| name | code-review |
| description | Use when reviewing a Trovara code change — checks correctness, MVVM layering, security, performance, i18n parity, file-size limits, and test coverage like a senior engineer. |
| allowed-tools | Read, Grep, Glob, Bash |
| model | opus |
Code Review
Senior-engineer review of Trovara diffs. Covers correctness, security, architecture, performance, and maintainability in that priority order.
Step 1 — Understand the Diff
git diff develop..HEAD --stat
git diff develop..HEAD --name-only
git log develop..HEAD --oneline
Load the area-specific CLAUDE.md for every changed directory before commenting.
Step 2 — Priority Order
Review in this order; stop and report blockers before continuing:
- Correctness — null safety, async races, off-by-one, state mutations
- Security — hardcoded secrets, injection, auth bypass, Drive/Firebase scope
- Architecture — MVVM layering, ServiceLocator misuse, DI violations
- Performance — N+1 ObjectBox queries, unnecessary
notifyListeners in loops, main-thread blocking
- Maintainability — DRY, KISS, SOLID, file size, test coverage
- Readability — naming, comments, style
Step 3 — Trovara-Specific Checks
MVVM Layering (blocker if violated)
- Views use
ViewModelProvider<T> — no direct service calls from build()
- ViewModels extend
BaseViewModel, inject services via constructor or ServiceLocator().<getter>
- Services receive repository interfaces (
INoteRepository), never ObjectBox* concretions
- No
ServiceLocator() calls inside a service constructor
i18n Parity (blocker)
diff <(jq -r '[paths(scalars)|join(".")]|sort|.[]' assets/translations/en.json) \
<(jq -r '[paths(scalars)|join(".")]|sort|.[]' assets/translations/km.json)
Must be empty. Any new user-visible string needs a key in both files.
File Size (blocker above 300)
git diff develop..HEAD --name-only | grep '\.dart$' | grep -v '\.g\.dart$' | while read f; do
[ -f "$f" ] && wc -l < "$f" | xargs -I{} echo "{} $f"
done | awk '$1 > 250'
Soft limit 250, hard limit 300. Flag files approaching the limit.
Security Checklist
Generated Files
Icons & Theme
Tests
Step 4 — Severity Levels
| Level | Examples |
|---|
| Blocker | API key exposure, MVVM violation, null crash, i18n missing |
| Major | N+1 query, untested public API, file over 300 LOC, DI leak |
| Minor | DRY violation, unclear naming, unused import |
| Nitpick | Trailing whitespace, lint warning |
Step 5 — Comment Format
For each finding:
[Level] Description
File: path/to/file.dart:line
Problem: what's wrong (cite CLAUDE.md rule if applicable)
Impact: why it matters
Fix: concrete recommendation
Step 6 — Summary
## Review Summary
### Blockers (must fix before merging)
- ...
### Major
- ...
### Minor / Nitpick
- ...
### ✅ Passes
- flutter analyze
- i18n parity
- file sizes
- MVVM layering