How to Use Claude Code for AI Code Reviews in VS Code

Claude Code is everywhere right now

VS Code daily installs hit 29 million. Anthropic is pulling $2.5 billion in run-rate revenue. The 2025 Stack Overflow survey found 84% of developers use AI tools in their workflow, with 51% using them daily.

And if you ask developers which AI coding tool they actually like using — not just tolerate — Claude Code keeps winning. Accenture's internal trial measured 8.69% more pull requests per developer. Forum threads rank it above Copilot and Cursor for reasoning quality. The terminal-first approach that seemed weird in 2024 turned out to be exactly what power users wanted.

But here's what most Claude Code users haven't tried: using it for code reviews.

Not code generation. Not refactoring. Reviews — the part of the development cycle that eats 20-30% of engineering time and still lets bugs through to production.

This is a walkthrough of how to set that up. Two approaches: the manual way (Claude Code in your terminal) and the automated way (Git AutoReview's Deep Review mode). Both run inside VS Code. Both keep your code local.

What Claude Code actually is (30-second version)

Claude Code is Anthropic's CLI tool for working with code. It runs in your terminal — or inside VS Code's integrated terminal — and has direct access to your filesystem. It can read files, write files, run commands, and understand your project structure.

The key difference from ChatGPT or Copilot: Claude Code doesn't just see what you paste into it. It can open files on its own, follow import chains, check your package.json, read your test files. It operates on your actual codebase, not a snippet.

That's what makes it useful for reviews. A review tool that can only see the diff misses context. Claude Code can see everything.

Installing Claude Code (5 minutes)

Step 1: Install the CLI

macOS, Linux, or WSL:

curl -fsSL https://claude.ai/install.sh | bash

Windows PowerShell:

irm https://claude.ai/install.ps1 | iex

Verify the installation:

claude --version

Step 2: Subscribe to Claude Pro or Max

Claude Code requires a paid subscription from Anthropic:

• Claude Pro — $100/month (solid for most developers)
• Claude Max — $200/month (higher rate limits for heavy usage)

This is a flat subscription. Not per-token, not per-review. Whether you run 5 reviews a day or 50, the cost is the same.

Step 3: Open VS Code

Claude Code automatically detects VS Code and offers to install the extension. Once installed, you get:

• A dedicated sidebar panel for conversations
• Inline diffs showing proposed changes
• @-mentions for files and line ranges
• Checkpoints for rewinding if something goes wrong
• Extended thinking mode for complex analysis

You can also use Claude Code in VS Code's integrated terminal if you prefer the CLI feel. Set useTerminal: true in the extension settings.

Approach 1: Manual code review with Claude Code

This is the straightforward way. You're the one driving the review — Claude Code is your assistant.

Reviewing a diff

Navigate to your project and ask Claude Code to review your changes:

cd your-project
claude

Then in the conversation:

Review the diff between main and my current branch.
Focus on bugs, security issues, and missing edge cases.
Skip style suggestions.

Claude Code will run git diff main, read the changed files, and give you findings. Because it has filesystem access, it can also open related files — checking if your changes break imports elsewhere, if your new function signature matches its callers, if your test file actually covers the new code path.

Reviewing specific files

You can also point Claude Code at specific files:

Review src/services/AuthService.ts for security vulnerabilities.
Check if the token validation handles expired tokens correctly.

Or use @-mentions in the VS Code extension:

Review @src/services/AuthService.ts and @src/middleware/auth.ts
for consistency in how they handle JWT expiration.

Writing better review prompts

The difference between useful findings and noise is almost entirely in how you ask.

Vague prompt (produces noise):

Review this code.

Specific prompt (produces findings you'll actually act on):

Review the changes in this PR. Focus on:
1. Logic errors and edge cases (null, empty, concurrent access)
2. Security: any user input reaching a DB query or shell command
3. Missing error handling that would cause silent failures

Skip: formatting, naming suggestions, import ordering.
Format: list each issue with severity (high/medium/low),
the file and line, and a suggested fix.

The structured approach isn't just about getting better output. It also reduces false positives — the findings that waste your time because they're technically correct but practically irrelevant.

