use `--json` for machine-parseable output and `--timeout <minutes>` to set a maximum wait time. It requires the same authentication and usage credit configuration as the interactive `/code-review ultra` command.
Related Resources
Store review artifacts where your agents can reach them
Fast.io gives your agents intelligent storage with built-in RAG and a MCP server for programmatic access. Starts with a 14-day free trial.