// Auto-activates when user mentions code review, reviewing code, PR review, or checking code quality. Provides systematic code review process with TodoWrite checklist.
| name | code-review-checklist |
| description | Auto-activates when user mentions code review, reviewing code, PR review, or checking code quality. Provides systematic code review process with TodoWrite checklist. |
| category | workflow |
Systematic code review process ensuring quality, security, and maintainability.
Create todos for each item:
## Code Review Summary
### ✅ Strengths
- Clear naming conventions
- Good test coverage (85%)
- Error handling comprehensive
### ⚠️ Minor Issues
1. Line 45: Variable name `x` should be `userId`
2. Line 102: Missing error case for null input
3. Missing JSDoc comment on `processData` function
**Suggested fixes:** [code suggestions]
### 🔴 Blockers (MUST FIX)
1. Line 78: **Hardcoded API key** - Move to environment variable
2. Line 123: **SQL injection risk** - Use parameterized query
**These must be fixed before merge.**
### 📊 Metrics
- Files changed: 5
- Lines added: 230
- Lines removed: 45
- Test coverage: 85% → 88%
- Complexity: Medium
### 💡 Recommendations
- Consider extracting `validateUser` to shared util
- Add integration test for auth flow
- Document breaking changes in CHANGELOG
Run automated checks:
# Lint
npm run lint
# Type check
npm run typecheck
# Tests
npm test
# Security scan
npm audit
# Check for secrets
git diff --cached | grep -i "api[_-]key\\|password\\|secret\\|token"
| Issue | Fix |
|---|---|
| Hardcoded secrets | Move to .env, add to .env.example |
| SQL injection | Use parameterized queries |
| Missing tests | Add tests before merge |
| Complex function | Break into smaller functions |
| Magic numbers | Extract to named constants |
| No error handling | Add try/catch, validate inputs |
Use TodoWrite to track all checklist items. Present summary when complete.