Code Review Skill
This skill provides a structured approach to reviewing code, ensuring high quality, security, and adherence to project standards (as defined in tech_standards.md).
Verification Hierarchy
Review the code in this specific order of priority:
- •
Correctness & Logic (Critical)
- •Does the code actually solve the problem?
- •Are edge cases handled (nulls, empty lists, network failures)?
- •Is the logic sound and bug-free?
- •Action: If checking a fix, verify it doesn't break other parts (regression).
- •
Security (Critical - Refer to
security-auditfor deep dives)- •Input Validation: Are all inputs sanitized? (No raw SQL, no unsafe HTML).
- •Secrets: Are API keys or credentials hardcoded? (Immediate FAIL if found).
- •Auth: Is authentication/authorization bypassed or weak?
- •
Style & Standards (Important - Refer to
tech_standards.md)- •Naming: Do variables/functions use clear, descriptive names? (e.g.,
isUserLoggedInvsflag). - •Typing: Is
anyused? (Strictly forbidden). Are types explicit? - •Imports: Are path aliases (
@/) used instead of relative paths (../../../)? - •Structure: Is the file too large? Should it be broken down?
- •Naming: Do variables/functions use clear, descriptive names? (e.g.,
- •
Performance (Optimization)
- •Are there unnecessary loops or expensive computations?
- •Is there redundant state re-rendering (frontend)?
- •Are database queries optimized (N+1 problems)?
Output Format
Provide feedback in this format:
🚨 Critical Issues (Must Fix)
List logical bugs, security holes, or blocking standard violations.
⚠️ Improvements (Should Fix)
List style refactors, standard violations, or performance tweaks.
✅ Good Practices
Highlight clever solutions or clean implementations.
Recommended Action
Summary of what to do next (e.g., "Fix critical issues before commit" or "Approved with minor nits").