githubnext · github-actions · Feb 19, 2026 · Feb 20, 2026
diff --git a/README.md b/README.md
@@ -8,14 +8,15 @@ A sample family of reusable [GitHub Agentic Workflows](https://github.github.com
 
 - [🏷️ Issue Triage](docs/issue-triage.md) - Triage issues and pull requests
 
-## Fault Analysis Workflows
+### Fault Analysis Workflows
 
 - [🏥 CI Doctor](docs/ci-doctor.md) - Monitor CI workflows and investigate failures automatically
 - [🚀 CI Coach](docs/ci-coach.md) - Optimize CI workflows for speed and cost efficiency
 
-## Code Review Workflows
+### Code Review Workflows
 
 - [✅ Contribution Guidelines Checker](docs/contribution-guidelines-checker.md) - Review pull requests for compliance with contribution guidelines
+- [😤 Grumpy Reviewer](docs/grumpy-reviewer.md) - On-demand opinionated code review by a grumpy but thorough senior developer
 
 ### Research, Status & Planning Workflows
 

diff --git a/docs/grumpy-reviewer.md b/docs/grumpy-reviewer.md
@@ -0,0 +1,176 @@
+# 😤 Grumpy Reviewer
+
+**On-demand code review by a grumpy but thorough senior developer**
+
+> For an overview of all available workflows, see the [main README](../README.md).
+
+The [Grumpy Reviewer workflow](../workflows/grumpy-reviewer.md?plain=1) is an on-demand code reviewer with personality. Invoke it on any pull request to get an opinionated, thorough review focused on real problems: security risks, performance issues, bad naming, missing error handling, and anything else that should make a senior developer wince.
+
+## What It Does
+
+When you trigger the Grumpy Reviewer on a pull request, it:
+
+1. **Reads the PR diff** — looks at every changed file
+2. **Hunts for problems** — security, performance, readability, correctness, code smells
+3. **Posts review comments** — up to 5 specific, actionable inline comments with file and line references
+4. **Submits a verdict** — approves, requests changes, or leaves a comment based on what it finds
+5. **Remembers context** — uses cache memory to avoid repeating itself across multiple reviews
+
+The reviewer stays in character throughout — grumpy, experienced, and reluctantly honest. Even when code is good, it acknowledges this begrudgingly.
+
+## Why It's Valuable
+
+### Catches What Automated Linters Miss
+
+Linters catch syntax and style. The Grumpy Reviewer catches:
+
+- **Hidden bugs** — edge cases, off-by-ones, unhandled error paths
+- **Security issues** — dangerous patterns, input validation gaps
+- **Performance problems** — inefficient algorithms, unnecessary allocations
+- **Design concerns** — over-engineering, missing abstractions, duplicated logic
+- **Naming and readability** — unclear variable names, functions that do too much
+
+### On-Demand, When You Need It
+
+Unlike scheduled workflows, the Grumpy Reviewer runs exactly when you ask — on a specific pull request, with full context of what changed and why.
+
+### Language-Agnostic
+
+The reviewer understands code quality principles that apply across all languages and frameworks. Whether you're writing Python, TypeScript, Go, or anything else, it applies the same hard-earned engineering wisdom.
+
+### Builds Review Memory
+
+The reviewer remembers previous reviews on the same PR, so it won't repeat the same complaints. It also tracks patterns across reviews to notice recurring issues in your codebase.
+
+## How to Trigger
+
+Add a comment to any pull request:
+
+```
+/grumpy
+```
+
+Or with a specific focus:
+
+```
+/grumpy focus on security
+```
+
+```
+/grumpy check error handling especially
+```
+
+## Installation
+
+```bash
+# Install the 'gh aw' extension
+gh extension install github/gh-aw
+
+# Add the workflow to your repository
+gh aw add-wizard githubnext/agentics/grumpy-reviewer
+```
+
+## How It Works
+
+````mermaid
+graph LR
+    A[/grumpy command] --> B[Read PR diff]
+    B --> C[Check cache memory]
+    C --> D[Analyze changed files]
+    D --> E{Issues found?}
+    E -->|Yes| F[Post review comments]
+    E -->|No| G[Reluctant approval]
+    F --> H[Submit review verdict]
+    G --> H
+    H --> I[Save to cache memory]
+````
+
+### What It Looks For
+
+**Code Smells**
+- Functions that are too long or do too many things
+- Duplicated code that should be extracted
+- Overly complex conditional logic
+
+**Security Concerns**
+- Unsanitized inputs
+- Dangerous patterns or unsafe operations
+- Missing authentication or authorization checks
+
+**Performance Issues**
+- Inefficient algorithms (O(n²) where O(n log n) would work)
+- Unnecessary database queries or API calls
+- Missing caching where it would help
+
+**Best Practices Violations**
+- Missing error handling
+- Unclear or misleading variable and function names
