Claude Code Review for Azure DevOps
Automated PR code review powered by Claude AI. Detects bugs, security vulnerabilities, logic errors, and missing error handling with confidence-based scoring to eliminate false positives.
Features
- Bug detection - null pointers, off-by-one errors, race conditions, resource leaks
- Security scanning - injection, auth bypass, data exposure, hardcoded secrets
- Logic analysis - incorrect conditions, wrong variables, missing edge cases
- Confidence scoring - only surfaces high-confidence findings (default: 80+)
- Zero noise - filters out pre-existing issues, linter catches, and nitpicks
Setup
1. Install the extension
Install from the Azure DevOps Marketplace.
2. Store your API key
Add your Anthropic API key as a secret pipeline variable:
- Go to Pipelines > Library > Variable groups
- Create a group (e.g.,
ai-keys)
- Add variable
ANTHROPIC_API_KEY (mark as secret)
3. Add to your pipeline
trigger: none
pr:
branches:
include:
- main
- develop
pool:
vmImage: 'ubuntu-latest'
steps:
- task: ClaudeCodeReview@1
inputs:
anthropicApiKey: $(ANTHROPIC_API_KEY)
env:
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
4. Grant permissions
The pipeline needs Contribute to pull requests permission on the repository for the build service account.
Configuration
| Input |
Required |
Default |
Description |
anthropicApiKey |
Yes |
- |
Anthropic API key |
confidenceThreshold |
No |
80 |
Minimum confidence (0-100) to post a finding |
model |
No |
claude-sonnet-4-5-20250514 |
Claude model |
maxFiles |
No |
50 |
Max files to include in review |
How It Works
- Task detects it's running in a PR build
- Fetches the PR diff via Azure DevOps REST API
- Sends diff to Claude with a specialized code review prompt
- Claude scores each finding 0-100 for confidence
- Only findings above the threshold are posted as a PR comment
Review Output
## Claude Code Review
Found 2 issue(s):
1. **[Security]** SQL query built with string concatenation allows injection (confidence: 95)
File: `src/data/query.ts` Lines: 45-52
2. **[Bug]** Null check missing before accessing user.profile.email (confidence: 88)
File: `src/handlers/auth.ts` Line: 123
If no issues are found: "No issues found. LGTM!"
Skipped Scenarios
The task automatically skips (succeeds without reviewing) when:
- Not a PR build (e.g., CI on push)
- No changed files in the PR
License
MIT
