Code Review
Review all uncommitted changes for quality and security issues.
Process
- •
Identify changes: Run
git diff --name-only HEADandgit diff --staged --name-only - •
Security Review (CRITICAL):
- •Hardcoded credentials, API keys, tokens
- •SQL injection (string concatenation instead of
$1placeholders) - •Missing
WHERE user_id = $1in queries (multi-tenancy violation) - •XSS vulnerabilities in frontend
- •Unsafe dependencies or imports
- •
Architecture Review (HIGH):
- •Layer violations (handler doing business logic, service doing SQL)
- •Missing error handling
- •Response format not following envelope pattern
- •Missing context propagation in Go code
- •
Code Quality (MEDIUM):
- •Functions over 50 lines
- •Files over 800 lines
- •Deep nesting (> 4 levels)
- •Unused imports or variables
- •Inconsistent naming
- •
Kensan-specific Checks:
- •Timezone: UTC stored in DB, local conversion in frontend only
- •Page naming convention followed
- •Zustand store patterns followed
- •Repository interface defined for new data access
Output Format
For each issue found:
code
[SEVERITY] file:line - Description Recommendation: ...
Severities: CRITICAL > HIGH > MEDIUM > LOW
Summarize: total issues by severity, and whether commit should proceed.