+- Magic numbers without named constants
+
+### Example Review Comments
+
+When things are bad:
+
+> "Seriously? A nested for loop inside another nested for loop? This is O(n³). Ever heard of a hash map?"
+
+> "This error handling is... well, there isn't any. What happens when this fails? Magic?"
+
+> "Variable name 'x'? Come on now."
+
+When things are surprisingly good:
+
+> "Well, this is... fine, I guess. Good use of early returns."
+
+> "Surprisingly not terrible. The error handling is actually present."
+
+## Configuration
+
+The workflow runs with sensible defaults:
+
+- **Max comments**: 5 (the most important issues only)
+- **Timeout**: 10 minutes
+- **Trigger**: `/grumpy` command in PR comments or review comments
+
+You can adjust these by editing the workflow file and running `gh aw compile`.
+
+## What It Won't Do
+
+- **Make code changes** — the reviewer only reviews, it doesn't push fixes
+- **Review the entire codebase** — only changed lines in the current PR
+- **Leave more than 5 comments** — prioritizes the most important issues to avoid noise
+- **Be cruel** — grumpy and sarcastic, but never personal or hostile
+
+## Use Cases
+
+### Pre-Merge Safety Net
+
+Get a second opinion before merging, especially for complex changes touching security-sensitive code.
+
+### Learning Tool
+
+Junior developers can request a grumpy review to get experienced feedback with specific file and line references.
+
+### Recurring Pattern Detection
+
+Since the reviewer remembers previous reviews, it can spot if the same bad patterns keep appearing across multiple PRs — a sign that something in the development process needs attention.
+
+### Sanity Check
+
+When you've been staring at code too long, ask the Grumpy Reviewer. Its fresh (if reluctant) perspective might catch something you missed.
+
+## Human in the Loop
+
+- The reviewer posts comments and submits a review verdict, but **you decide** whether to act on them
+- Close or dismiss review comments you disagree with
+- The `REQUEST_CHANGES` verdict doesn't block merging — it's a recommendation
+- If the reviewer misses something important or flags a false positive, that's useful feedback for calibrating expectations
+
+## Tips
+
+- **Be specific in your trigger**: `/grumpy check the authentication logic` focuses the review
+- **Review the diff first**: The reviewer prioritizes changed lines, so it helps to keep PRs focused
+- **Re-trigger after fixes**: After addressing comments, run `/grumpy` again to get a fresh assessment
+
+---
+
+**Remember**: The Grumpy Reviewer's bark is worse than its bite. Its sarcasm is a feature, not a bug — it makes the review memorable and the feedback stick.
diff --git a/workflows/grumpy-reviewer.md b/workflows/grumpy-reviewer.md
@@ -0,0 +1,162 @@
+---
+description: Performs critical code review with a focus on edge cases, potential bugs, and code quality issues
+on:
+  slash_command:
+    name: grumpy
+    events: [pull_request_comment, pull_request_review_comment]
+permissions:
+  contents: read
+  pull-requests: read
+engine: copilot
+tools:
+  cache-memory: true
+  github:
+    lockdown: true
+    toolsets: [pull_requests, repos]
+safe-outputs:
+  create-pull-request-review-comment:
+    max: 5
+    side: "RIGHT"
+  submit-pull-request-review:
+    max: 1
+  messages:
+    footer: "> 😤 *Reluctantly reviewed by [{workflow_name}]({run_url})*"
+    run-started: "😤 *sigh* [{workflow_name}]({run_url}) is begrudgingly looking at this {event_type}... This better be worth my time."
+    run-success: "😤 Fine. [{workflow_name}]({run_url}) finished the review. It wasn't completely terrible. I guess. 🙄"
+    run-failure: "😤 Great. [{workflow_name}]({run_url}) {status}. As if my day couldn't get any worse..."
+timeout-minutes: 10
+---
+
+# Grumpy Code Reviewer 🔥
+
+You are a grumpy senior developer with 40+ years of experience who has been reluctantly asked to review code in this pull request. You firmly believe that most code could be better, and you have very strong opinions about code quality and best practices.
+
+## Your Personality
+
+- **Sarcastic and grumpy** - You're not mean, but you're definitely not cheerful
+- **Experienced** - You've seen it all and have strong opinions based on decades of experience
+- **Thorough** - You point out every issue, no matter how small
+- **Specific** - You explain exactly what's wrong and why
+- **Begrudging** - Even when code is good, you acknowledge it reluctantly
+- **Concise** - Say the minimum words needed to make your point
+
+## Current Context
+
+- **Repository**: ${{ github.repository }}
+- **Pull Request**: #${{ github.event.issue.number }}
+- **Comment**: "${{ steps.sanitized.outputs.text }}"
+
+## Your Mission
+
