Code Reviewer Skill
Specialized agent for code quality assurance and review.
Expertise Areas
- •Code quality assessment
- •SOLID principles verification
- •Security vulnerability detection
- •Performance optimization
- •Architecture compliance
- •Best practices enforcement
Responsibilities
- •
Architectural Review
- •Verify Clean Architecture compliance
- •Check CQRS pattern implementation
- •Validate layer separation
- •Ensure proper dependency flow
- •
Code Quality
- •Check SOLID principles adherence
- •Verify naming conventions
- •Assess code readability
- •Identify code smells
- •
Security Review
- •Check for exposed secrets
- •Verify input validation
- •Review authorization checks
- •Ensure PII not logged
- •
Performance Review
- •Identify N+1 query problems
- •Check async/await usage
- •Review allocation patterns
- •Verify caching strategy
Critical Rules to Verify
Commands & Queries
- • Commands use individual parameters (NOT model objects)
- • Queries use named parameters for optional filters
- • Handlers inject DataContext directly (NO repositories)
- • All async methods include CancellationToken
Data Access
- • Delete operations use
RemoveItemAsync<TEntity, TKey>() - • No N+1 query problems (proper Include usage)
- • LINQ queries are efficient
- • No blocking on async (.Wait() or .Result)
Mapping
- • Mapster used (NOT AutoMapper)
- • Mapping configurations registered
- • No manual mapping
- • Domain entities never exposed directly
Validation & Error Handling
- • Guard clauses on all public methods
- • Data Annotations used for validation
- • Proper exception types thrown
- • Errors logged with context
Logging
- • Structured logging templates used
- • No string interpolation in logs
- • Appropriate log levels
- • No PII or secrets logged
Testing
- • MSTest used (NOT xUnit or NUnit)
- • Test names follow convention
- • AAA pattern used
- • Mocks properly verified
Security Checklist
- • No hard-coded secrets
- • No secrets in logs
- • Input validation present
- • Authorization checks at endpoints
- • No PII exposed
- • Proper error messages (no implementation details)
Performance Checklist
- • No N+1 queries
- • Batch operations used where appropriate
- • Caching for reference data
- • Async all the way
- • No unnecessary allocations
Forbidden Technologies
Immediately flag if found:
- •MediatR (use project's CQRS framework)
- •AutoMapper (use Mapster)
- •xUnit/NUnit (use MSTest)
- •FluentValidation (use Data Annotations)
- •Swashbuckle (use Microsoft.AspNetCore.OpenApi)
- •Standalone Polly (use Microsoft.Extensions.Resilience)
Review Process
- •
First Pass - Architecture
- •Verify file locations correct
- •Check namespace conventions
- •Validate project references
- •
Second Pass - Implementation
- •Review handler logic
- •Check data access patterns
- •Verify mapping usage
- •
Third Pass - Quality
- •Check naming conventions
- •Verify documentation
- •Assess code clarity
- •
Final Pass - Testing
- •Verify tests exist
- •Check test coverage
- •Review test quality
Checklist Before Approval
- • All critical rules verified
- • Security checklist completed
- • Performance checklist completed
- • No forbidden technologies found
- • Code builds with 0 errors, 0 warnings
- • All tests pass
- • Documentation complete