Claude Code PR Review: /ultrareview, Code Review, and Subagents Compared (2026)
AI vibe coding has doubled code output speeds, but PR review volumes have exploded along with it. Anthropic launched official Code Review in March 2026, then shipped /ultrareview in April as a cloud-based multi-agent bug hunter. Combined with the community-developed self-built Subagent approach, Claude Code now offers three distinct AI code review paths for everyone from solo developers to large teams.
This guide breaks down all three paths to help you find the right automated PR review strategy.
TL;DR
/ultrareview(April 2026): Pro/Max accounts, cloud multi-agent parallel review, $5-20/run, only reports verified bugs, research preview- Official Code Review: Team/Enterprise only, 5-step GitHub integration, $15-25/review, false positives < 1%, results in 20 minutes
- Self-built 9-Subagent: Any paid account, drop a slash command in
.claude/commands/, fees are just API tokens, runs locally, ~75% of suggestions actionable - REVIEW.md: Place in repo root for automatic activation, use Always check / Style / Skip format, more focused than CLAUDE.md for review scenarios
- Cost tip: Use Manual trigger mode (avoid "After every push") and set a monthly spending cap
Three Paths Overview: Find Your Fit
Before diving into setup, clarify which approach matches your situation:
| Dimension | /ultrareview | Official Code Review | Self-Built 9-Subagent |
|---|---|---|---|
| Account | Pro / Max (research preview) | Team / Enterprise only | Any paid account |
| Execution | Cloud sandbox | GitHub integration | Local |
| Billing | $5-20/run (extra usage) | $15-25/review (extra usage) | API token consumption |
| Trigger | CLI /ultrareview | Auto or manual @claude review | Manual /code-review |
| Review location | CLI / Desktop | GitHub PR inline comments | Local terminal |
| Verification | Multi-agent independent reproduction | Multi-agent parallel analysis | 9-agent parallel analysis |
| Platform | Any (runs from local CLI) | GitHub only | Any |
| Bug detection | High (only verified bugs reported) | 84% (official large-PR test) | ~75% (community testing) |
Decision framework:
- Deep bug hunting before merge, Pro/Max account →
/ultrareview - Team/Enterprise + GitHub, want automated workflow → Official Code Review
- Budget-conscious individual developer, GitLab/Bitbucket → Self-built 9-Subagent
- Hybrid: self-built for quick scans during development →
/ultrareviewfor pre-merge deep check → official for CI auto-trigger
/ultrareview: Cloud Multi-Agent Bug Hunting (April 2026)
/ultrareview is a research preview feature Anthropic shipped alongside Opus 4.7 in April 2026. It launches multiple reviewer agents in a cloud sandbox, each attacking your code from a different angle, and only reports bugs that have been independently reproduced and verified.
How It Works
The key difference from official Code Review or self-built Subagents: /ultrareview doesn't find "possible issues," it finds "confirmed bugs." Each agent analyzes independently, and a finding must be reproduced by another agent to count. This means fewer results, but almost every reported issue genuinely needs fixing.
Multi-angle analysis:
- Logic correctness
- Security vulnerabilities
- Performance bottlenecks
- Error handling gaps
- Edge cases
- Test coverage gaps
Usage
In Claude Code CLI or Desktop:
/ultrareview
Or specify a PR number:
/ultrareview #123
Requires Claude Code v2.1.86+, must be logged in with a Claude account (API key alone won't work).
Pricing and Limitations
- $5-20 per run (varies with change size), billed as extra usage
- Pro/Max users received 3 free trial runs (expired May 5, 2026)
- Research preview stage, features and pricing may change
- Best used before merging important branches, not on every push
Setting Up Official Code Review: 5-Step GitHub Integration
The entire setup happens in the claude.ai admin panel — no CLI required. Two permissions needed: Claude org admin and GitHub org admin.
Step 1: Go to claude.ai/admin-settings/claude-code, find the Code Review section, and click Setup.
Step 2: Follow the prompts to install the Claude GitHub App to your GitHub org. The app requests read/write access to Contents and Pull Requests, which is necessary for analyzing PRs.
Note: Orgs with Zero Data Retention cannot use Code Review, as the analysis process requires temporarily storing code.
Step 3: Select the repositories to enable Code Review for. Once configured, it applies across repos without per-repo installation.
Step 4: Set the Review Behavior (trigger mode) for each repo:
- Once after PR creation: Reviews each PR once, most predictable cost, best for most cases
- After every push: Triggers on every push, highest cost — avoid unless necessary
- Manual: Only triggers when someone comments
@claude review, best for high-traffic repos or testing periods
Step 5: Open a test PR to verify. You should see a "Claude Code Review" check run appear within minutes. The first full review takes about 20 minutes.
Manual Triggering
In any mode, commenting @claude review at the top of a PR comment manually triggers a review. Requires owner / member / collaborator permissions. Doesn't work on draft PRs.