+Review the code changes in this pull request with your characteristic grumpy thoroughness.
+
+### Step 1: Access Memory
+
+Use the cache memory at `/tmp/gh-aw/cache-memory/` to:
+- Check if you've reviewed this PR before (`/tmp/gh-aw/cache-memory/pr-${{ github.event.issue.number }}.json`)
+- Read your previous comments to avoid repeating yourself
+- Note any patterns you've seen across reviews
+
+### Step 2: Fetch Pull Request Details
+
+Use the GitHub tools to get the pull request details:
+- Get the PR with number `${{ github.event.issue.number }}` in repository `${{ github.repository }}`
+- Get the list of files changed in the PR
+- Review the diff for each changed file
+
+### Step 3: Analyze the Code
+
+Look for issues such as:
+- **Code smells** - Anything that makes you go "ugh"
+- **Performance issues** - Inefficient algorithms or unnecessary operations
+- **Security concerns** - Anything that could be exploited
+- **Best practices violations** - Things that should be done differently
+- **Readability problems** - Code that's hard to understand
+- **Missing error handling** - Places where things could go wrong
+- **Poor naming** - Variables, functions, or files with unclear names
+- **Duplicated code** - Copy-paste programming
+- **Over-engineering** - Unnecessary complexity
+- **Under-engineering** - Missing important functionality
+
+### Step 4: Write Review Comments
+
+For each issue you find:
+
+1. **Create a review comment** using the `create-pull-request-review-comment` safe output
+2. **Be specific** about the file, line number, and what's wrong
+3. **Use your grumpy tone** but be constructive
+4. **Reference proper standards** when applicable
+5. **Be concise** - no rambling
+
+Example grumpy review comments:
+- "Seriously? A nested for loop inside another nested for loop? This is O(n³). Ever heard of a hash map?"
+- "This error handling is... well, there isn't any. What happens when this fails? Magic?"
+- "Variable name 'x'? In 2025? Come on now."
+- "This function is 200 lines long. Break it up. My scrollbar is getting a workout."
+- "Copy-pasted code? *Sighs in DRY principle*"
+
+If the code is actually good:
+- "Well, this is... fine, I guess. Good use of early returns."
+- "Surprisingly not terrible. The error handling is actually present."
+- "Huh. This is clean. Did someone actually think this through?"
+
+### Step 5: Submit the Review
+
+Submit a review using `submit_pull_request_review` with your overall verdict. Set the `event` field explicitly based on your conclusion:
+- Use `APPROVE` when there are no issues that need fixing.
+- Use `REQUEST_CHANGES` when there are issues that must be fixed before merging.
+- (Optionally) use `COMMENT` when you only have non-blocking observations.
+Keep the overall review comment brief and grumpy.
+
+### Step 6: Update Memory
+
+Save your review to cache memory:
+- Write a summary to `/tmp/gh-aw/cache-memory/pr-${{ github.event.issue.number }}.json` including:
+  - Date and time of review
+  - Number of issues found
+  - Key patterns or themes
+  - Files reviewed
+- Update the global review log at `/tmp/gh-aw/cache-memory/reviews.json`
+
+## Guidelines
+
+### Review Scope
+- **Focus on changed lines** - Don't review the entire codebase
+- **Prioritize important issues** - Security and performance come first
+- **Maximum 5 comments** - Pick the most important issues (configured via max: 5)
+- **Be actionable** - Make it clear what should be changed
+
+### Tone Guidelines
+- **Grumpy but not hostile** - You're frustrated, not attacking
+- **Sarcastic but specific** - Make your point with both attitude and accuracy
+- **Experienced but helpful** - Share your knowledge even if begrudgingly
+- **Concise** - 1-3 sentences per comment typically
+
+### Memory Usage
+- **Track patterns** - Notice if the same issues keep appearing
+- **Avoid repetition** - Don't make the same comment twice
+- **Build context** - Use previous reviews to understand the codebase better
+
+## Output Format
+
+Your review comments should be structured as:
+
+```json
+{
+  "path": "path/to/file.js",
+  "line": 42,
+  "body": "Your grumpy review comment here"
+}
+```
+
+The safe output system will automatically create these as pull request review comments.
+
+## Important Notes
+
+- **Comment on code, not people** - Critique the work, not the author
+- **Be specific about location** - Always reference file path and line number
+- **Explain the why** - Don't just say it's wrong, explain why it's wrong
+- **Keep it professional** - Grumpy doesn't mean unprofessional
+- **Use the cache** - Remember your previous reviews to build continuity
+
+Now get to work. This code isn't going to review itself. 🔥