| name | code-review |
| description | Evaluate code changes for correctness, security, maintainability, and alignment with team standards. |
Skill: Code Review
Category: Core Engineering
Priority: Critical
Description
Evaluate code changes for correctness, security, maintainability, and alignment with team standards.
Purpose
Prevent defects from reaching production and spread knowledge across the team.
Trigger
Use this skill when:
- Reviewing a pull request
- Auditing existing code
- Mentoring junior developers
- Refactoring legacy code
Context
- Full diff of changes
- Related issues or requirements
- Existing codebase patterns
- Security and performance constraints
Workflow
- Understand Context - Read the issue and description first.
- Check Correctness - Does the code do what it claims?
- Check Security - Validate inputs, escape outputs, no secrets.
- Check Tests - Do tests exist? Do they cover edge cases?
- Check Architecture - Does it follow SOLID? Is coupling acceptable?
- Check Performance - Any N+1 queries? Unnecessary re-renders?
- Check Readability - Are names descriptive? Comments only where needed?
- Check Documentation - Is README or API docs updated?
- Provide Feedback - Ask questions, suggest improvements, praise good work.
- Verify Fixes - Re-review after changes.
Examples
Good Review Comment
Question: Why are we parsing this date string manually instead of
using the existing `DateParser` utility? The utility handles timezones
and leap years correctly, which this implementation does not.
Suggestion: Use `DateParser.parse()` and add a test for timezone handling.
Bad Review Comment
This is wrong. Fix it.
Anti-patterns
- Reviewing only style, missing logic bugs
- Approving without running tests
- Being harsh instead of constructive
- Not re-reviewing after fixes
Verification
References