Phoenix Code Review
Quick Reference
| Issue Type | Reference |
|---|---|
| Bounded contexts, Ecto integration | references/contexts.md |
| Actions, params, error handling | references/controllers.md |
| Pipelines, scopes, verified routes | references/routing.md |
| Custom plugs, authentication | references/plugs.md |
Review Checklist
Controllers
- • Business logic in contexts, not controllers
- • Controllers return proper HTTP status codes
- • Action clauses handle all expected patterns
- • Fallback controllers handle errors consistently
Contexts
- • Contexts are bounded by domain, not technical layer
- • Public functions have clear, domain-focused names
- • Changesets validate all user input
- • No Ecto queries in controllers
Routing
- • Verified routes (~p sigil) used, not string paths
- • Pipelines group related plugs
- • Resources use only needed actions
- • Scopes group related routes
Plugs
- • Authentication/authorization via plugs
- • Plugs are composable and single-purpose
- • Halt called after sending response in plugs
JSON APIs
- • Proper content negotiation
- • Consistent error response format
- • Pagination for list endpoints
Valid Patterns (Do NOT Flag)
- •Controller calling multiple contexts - Valid for orchestration
- •Inline Ecto query in context - Context owns its data access
- •Using
action_fallback- Centralized error handling pattern - •Multiple pipelines per route - Composition is intentional
- •
Plug.Conn.halt/1without send - May be handled by fallback
Context-Sensitive Rules
| Issue | Flag ONLY IF |
|---|---|
| Missing changeset validation | Field accepts user input AND no validation exists |
| Controller too large | More than 7 actions OR actions > 20 lines |
| Missing authorization | Route is not public AND no auth plug in pipeline |
Before Submitting Findings
Load and follow review-verification-protocol before reporting any issue.