🕵️ Perform Code Review
Validates code quality, security, and architectural compliance for the Demo API.
🎯 Scope
Use this skill when:
- •USER asks to "review my code".
- •Before committing any complex feature.
- •Debugging obscure issues.
✅ Review Checklist
1. 🏗️ Architecture & Patterns
- • Layering: Domain depends on nothing; Application depends on Domain; Api depends on Application.
- • Service Pattern: Services inherit
BaseServicesand useINotificatorHandler(No throwing exceptions for business logic). - • Repository Pattern: Repositories return Entities, not ViewModels.
- • Controller Pattern: Controllers inherit
MainApiControllerand returnCustomResponse.
2. 🛡️ Security
- • Authorization:
[Authorize]attribute present on protected endpoints? - • Input Validation: Validators (
AbstractValidator) exist and are called in the Service layer? - • Injection: No raw SQL; usage of EF Core methods only.
- • Secrets: No API keys or connection strings hardcoded?
3. 🧹 Clean Code (C# 14 / .NET 10)
- • Primary Constructors: Used for DI instead of fields + ctor assignments.
- •Bad:
public Class(IService s) { _s = s; } - •Good:
public Class(IService s)(Primary Constructor)
- •Bad:
- • Async/Await: No
.Resultor.Wait(). usage ofawait. - • Naming:
- •
I[Name]Repository - •
[Name]AppService - •
[Name]ViewModel - •
[Name]Controller
- •
4. 📝 Documentation
- • Swagger:
[ProducesResponseType]attributes on all Controller actions? - • Comments: XML comments on public API methods?
5. 🧪 Testing
- • Unit Tests: Exist in
Testsproject? - • Mocking: Dependencies mocked using
Moq? - • Assertions: Testing
CustomResponseresults correctly?
🚨 Critical "Red Flags" (Immediate Rejection)
- •Direct
Ok(), BadRequest()usage: Must useCustomResponse. - •Throwing Exceptions for Validation: Must use
INotificator. - •Returning Entities in API: Must map to
ViewModelbefore Controller return. - •Mixing Logic in Controller: Controllers should be thin proxies to Services.
Reference: Derived from project cartolafy/docs/guides/code-review-checklist.md and demo-api/swagger-jwt-docker implementation.