Code Review Skill
Comprehensive code review covering quality, security, architecture, and UI/UX aspects.
Instructions
- •Fully read and understand the Workflow Rules, Guardrails and Guidelines section in CLAUDE.md (and/or system prompt) before starting work, including but not limited to:
- •Foundational Rules and Guardrails
- •Foundational Development Guidelines and Standards (e.g. Development, Architecture, UI/UX Guidelines etc.)
- •Non-modifying - Analysis only, no code changes
- •Follow project guidelines from CLAUDE.md
- •Use checklists in
checklists/subdirectory for systematic assessment
Workflow
Phase 1: Context Analysis
- •Determine review scope from conversation context:
- •If specific files/dirs mentioned: Focus on those
- •If PR number mentioned: Run
gh pr diff <number>to get changes - •If focus area mentioned (security, architecture, ui): Emphasize in Phase 2
- •Otherwise: Use git status/diff for scope
- •Run
git status --porcelainandgit diffto identify changes - •Run
git log -10 --onelineto understand recent commits - •Use
tree -d -L 3andgit ls-files | head -250for codebase overview - •Identify applicable review types based on changed files (code, architecture, UI/UX)
- •Read additional relevant guidelines and documentation (API, guides, reference, etc.) as needed
Gate: Scope determined, relevant files identified
Phase 2: Review Execution
Perform applicable reviews using the checklists.
Code Analysis
- •Run static analysis, linting, type checking per project guidelines
- •Use IDE diagnostics if available
- •IMPORTANT: Only format code that has been added or modified, NEVER format the entire codebase
Code Review
Checklist: CODE-REVIEW-CHECKLIST.md
Assess:
- •Correctness, logic errors, edge cases, error handling
- •Readability, naming, code organization
- •Best practices, DRY, design patterns, anti-patterns
- •Performance (N+1 queries, algorithms, caching)
- •Maintainability, testability, documentation, tech debt
Security Review
Checklist: SECURITY-REVIEW-CHECKLIST.md
Assess:
- •Input validation & sanitization
- •Injection prevention (SQL, command, XSS, path traversal)
- •Authentication & authorization
- •Cryptography (encryption, hashing, key management)
- •Data protection (secrets, logging exposure)
- •API security, headers, CORS, CSRF
- •OWASP Top 10 coverage
Architecture Review
Checklist: ARCHITECTURAL-REVIEW-CHECKLIST.md
Assess:
- •CUPID principles (Composable, Unix philosophy, Predictable, Idiomatic, Domain-aligned)
- •DDD patterns (bounded contexts, aggregates, domain events)
- •Pattern adherence (clean architecture, service boundaries, API design)
- •Anti-patterns, performance, scalability, resilience
UI/UX Review (when applicable)
Checklist: UI-UX-REVIEW-CHECKLIST.md
Assess:
- •Visual quality (layout, typography, color/contrast, responsive)
- •Usability (5-second clarity, touch targets, cognitive load)
- •Platform conventions (iOS HIG, Material Design, web standards)
- •Accessibility (WCAG 2.2), performance, interaction patterns
Gate: All applicable reviews complete
Phase 3: Analysis & Findings
- •
Categorize findings by priority:
- •CRITICAL: Security vulnerabilities, data loss risks, broken functionality
- •HIGH: Performance issues, maintainability concerns, minor security issues
- •SUGGESTIONS: Improvements, optimizations, enhancements
- •
Identify obsolete/temporary files and code requiring cleanup
- •
Check for unmotivated complexity, over-engineering, or duplication
- •
Verify adherence to project guidelines and patterns
Gate: Findings categorized and validated
Report Format
Generate markdown report with:
# Review Report - [Date] ## Summary [2-3 sentence overview of review scope and overall assessment] ## CRITICAL ISSUES [Each issue: Title, Impact, Location, Fix Required] ## HIGH PRIORITY [Each issue: Title, Impact, Location, Recommendation] ## SUGGESTIONS [Brief list of improvements] ## Cleanup Required - [Obsolete/temporary files to remove] - [Dead code to remove] ## Compliance - Guidelines adherence: [Assessment] - Architecture patterns: [Assessment] - Security best practices: [Assessment] - [UI/UX if applicable]: [Assessment] ## Next Steps 1. [Prioritized action items]
Store report at: <project_root>/docs/temp/<feature-name>-review-report-<YYYY-MM-DD>.md
Return report location to user.