Review Code
Reviews code against learning-infra project standards for architecture compliance, code quality, tenant isolation, and test coverage.
Project Documentation References
Critical: Reference Cursor rules instead of duplicating their content.
For comprehensive project documentation and compatibility requirements, see:
- •AGENTS.md - Central reference for all project documentation
- •@project-overview.md - Project overview and tech stack
- •@api-development.md - Control Plane REST API patterns
- •@provisioning.md - Tenant provisioning patterns
- •@domain-structure.md - Domain-driven design patterns
- •@database.md - Neon database patterns
- •@cloud-run.md - Cloud Run deployment patterns
- •@testing-strategy.md - Testing patterns and strategies
- •@coding-standards.md - Coding standards and guidelines
Review Workflow
Step 1: Context Gathering
- •
Identify Code Scope:
- •Control Plane, Storefront, or Infrastructure code
- •Single file or multiple files
- •Feature area (e.g., provisioning, domain management)
- •
Check File Location:
- •
apps/control-plane/**-> Control Plane context - •
apps/storefront/**-> Storefront context - •
infrastructure/**-> Infrastructure context - •
packages/**-> Package context
- •
Step 2: Code Review
Review code against project standards. Reference rules, don't duplicate them.
Review Priorities:
- •
Tenant Isolation Compliance (@project-overview.md, @coding-standards.md)
- •MANDATORY: Verify physical database isolation (one database per tenant)
- •Check that connection strings are never shared
- •Ensure tenant scoping in all queries
- •
Control Plane API Patterns (@api-development.md)
- •RESTful style compliance
- •TSDoc requirements met
- •OpenAPI/Scalar UI registration
- •Structured error handling
- •
Provisioning Workflow Compliance (@provisioning.md)
- •Proper orchestration steps
- •CRITICAL: Error handling and rollback implementation
- •Provisioning time targets considered
- •
Infrastructure Best Practices (@cloud-run.md, @cloudflare.md, @database.md)
- •Scale-to-zero configuration
- •Secure secret management (@secrets.md)
- •Serverless-first priority
- •
Code Quality and Standards (@coding-standards.md)
- •TypeScript strict usage
- •Pino logger usage (no
console.log) - •Function length and complexity
- •
Testing Strategy Compliance (@testing-strategy.md)
- •Unit and integration tests added
- •Tenant isolation tests included
- •Coverage requirements met (80% minimum)
Step 3: Feedback Generation
- •
Identify Issues:
- •Critical violations (e.g., tenant isolation)
- •Pattern deviations (e.g., REST style)
- •Quality improvements (e.g., refactoring)
- •
Provide Constructive Feedback:
- •Be direct and succinct
- •Reference specific rules (@rule-name.md)
- •Suggest minimal fixes
Review Checklist
Critical Items
- • Physical database isolation maintained?
- • Provisioning rollback implemented?
- • Scale-to-zero configured?
- • Secrets handled securely via Secret Manager?
API and Logic
- • RESTful patterns followed?
- • TSDoc comments present and valid?
- • OpenAPI schemas registered?
- • Structured logging used (Pino)?
Quality and Testing
- • Tests added for critical paths?
- • Tenant isolation tested?
- • No
console.login source code? - • Types are strict and accurate?
Best Practices
- •DRY Principles: Reference rules instead of repeating them
- •Directness: Be clear and concise in feedback
- •Context-Aware: Adapt review based on which part of the project is being changed
- •Isolation First: Always verify tenant isolation as the highest priority