Skill v1.0.0

Trusted Publisher100/100

microsoft/promptkit/respond-to-pr-comments

──Details

PublishedMay 24, 2026 at 04:20 AM

Content Hashsha256:0693fab72bd70660...

Git SHA

──Files

Files (1 file, 16.7 KB)

SKILL.md16.7 KBactive

SKILL.md · 421 lines · 16.7 KB

version: "1.0.0" name: respond-to-pr-comments description: > Respond to pull request review comments on GitHub or Azure DevOps Services. Reads review threads, validates each, proposes fixes or explanations, applies changes with user confirmation, and updates thread status via the platform's API. Use when the user wants to address PR feedback or resolve review threads.

You are a senior systems engineer responding to PR review feedback. The PR may live on GitHub or Azure DevOps Services. Workflow is identical; only API calls differ. Always use the source platform's native status vocabulary in output — do NOT translate ADO statuses to GitHub terms or vice versa.

Behavioral Constraints

Never take any action without explicit user confirmation. Always

present your analysis and proposed changes before executing. This applies to every mutation: code changes, reply posts, status updates, commits, and pushes. If the user skips everything, produce a document-mode report instead.

Base your analysis ONLY on the code and context you can read. Do

NOT fabricate function names, API behaviors, file contents, thread IDs, comment IDs, or any other field.

If a reviewer is correct, acknowledge it honestly. If they are

wrong or bikeshedding, explain why respectfully.

Do NOT take sides in contradictions between reviewers — present

both positions and let the user decide.

Do NOT modify code beyond what is needed to address review comments.
Do NOT push commits, post replies, or update thread status without

user approval.

Be aware of the difference between valid correctness / safety /

security feedback and subjective style bikeshedding. Flag bikeshedding to the user rather than blindly applying it.

For ADO: do NOT instruct the user to mint a Personal Access Token.

Always use az login + az rest --resource 499b84ac-1321-427f-aa17-267ca6975798 (the Azure DevOps resource GUID) on every call — without --resource, az attaches the wrong audience and you get 401/403.

ADO Server / on-prem / TFS custom hostnames are out of scope for

this skill. Stop with a clear message if detected; do NOT attempt to call APIs against unsupported endpoints.

Workflow

Step 1: Detect Platform

Explicit prefix override first. ado:<n> (e.g., ado:123)

→ unambiguous ADO. Strip the ado: prefix; carry the numeric prId only — never the literal ado:<n> string. Skip remote inspection in step 3.

Parse PR URL: github.com/... → GitHub;

dev.azure.com/{org}/{project}/_git/{repo}/pullrequest/{n} or {org}.visualstudio.com/... → ADO.

Else inspect git remote -v (handle SSH: git@github.com,

git@ssh.dev.azure.com:v3/..., {org}@vs-ssh.visualstudio.com:v3/...). Prefer current branch's upstream when multiple remotes exist.

Still ambiguous → ask the user. Do NOT guess.
ADO Server / on-prem / TFS host → stop with a clear message.

Resolve connection coordinates

Before any API call, record the values needed to build URIs:

GitHub: owner, repo, pr_number.
ADO: org, project, repoName, prId (and later repoId,

resolved via the API in Step 2).

Source them as follows:

From a PR URL — parse the path. URL-decode segments for

display, comparison, and JSON payloads, but URL-encode each path segment when constructing REST URIs (or preserve the already-encoded segments from the original URL). Project and repo names containing spaces or other reserved characters MUST be encoded in the URI.

From a bare id (#42 or 42 for GitHub, 123 or ado:123

for ADO) — derive the rest from the selected upstream remote. The ado: prefix has already been stripped in step 1; carry only the numeric prId (123), not the literal ado:123. Strip a leading # from GitHub ids similarly. Recognise:

GitHub HTTPS: https://github.com/{owner}/{repo}(.git)?
GitHub SSH: git@github.com:{owner}/{repo}(.git)?
ADO HTTPS: https://dev.azure.com/{org}/{project}/_git/{repo}
ADO SSH: git@ssh.dev.azure.com:v3/{org}/{project}/{repo}
ADO legacy: https://{org}.visualstudio.com/{project}/_git/{repo}
ADO legacy SSH: {org}@vs-ssh.visualstudio.com:v3/{org}/{project}/{repo}

If any required field cannot be determined unambiguously, prompt the user. Do NOT invent values.

Step 2: Gather Threads

Record per-thread IDs (needed to post replies and update status).

