name: code-review description: Reviews code for bugs, style, and best practices. Use when reviewing PRs or checking code quality. version: 1.0.0 format: 2025-10-02 triggers:
- reviewing PRs or checking code quality updated: 2026-04-25 status: ACTIVE
Code Review
Checklist
Correctness: Logic errors, edge cases, off-by-one, resource leaks, race conditions, error handling
Security: Input validation, injection (SQL/XSS), auth/authz, secrets exposure, CSRF
Performance: N+1 queries, redundant work, memory leaks, blocking I/O, missing indexes
Maintainability: Clear naming, single responsibility, DRY, test coverage
Severity
| Level | Action |
|---|---|
| CRITICAL | Security/data-loss risk — must fix |
| MAJOR | Bug/performance — should fix |
| MINOR | Code smell — consider fixing |
| STYLE | Formatting — optional |
Comment Format
### [SEVERITY] Brief description
**File:** path:line
**Issue:** What's wrong
**Suggestion:** Proposed fix
Flag These
== true/false→ use boolean directlycatch(e) {}→ swallowed error- Magic numbers → named constants
- Deep nesting → early returns
- Commented-out code → delete it