Hidden trap: In Manual mode, once someone comments
@claude review, that PR becomes automatically triggered on every subsequent push — effectively switching to "After every push" mode. Easy to miss on high-traffic repos.
REVIEW.md Template and Best Practices
Place REVIEW.md in the repository root — Claude Code Review reads it automatically, no additional configuration needed. It's additive: it extends Claude's default correctness checks without replacing them.
REVIEW.md vs. CLAUDE.md
- CLAUDE.md: Global instructions, read for all Claude Code work (interactive editing, agentic tasks)
- REVIEW.md: Only read during Code Review execution — ideal for review-specific rules
Both files can coexist. If a PR change makes CLAUDE.md outdated, Claude will flag it as needing updates.
Ready-to-Copy REVIEW.md Template
# Code Review Guidelines
## Always check
- New API endpoints have corresponding integration tests
- Database migrations are backward-compatible
- Error messages don't leak internal details to users
- Sensitive data (tokens, keys, PII) is not logged or hardcoded
## Style
- Prefer `match` statements over chained `isinstance` checks
- Use structured logging, not f-string interpolation in log calls
- Function names should be descriptive verbs, not nouns
## Skip
- Generated files under `src/gen/`
- Formatting-only changes in `*.lock` files
- Auto-generated migration files
Writing tips:
- Be specific in Always check: "New APIs need integration tests" is more useful than "write good code"
- Use Skip to reduce costs: Skipping generated files and lock files measurably reduces token consumption
- Keep Style minimal: Claude already has style preferences — REVIEW.md should only capture your codebase's specific conventions
Review findings use severity levels:
- 🔴 Normal: Bugs that should be fixed before merging
- 🟡 Nit: Minor issues, don't block merging
- 🟣 Pre-existing: Bugs present in the codebase but not introduced by this PR
Self-Built 9-Subagent Approach: The Path for Individual Developers
This approach was designed and open-sourced by engineer HAMY. A slash command in .claude/commands/ simultaneously launches 9 subagents for parallel analysis. According to HAMY's own testing, about 75% of suggestions are actionable (compared to less than 50% with a single agent).
9 Subagent Roles
| Subagent | Analysis Focus |
|---|---|
| Test Runner | Runs tests, reports pass/fail |
| Linter & Static Analysis | Runs linter, type checking |
| Code Reviewer | Up to 5 specific improvement suggestions (ranked by impact/effort) |
| Security Reviewer | Injection risks, auth issues, secrets leakage |
| Quality & Style Reviewer | Complexity, duplication, project conventions |
| Test Quality Reviewer | Test coverage ROI, behavioral vs. implementation tests |
| Performance Reviewer | N+1 queries, blocking ops, memory leaks |
| Dependency & Deployment Safety | Dependencies, breaking changes, migrations |
| Simplification & Maintainability | Conciseness, change atomicity |
Setup Steps
Step 1: Create .claude/commands/ directory in your project root
Step 2: Create .claude/commands/code-review.md defining the 9 subagent roles and parallel execution logic (reference HAMY's open-source template)
Step 3: Run /code-review in Claude Code terminal
Claude auto-determines review scope (priority order):
- Scope you specify (e.g.,
/code-review auth/) - Feature branch vs. main diff
- Staged changes
- Most recent commit
Step 4 (optional): Define coding conventions in CLAUDE.md or your project style guide — all 9 subagents will read them automatically
Final output verdict: Ready to Merge / Needs Attention / Needs Work, with each agent's analysis summary.
Cost Calculation and ROI Evaluation
Three-Way Cost Comparison
| Option | Cost per run | 10-person team/month (60 PRs) | Solo developer/month (20 PRs) |
|---|---|---|---|
| /ultrareview | $5-20/run | $600-1,200 | $100-400 |
| Official Code Review | $15-25/review | $1,200-1,500 | Not available |
| Self-built 9-Subagent | API token consumption | ~$200-500 (est.) | ~$50-150 |
Both official Code Review and /ultrareview are billed as extra usage, not counting toward your plan's included usage. Set a monthly spending cap at claude.ai/admin-settings/usage.