One developer reported building over 90 lines of review instructions tuned to their team's standards. That might sound like overkill, but for a team doing 20+ reviews a day, investing an hour in prompt engineering saves hundreds of hours of noise filtering.

The limitations of manual review

Manual Claude Code review works well for individual developers reviewing their own code before pushing. It's fast to set up, flexible, and you control exactly what gets reviewed.

But it doesn't scale. You have to remember to do it. You have to construct the prompt each time. You have to copy findings to your PR manually. And you're reviewing one PR at a time — there's no way to run Claude Code across your team's PRs automatically.

That's where automation comes in.

Approach 2: Automated review with Git AutoReview + Claude Code

Git AutoReview is a VS Code extension that automates the review workflow. It has two modes:

• Quick Review — sends your diff to an AI model via API. Returns findings in 15-30 seconds. Good for routine PRs.
• Deep Review — uses Claude Code CLI to spin up an agent that explores your full codebase. Takes 5-25 minutes. Good for complex PRs.

Deep Review is where Claude Code's filesystem access really pays off.

What Deep Review does differently

When you trigger a Deep Review, Git AutoReview doesn't just send your diff to an API. It launches Claude Code as an agent with a structured review prompt. The agent:

1. Reads the PR diff to understand what changed
2. Opens related files — imports, configs, tests, type definitions
3. Follows dependency chains across modules
4. Runs your linter on affected files
5. Checks test coverage for changed code paths
6. Produces findings with severity ratings, file references, and fix suggestions

You can watch all of this happening in real time through the activity log in VS Code:

[Agent] Reading PR diff... 8 files changed, 342 lines
[Agent] Opening src/services/PaymentService.ts (imported by OrderController)
[Agent] Opening src/config/stripe.ts (referenced in PaymentService)
[Agent] Running ESLint on 3 changed files...
[Agent] Found: stripe.ts uses API key from environment without validation
[Agent] Checking test coverage for processRefund()...
[Agent] No tests found for processRefund — flagging as coverage gap
[Agent] Opening src/types/Payment.ts (type referenced in refund handler)
[Agent] Found: PaymentStatus enum missing "REFUND_FAILED" state

The activity log isn't just a progress indicator. It's an audit trail. When a finding says "this function has no test coverage," you can see exactly which files the agent opened and how it reached that conclusion. That transparency is what separates useful AI review from a black box that says "there might be an issue here."

Setting up Deep Review

Prerequisites:

• VS Code with Git AutoReview extension installed
• Claude Code CLI installed and authenticated
• Claude Pro ($100/mo) or Max ($200/mo) subscription

Step 1: Install Git AutoReview from the VS Code Marketplace.

Step 2: Open the Git AutoReview panel in VS Code. Your staged or committed changes appear automatically.

Step 3: Click "Deep Review" instead of "Quick Review." Git AutoReview launches Claude Code in the background and begins the agent review.

Step 4: Review findings when the agent finishes. Each finding shows:

• Severity (critical, warning, suggestion)
• File and line reference
• Description of the issue
• Suggested fix

Step 5: Approve or dismiss each finding. Only approved findings get published to your PR.

That last step matters. Every finding requires your approval before it reaches your PR. AI suggests. You decide.

Quick Review vs Deep Review: when to use which

Not every PR needs a 15-minute deep analysis. Here's the decision framework:

Use Quick Review (15-30 seconds) for:

• Small PRs under 100 lines
• Routine changes: dependency bumps, copy edits, config tweaks
• Files that don't interact with other modules
• When you just need a fast sanity check

Use Deep Review (5-25 minutes) for:

• PRs touching business logic across multiple files
• Security-sensitive changes (auth, payments, data handling)
• Major refactors where you need confidence nothing broke
• Changes going to main or production where failure is expensive
• Code you wrote with AI assistance and want a second opinion on

In practice, about 80% of PRs are fine with Quick Review. The other 20% — the ones that actually break production — are where Deep Review earns its keep.

Why Claude Code is particularly good at reviews

Not all AI models are equally useful for code review. The model's ability to understand code structure, trace data flow, and reason about edge cases determines whether you get actionable findings or noise.

