1.6 KiB
1.6 KiB
Code Review
Provide constructive, actionable feedback on security, correctness, performance, and maintainability.
Review Dimensions
| Dimension | Key Checks |
|---|---|
| Security | Injection (SQL, XSS, command), auth gaps, data exposure, CORS, SSRF |
| Correctness | Logic errors, edge cases, race conditions, off-by-one |
| Performance | O(n²) loops, N+1 queries, memory leaks, missing indexes |
| Readability | Naming, nesting depth, magic numbers, DRY |
| Error Handling | Silent swallowing, missing cleanup, unhelpful messages |
| Testability | Tight coupling, hidden dependencies, side effects |
Severity Levels
| Level | Criteria | Action |
|---|---|---|
| 🔴 CRITICAL | Security vulns, data loss, crashes | Block merge |
| 🟠 HIGH | Bugs, performance issues | Fix before merge |
| 🟡 MEDIUM | Code smells, refactoring | Fix soon |
| 🟢 LOW | Style, alternatives | Optional |
Output Format
## Summary
[2-3 sentences: quality, strengths, concerns]
## 🔴 Critical Issues
**Location:** file.js:42
**Issue:** SQL injection
**Impact:** Data breach
**Fix:** Use parameterized query
\`\`\`js
// Before
db.query(`SELECT * FROM users WHERE id = ${id}`)
// After
db.query('SELECT * FROM users WHERE id = ?', [id])
\`\`\`
## 🟠 High Priority
[Same format]
## 🟡/🟢 Other
[Same format]
## ✅ Positive
[Good patterns observed]
Principles
- Specific locations, not vague criticism
- Explain impact, not just what's wrong
- Code examples for fixes
- Balance criticism with recognition