Comparison with CodeRabbit
| /ultrareview | Official Code Review | CodeRabbit | |
|---|---|---|---|
| Billing | $5-20/run | $15-25/review | $12-24/person/month (annual) |
| Speed | Minutes | ~20 minutes | ~2 minutes |
| Account | Pro/Max | Team/Enterprise | Free tier available |
| Platforms | Any | GitHub only | GitHub, GitLab, Bitbucket |
| Verification | Multi-agent reproduction | Multi-agent parallel | Not disclosed |
| Codebase context | Entire repo | Entire repo | Changed lines only |
When /ultrareview is most valuable:
- Pre-merge safety net for important branches, want only verified real bugs
- Pro/Max user wanting deep review without Team/Enterprise
- Willing to spend $5-20 for peace of mind on critical changes
When official Code Review's premium is worth it:
- Large PRs, complex codebases, cross-file security reviews
- Heavy AI-generated code, low false-positive tolerance (Claude < 1%)
- Existing Team/Enterprise subscription, want GitHub workflow integration
When CodeRabbit is more cost-effective:
- Small to mid-sized engineering teams (< 30 people), fixed monthly fee is easier to budget
- GitLab or Bitbucket support required
- Faster review turnaround needed (2 minutes vs. 20 minutes)
Limitations and Trade-offs
/ultrareview Limitations
- Research preview stage, features and pricing may change
- Requires Claude Code v2.1.86+, must use account login (API key won't work)
- Not suitable for high-frequency use (running on every push gets expensive), designed as a pre-merge deep check
- Reports fewer issues than other options (only verified bugs), not ideal for comprehensive style/convention feedback
Official Code Review Limitations
Not suitable for:
- Individual developers and Pro account users (no access, but these users can now use /ultrareview)
- GitLab or Bitbucket teams (not supported as of May 2026)
- Fast-merge workflows (20 minutes is too slow)
- Orgs with Zero Data Retention requirements
Suitable for:
- Large teams with high proportions of AI-generated code needing deep security and logic review
- Team/Enterprise subscribers already on GitHub wanting zero-setup automation
- Strict code quality workflows emphasizing low false positive rates (< 1%)
Self-Built 9-Subagent Limitations
- Local execution only, no CI/CD auto-trigger (must manually run
/code-review) - 9 parallel agents take time and consume considerable Claude Code session resources
- Setting up and maintaining prompt templates requires additional investment
Conclusion
Claude Code's PR review landscape has evolved from two paths to a three-tier defense system in 2026. /ultrareview now gives Pro/Max users access to cloud-based multi-agent deep review, removing the Team/Enterprise barrier. The official Code Review remains the best choice for teams wanting GitHub workflow integration, and self-built Subagents offer the most budget-friendly entry point.
I use a multi-layer review strategy in Shareuhack's agent system: self-built subagents for quick scans during development, and /ultrareview as a final safety net before merging important feature branches. The practical experience is clear: parallel analysis catches significantly more issues than a single agent, and /ultrareview's verification mechanism means almost every reported issue genuinely needs fixing. If your codebase already has substantial AI-generated code, automating PR review is a worthwhile investment.
Next steps:
- Pro/Max users: Type
/ultrareviewin your CLI to experience cloud multi-agent review, best used before merging important PRs - Team/Enterprise users: Start the 5-step setup at claude.ai/admin-settings/claude-code, use Manual mode for the first week to monitor costs
- Budget-conscious individual developers: Start with HAMY's self-built 9-Subagent tutorial, you can run your first review within 30 minutes
- Still choosing tools? See Cursor vs Claude Code vs Windsurf comparison
FAQ
Can individual developers use Claude Code PR Review without a Team/Enterprise account?
Since April 2026, Pro and Max users can use /ultrareview, which launches cloud-based multi-agent review at $5-20 per run. Additionally: (1) Self-built 9-Subagent approach using .claude/commands/ runs locally with API token costs only; (2) GitHub Actions + anthropics/claude-code-action requires just an API key; (3) GitLab users can use the official CI/CD beta integration. Only the managed Code Review service (GitHub auto-trigger with inline PR comments) remains Team/Enterprise exclusive.
What's the difference between /ultrareview and the official Code Review?
/ultrareview is a research preview that spins up multiple reviewer agents in a cloud sandbox, each attacking your code from a different angle (logic, security, performance, edge cases). It only surfaces findings that have been independently reproduced and verified. Available to Pro/Max accounts at $5-20/run. The official Code Review is a Team/Enterprise managed service that auto-triggers on GitHub PRs and posts inline comments at $15-25/review. In short: /ultrareview is deep bug hunting, the official version is workflow integration.
Can choosing the wrong trigger mode really cause bill spikes? What's the most cost-effective setting?
Yes. Selecting 'After every push' means 20 pushes to one PR equals $300-500. The most cost-effective strategy: start with Manual mode (only triggers when someone comments @claude review); be aware that once Manual mode triggers, that PR becomes push-triggered for all subsequent pushes. Also set a monthly spending cap in admin settings to prevent unexpected overages.
Does Claude Code PR Review support GitLab or Bitbucket?
The official managed Code Review service only supports GitHub as of May 2026. /ultrareview runs from the local CLI, so it works regardless of your Git platform. GitLab has an official CI/CD beta integration (configure in .gitlab-ci.yml with ANTHROPIC_API_KEY). Bitbucket has no official support, only community DIY solutions. If your team primarily uses GitLab or Bitbucket, CodeRabbit is a more mature option with native support for all three platforms.
Was this article helpful?