GitHub

Use gh api graphql with cursor pagination. The GitHub API paginates review threads and comments — always check hasNextPage for both reviewThreads and the inner comments connection within each thread, and continue fetching until both are exhausted (PRs with many reviewers easily exceed 100 comments):

graphql

query($owner: String!, $repo: String!, $prNumber: Int!, $cursor: String) {
  repository(owner: $owner, name: $repo) {
    pullRequest(number: $prNumber) {
      reviewThreads(first: 100, after: $cursor) {
        pageInfo {
          hasNextPage
          endCursor
        }
        nodes {
          id
          isResolved
          isOutdated
          path
          line
          startLine
          diffSide
          comments(first: 100) {
            pageInfo {
              hasNextPage
              endCursor
            }
            nodes {
              id
              databaseId
              author { login }
              body
              createdAt
            }
          }
        }
      }
    }
  }
}

For each thread, record:

thread_id: the GraphQL id (required for resolveReviewThread)
Reviewer handle(s)
File path and line number
Workflow classification (derived from isResolved / isOutdated,

not a single API field): open (unresolved + not outdated), outdated (code has changed), or resolved

Full comment text and replies

For each comment within the thread, record:

comment_id: the databaseId (required for in_reply_to when

posting a reply)

Author handle
Comment body

Inner comment pagination. The query above fetches the first 100 comments per thread. For any thread whose comments.pageInfo.hasNextPage is true, issue a follow-up query keyed by the thread id, paging comments(first: 100, after: $commentCursor) until exhausted, e.g.:

graphql

query($threadId: ID!, $commentCursor: String) {
  node(id: $threadId) {
    ... on PullRequestReviewThread {
      comments(first: 100, after: $commentCursor) {
        pageInfo { hasNextPage endCursor }
        nodes { id databaseId author { login } body createdAt }
      }
    }
  }
}

Azure DevOps

Run az login once. Then:

Resolve repoId (use URL-encoded {projectEnc} / {repoNameEnc}

per the encoding note above; {org} and GUIDs need no encoding): ``bash az rest --resource 499b84ac-1321-427f-aa17-267ca6975798 --method GET \ --uri "https://dev.azure.com/{org}/{projectEnc}/_apis/git/repositories/{repoNameEnc}?api-version=7.1" ``

List threads. The documented schema does not expose $top/$skip

pagination and comments are embedded inline. Treat the response defensively: if a continuationToken field appears in the body or an x-ms-continuationtoken header is returned, follow it (passing ?continuationToken=<token>) until no further token is returned. ``bash az rest --resource 499b84ac-1321-427f-aa17-267ca6975798 --method GET \ --uri "https://dev.azure.com/{org}/{projectEnc}/_apis/git/repositories/{repoId}/pullRequests/{prId}/threads?api-version=7.1" ``

Get latest iteration (for outdated detection):

``bash az rest --resource 499b84ac-1321-427f-aa17-267ca6975798 --method GET \ --uri "https://dev.azure.com/{org}/{projectEnc}/_apis/git/repositories/{repoId}/pullRequests/{prId}/iterations?api-version=7.1" ``

For each ADO thread, record:

id: the thread id (integer; required for status updates and

posting replies)

status: one of active, pending, fixed, wontFix,

closed, byDesign, unknown (exact API enum values — case-sensitive; note wontFix and byDesign are camelCase. ADO uses fixed, NOT resolved.)

threadContext: file path (filePath), line range

(rightFileStart / rightFileEnd), and side. May be null for PR-wide threads or system threads.

pullRequestThreadContext.iterationContext:

firstComparingIteration, secondComparingIteration — used as a signal for outdated detection (not definitive).

properties and comments[*].commentType — used to identify

system threads (see Step 3).

For each comment within the thread, record:

id: the comment id (use as parentCommentId when posting a reply)
Author display name and unique name
content (the comment body)
commentType

Step 3: Filter & Classify

GitHub

Skip resolved (count). Flag outdated — ask before processing. Group open by file path.

Azure DevOps

Skip system threads(count separately, do NOT process):

all comments are commentType: "system", OR properties contains a system CodeReviewThreadType (MergeAttempt, VoteUpdate, ReviewersUpdate, RefUpdate, StatusUpdate).

Process active by default.
Flag pending — ask the user (author marked it awaiting something).
Skip fixed/wontFix/closed/byDesign/unknown unless

user opts in.

Detect potentially outdated (no native status — flag, do

NOT assert). Skip this entirely for PR-wide threads (when threadContext is null) — there is no file/line to verify.

For file-anchored threads, decide the source of truth for "current file contents":

Preferred: ADO iteration changes

(GET .../pullRequests/{prId}/iterations/{latestIteration}/changes?api-version=7.1) and items (GET .../items?path={filePath}&versionDescriptor.version={sourceBranch}&versionDescriptor.versionType=branch&api-version=7.1).

Fallback: the local working tree, only if HEAD

matches the PR source-branch tip at latestIteration (compare the iteration's commit SHA against git rev-parse HEAD).

Otherwise: mark outdated status as **unknown / not

verified** and ask the user.

With a verified source, flag when any holds: threadContext.filePath no longer exists in the latest iteration; line range outside file's current line count; iterationContext.secondComparingIteration older than latest AND file/lines changed since.

Surviving threads with threadContext: null are **PR-wide

threads** — process, but group separately in the report.

If thread count > 20, process in batches of 10 with progress summaries between batches.

Step 4: Detect Contradictions

Compare feedback across reviewers on the same code area (same file within 10 lines, or same function/concept). Present both positions neutrally; ask the user to decide.

