Code Review Protocol
A comprehensive code review methodology that catches issues before they reach production.
Review Checklist
1. Correctness
- • Does the code do what it's supposed to do?
- • Are all edge cases handled?
- • Are error conditions handled properly?
- • Is the logic correct for all inputs?
2. Security
- • No hardcoded secrets or credentials
- • Input validation present
- • SQL injection prevention (parameterized queries)
- • XSS prevention (output encoding)
- • CSRF protection where needed
- • Proper authentication/authorization checks
- • Sensitive data properly protected
3. Performance
- • No obvious N+1 query issues
- • Appropriate data structures used
- • No unnecessary loops or iterations
- • Database queries optimized
- • Caching considered where appropriate
- • Memory leaks prevented (cleanup handlers)
4. Maintainability
- • Code is readable and self-documenting
- • Functions are focused and not too long
- • No excessive nesting
- • Consistent naming conventions
- • Appropriate abstractions used
- • No code duplication
5. Testing
- • New code has corresponding tests
- • Edge cases tested
- • Error paths tested
- • Tests are meaningful (not just coverage)
6. Documentation
- • Complex logic is explained
- • Public APIs are documented
- • Non-obvious decisions are commented
- • README updated if needed
Review Output Format
markdown
## Code Review Summary **Files Reviewed**: [list] **Overall Assessment**: [APPROVE / REQUEST_CHANGES / NEEDS_DISCUSSION] ### Critical Issues (Must Fix) - [ ] Issue 1: Description - Location - Suggested fix ### Important Issues (Should Fix) - [ ] Issue 1: Description - Location - Suggested fix ### Suggestions (Consider) - [ ] Suggestion 1: Description - Location - Rationale ### Positive Observations - Good practice 1: Description - Good practice 2: Description
Severity Levels
- •Critical: Security vulnerabilities, data loss risks, crashes
- •Important: Bugs, performance issues, maintainability problems
- •Suggestion: Style improvements, minor optimizations, nice-to-haves
Review Best Practices
- •Be specific and actionable in feedback
- •Explain the "why" not just the "what"
- •Suggest alternatives, don't just criticize
- •Acknowledge good code, not just problems
- •Focus on the code, not the person
- •Prioritize feedback by severity