Claude Opus 4.6 scores 80.8% on SWE-bench Verified — the benchmark that tests real bug fixes from GitHub issues. It's strongest at architectural analysis: understanding how components connect, tracing data flow across files, and spotting the edge cases that break in production.

But the model is only half the equation. The other half is access.

A model reviewing a diff is like a doctor diagnosing from symptoms only. A model exploring your full codebase — reading test files, checking configs, following imports — is like a doctor with access to your full medical history. The diagnosis is fundamentally better because it's based on more information.

That's the combination Claude Code brings to reviews: a strong model with full filesystem access. Deep Review uses both.

The BYOK angle: keeping your code private

One question that comes up with any AI review tool: where does my code go?

With Claude Code, your code stays on your machine and goes through Anthropic's API. It's not uploaded to a third-party cloud sandbox, not stored in someone else's infrastructure, not indexed by a service you don't control.

Git AutoReview extends this approach with BYOK (Bring Your Own Key) for Quick Review mode. You provide your own API keys for OpenAI, Anthropic, or Google. Your code goes directly from VS Code to the model provider — it never passes through Git AutoReview's servers.

For Deep Review, Claude Code handles the data path. Same result: local execution, API-direct communication, no middleman.

This matters for teams in regulated industries or companies with strict security policies. The 2025 Sonar developer survey found 60% of developers use static analysis to review AI-generated code. Teams care about where their code travels. BYOK and local execution remove that concern entirely.

Multi-model reviews: running Claude alongside other models

Git AutoReview supports up to three models in parallel for Quick Review. You can run Claude Opus, GPT-5.3-Codex, and Gemini 3 Pro on the same PR and get merged, deduplicated findings.

Different models catch different things. Claude excels at architectural bugs and cross-file reasoning. GPT-5.3-Codex leads speed benchmarks. Gemini 3 Pro handles enormous diffs with its 2M token context window without truncation.

Running multiple models is like getting three senior devs to review the same PR. They'll each catch something the others miss. The deduplication ensures you don't see the same finding three times.

For Deep Review, Claude Code is the engine — it's the agent exploring your codebase. But for the 80% of PRs where Quick Review is sufficient, multi-model gives you broader coverage in the same 15-30 second window.

Pricing: what it actually costs

The pricing for Claude Code-based reviews has two components:

Claude Code subscription (required for Deep Review):

• Claude Pro: $100/month
• Claude Max: $200/month

This is a flat rate from Anthropic. Whether you run 2 deep reviews or 200, the cost is the same within rate limits.

Git AutoReview extension (optional, adds automation):

• Free: 10 reviews/day, 1 repo
• Developer: $9.99/month, 100 reviews/day, 10 repos
• Team: $14.99/month, unlimited reviews, team features

Quick Review also needs API keys for the models you choose (BYOK). Typical cost for a mix of models: $20-50/month depending on volume.

Total cost for a solo developer: Claude Pro ($100) + Git AutoReview Developer ($9.99) + API keys (~$30) = ~$140/month for both deep and quick review.

For comparison: CodeRabbit Team costs $40/user/month ($400 for a 10-person team). A dedicated code review service runs $500-2,000/month. A senior engineer spending 2 hours daily on reviews costs the company $80,000-120,000/year.

$140/month for automated first-pass review that catches cross-file bugs, runs your linter, checks test coverage, and lets you approve every finding before it publishes? That math is straightforward.

Getting started today

If you already have Claude Code installed:

1. Open VS Code, navigate to your project
2. Install Git AutoReview
3. Make a change on a branch, stage it
4. Click "Deep Review" in the Git AutoReview panel
5. Watch the activity log as Claude Code explores your codebase
6. Review findings, approve what's useful, dismiss what's not

If you don't have Claude Code yet:

1. Run curl -fsSL https://claude.ai/install.sh | bash
2. Sign up for Claude Pro ($100/mo) at anthropic.com
3. Open VS Code — Claude Code detects it and installs the extension
4. Follow steps 2-6 above

The whole setup takes about 10 minutes. Your first Deep Review will take another 5-25 minutes depending on project size. By the end of it, you'll know whether this approach catches things your current review process misses.

Install Git AutoReview →

---

Every AI finding requires your approval before it reaches your PR. AI suggests. You decide.