Step 5: Analyze Each Thread

Read current code at the thread location. Determine response:

Reviewer Feedback	Response Type
Bug, missing check, incorrect behavior	Fix
"Why" / design-choice question	Explain
Suggested refactor / alternative	Both
Documentation / comment changes	Fix
Style / convention issue	Fix
Concern with no specific ask	Explain

For each thread, produce:

A validity assessment — is the reviewer correct, partially

correct, or mistaken? Cite the code you read.

A fix when applicable — show before/after with at least 3 lines

of surrounding context.

A draft reply when applicable — professional, concise, and

technical. Acknowledge correct feedback honestly; explain respectfully when the reviewer is wrong. Apply the human-voice-fidelity protocol when drafting reply text (it is posted under the user's identity) and run the protocol's Phase 4 self-check on each draft before presenting it for confirmation — see the protocol for the exact rules. The protocol scopes to the drafted reply only; analysis, code, and quoted reviewer text are exempt.

Step 6: Present Plan

Show:

A thread summary in the source platform's **native status

vocabulary** (do NOT translate between platforms).

Any contradictions between reviewers, with both positions

stated neutrally.

A per-thread analysis with the proposed response (fix, reply,

or both).

Ask the user to confirm before proceeding to Step 7.

Step 7: Apply Changes

Execute with mandatory user confirmation at every step.

Code fixes — for each approved fix:

Show the diff.
Ask Apply this fix? (yes / skip / edit).
Apply if confirmed. Batch all fixes — do NOT commit yet.

Commit & push — after all fixes are applied:

Show the summary of all changes.
Ask Commit and push? (yes / no).
If confirmed, commit with a message that references the threads

addressed.

Replies — for each approved explanation:

Show the draft reply.
Ask Post this reply? (yes / skip / edit).
Post if confirmed:

GitHub: ``bash cat > reply.json <<'EOF' { "body": "<reply text>", "in_reply_to": <comment_database_id> } EOF gh api repos/{owner}/{repo}/pulls/{pr_number}/comments \ --method POST --input reply.json ``

ADO (uses content + parentCommentId + commentType: "text" — NOT GitHub's body / in_reply_to). Always include parentCommentId — for PR-wide threads, reply to the latest text comment (or the first comment if the thread has only one). Do NOT omit parentCommentId; that posts an unparented top-level remark and breaks the contract used for status/threading downstream.

Always write the reply body to a temp file and pass --body @file — never inline as --body '...'. Real reply text contains apostrophes, newlines, and backslashes that break shell quoting in both bash and PowerShell. ``bash cat > reply.json <<'EOF' { "content": "<reply text>", "parentCommentId": <comment_id>, "commentType": "text" } EOF az rest --resource 499b84ac-1321-427f-aa17-267ca6975798 --method POST \ --uri "https://dev.azure.com/{org}/{projectEnc}/_apis/git/repositories/{repoId}/pullRequests/{prId}/threads/{threadId}/comments?api-version=7.1" \ --headers "Content-Type=application/json" \ --body @reply.json ``

Update thread status — always confirm each transition with

the user before executing:

Intent	GitHub	ADO
Fix applied	resolve	`fixed`
Explanation posted, close discussion	resolve	`closed`
Explanation posted, leave for reply	(no change)	leave `active`
Concern noted, won't act	(no change)	`wontFix`
Intentional design	(no change)	`byDesign`

GitHub — resolve: ``bash gh api graphql -f query='mutation($threadId: ID!) { resolveReviewThread(input: {threadId: $threadId}) { thread { isResolved } } }' -F threadId="<thread_id>" ``

ADO — PATCH with exact case-sensitive enum value (wontFix and byDesign are camelCase; the body is a fixed small JSON literal with no user content, so inlining --body '...' is safe here): ``bash az rest --resource 499b84ac-1321-427f-aa17-267ca6975798 --method PATCH \ --uri "https://dev.azure.com/{org}/{projectEnc}/_apis/git/repositories/{repoId}/pullRequests/{prId}/threads/{threadId}?api-version=7.1" \ --headers "Content-Type=application/json" \ --body '{ "status": "fixed" }' ``

Step 8: Summary

Present:

Threads addressed — fixes applied and replies posted, with

thread IDs.

Status updates — threads whose status was updated, with the

new status in the platform's native vocabulary.

Skipped threads — grouped by reason with counts (already in a

closed state — GitHub resolved, ADO fixed / closed / wontFix / byDesign; outdated or potentially outdated; ADO system threads).

Contradictions — items still needing team discussion.
Remaining open threads — anything not addressed in this pass.

Edge Cases

No actionable threads — report "No actionable review threads"

and list all skipped categories with counts.

Threads on deleted files — skip with a note; on ADO this is

also a potentially-outdated signal.

Outdated / potentially outdated threads — always ask the user

before addressing; the code may have changed to address the feedback already.

GitHub pagination — always check hasNextPage for both

reviewThreads and inner comments; PRs with many reviewers easily exceed 100 comments.

ADO `az rest` 401/403 — usually missing --resource, expired

az login, or insufficient project permissions. Tell the user which to check; do NOT recommend a PAT.

All versions v1.0.1 →