Pre-Commit Code Review
Overview
Perform comprehensive code review on uncommitted changes (staged and unstaged) to identify security issues, bugs, performance problems, and code quality concerns before committing. Issues are classified by severity with actionable recommendations.
Review Workflow
1. Gather Changes
Collect all code changes that will be committed:
# Check repository status (for context only) git status # Get staged changes (primary review target) git diff --cached # Get unstaged changes (secondary review target) git diff # View recent commits for context git log -3 --oneline
Important: Git status information (unstaged files, untracked files) is context only, not code issues. Only review the actual code changes in the diff output.
2. Analyze Changes
Review the code changes systematically:
- •Read the diff output - Understand what changed and why
- •Identify modified files - Note file types and their roles
- •Examine added/deleted lines - Look for CODE issues (security, bugs, performance, quality)
- •Consider context - Review surrounding code when needed using Read tool
Do not report: Git staging status, untracked files, or other git metadata as issues. Only analyze code content.
3. Apply Review Criteria
Check changes against comprehensive criteria. Load the full checklist when needed:
Read references/review-checklist.md
Quick scan areas:
- •Security: Credentials, injection vulnerabilities, authentication
- •Performance: Database queries, algorithmic complexity, resource usage
- •Code Quality: Naming, duplication, complexity
- •Error Handling: Try-catch blocks, edge cases, cleanup
- •Best Practices: API conventions, dependency management
4. Classify Issues by Severity
Categorize each issue found using this classification:
- •🔴 Critical - Security vulnerabilities, data loss risks, system crashes, production breaking changes
- •🟡 Warning - Performance problems, maintainability issues, potential bugs, technical debt
- •🔵 Info - Code style, minor optimizations, documentation, suggestions
For detailed classification guidance:
Read references/severity-guide.md
5. Present Review Results
Format the review output as follows:
## Code Review Summary **Files Changed**: [number] **Lines Added**: [number] | **Lines Removed**: [number] **Note**: [If unstaged changes exist, briefly mention "N files have unstaged changes" as FYI, not as an issue] --- ## 🔴 Critical Issues ### [Issue Title] **File**: `path/to/file.js:123` **Problem**: [Clear description of what's wrong] **Impact**: [What could happen if not fixed] **Solution**: [Specific fix recommendation] --- ## 🟡 Warnings ### [Issue Title] **File**: `path/to/file.js:456` **Problem**: [Description] **Solution**: [Recommendation] --- ## 🔵 Info ### [Issue Title] **File**: `path/to/file.js:789` **Suggestion**: [Improvement idea] --- ## ✅ Recommendation - **Commit Status**: [Ready to commit / Fix critical issues first / Needs attention] - **Summary**: [Overall assessment]
6. Address Critical Issues First
If critical issues (🔴) are found:
- •Explain the severity clearly
- •Offer to fix the issues immediately
- •Re-review after fixes are applied
Quick Review Mode
For faster reviews of small changes (< 100 lines), use abbreviated checklist:
- •Security: Hardcoded secrets, injection risks
- •Bugs: Null checks, error handling
- •Performance: Obvious inefficiencies
- •Quality: Naming, duplication
Resources
references/review-checklist.md
Comprehensive checklist covering security, performance, code quality, error handling, testing, and best practices. Load this for thorough reviews or when unsure what to check.
references/severity-guide.md
Detailed guide for classifying issues by severity (Critical/Warning/Info) with examples and decision tree. Load this when uncertain about issue priority or to explain severity to users.