Rust Review Workflow
Expert-level Rust code audits with focus on safety, correctness, and idiomatic patterns.
Quick Start
bash
/rust-review
When to Use
- •Reviewing Rust code changes
- •Auditing unsafe blocks
- •Analyzing concurrency patterns
- •Dependency security review
- •Performance optimization review
Required TodoWrite Items
- •
rust-review:ownership-analysis - •
rust-review:error-handling - •
rust-review:concurrency - •
rust-review:unsafe-audit - •
rust-review:cargo-deps - •
rust-review:evidence-log
Progressive Loading
Load modules as needed based on review scope:
Quick Review (ownership + errors):
- •@include ownership-analysis.md
- •@include error-handling.md
Concurrency Focus:
- •@include concurrency-patterns.md
Safety Audit:
- •@include unsafe-audit.md
Dependency Review:
- •@include cargo-dependencies.md
Core Workflow
- •Ownership Analysis: Check borrowing, lifetimes, clone patterns
- •Error Handling: Verify Result/Option usage, propagation
- •Concurrency: Review async patterns, sync primitives
- •Unsafe Audit: Document invariants, FFI contracts
- •Dependencies: Scan for vulnerabilities, updates
- •Evidence Log: Record commands and findings
Rust Quality Checklist
Safety
- • All unsafe blocks documented with SAFETY comments
- • FFI boundaries properly wrapped
- • Memory safety invariants maintained
Correctness
- • Error handling complete
- • Concurrency patterns sound
- • Tests cover critical paths
Performance
- • No unnecessary allocations
- • Borrowing preferred over cloning
- • Async properly non-blocking
Idioms
- • Standard traits implemented
- • Error types well-designed
- • Documentation complete
Output Format
markdown
## Summary Rust audit findings ## Ownership Analysis [borrowing and lifetime issues] ## Error Handling [error patterns and issues] ## Concurrency [async and sync patterns] ## Unsafe Audit ### [U1] file:line - Invariants: [documented] - Risk: [assessment] - Recommendation: [action] ## Dependencies [cargo audit results] ## Recommendation Approve / Approve with actions / Block
Exit Criteria
- •All unsafe blocks audited
- •Concurrency patterns verified
- •Dependencies scanned
- •Evidence logged
- •Action items assigned