// Structured code review protocol: inspect against full rule set. Use for audit workflows, code reviews, or when user requests review. Produces findings document with severity tags.
WCAG accessibility: semantic HTML, ARIA, keyboard nav, contrast, screen readers. For all user-facing interfaces.
Document architectural decisions using ADR format. Use during research when choosing approaches, introducing deps/patterns, or changing arch.
REST/HTTP API design: resource naming, status codes, error formats, versioning, pagination.
Kubernetes deployment and GitOps patterns: rolling/blue-green/canary strategies, ArgoCD/Flux manifests, K8s secrets management. Supplement to ci-cd-principles.
CI/CD pipeline patterns: stages, Dockerfile, GitHub Actions, artifact management, environment promotion, rollback. Layered by deployment complexity.
Safe command execution: input sanitization, timeout handling, output capture, error propagation. For spawning processes, shell commands, system calls.
| name | code-review |
| description | Structured code review protocol: inspect against full rule set. Use for audit workflows, code reviews, or when user requests review. Produces findings document with severity tags. |
Systematically review against full rule set. Catches what linters miss: arch violations, missing observability, logic errors, pattern inconsistencies.
Read from .gemini/rules/. Use rule-priority.md for severity.
Critical (Must Fix):
Major (Should Fix):
Minor (Nice to Fix):
Nit: style (linter catches), missing comments on complex logic.
# Code Review: {Feature/Module Name}
Date: {date}
Reviewer: AI Agent (fresh context)
## Summary
- **Files reviewed:** N
- **Issues found:** N (X critical, Y major, Z minor, W nit)
## Critical Issues
- [ ] **[SEC]** {description} — [{file}:{line}](file:///path)
- [ ] **[DATA]** {description} — [{file}:{line}](file:///path)
## Major Issues
- [ ] **[TEST]** {description} — [{file}:{line}](file:///path)
- [ ] **[OBS]** {description} — [{file}:{line}](file:///path)
## Minor Issues
- [ ] **[PAT]** {description} — [{file}:{line}](file:///path)
## Nit
- [ ] {description} — [{file}:{line}](file:///path)
## Rules Applied
List of rules referenced.
Audit workflow: MUST save to docs/audits/review-findings-{feature}-{YYYY-MM-DD}-{HHmm}.md
Standalone: saving recommended but optional.
| Tag | Category | Source |
|---|---|---|
| [SEC] | Security | security-principles.md |
| [DATA] | Data integrity | error-handling-principles.md |
| [RES] | Resource leak | resources-and-memory-management |
| [TEST] | Testability | architectural-pattern.md, testing-strategy.md |
| [OBS] | Observability | logging-and-observability-mandate.md |
| [ERR] | Error handling | error-handling-principles.md |
| [ARCH] | Architecture | architectural-pattern.md, project-structure.md |
| [PAT] | Pattern consistency | code-organization-principles.md |
| [INT] | Integration contract | api-design-principles |
| [DB] | Database design | database-design-principles |
| [CFG] | Configuration | configuration-management-principles |
| Language | File |
|---|---|
| Go | languages/go.md |
| TypeScript | languages/typescript.md |
| Flutter/Dart | languages/flutter.md |
| Rust | languages/rust.md |
Anti-patterns = auto-fail. Pattern exists → finding.
State active dimensions at start: "Activating: A, B, C, D, E. Skipping F (no mobile)."
| Dim | When |
|---|---|
| A. Integration Contracts | Frontend + backend |
| B. Database & Schema | Uses DB |
| C. Config & Environment | Always |
| D. Dependency Health | Always |
| E. Test Coverage Gaps | Always |
| F. Mobile ↔ Backend | Mobile + backend |
A — Integration:
B — Database:
C — Config: no hardcoded secrets, .env.template coverage, fail-fast on missing config, secrets never logged.
D — Deps: no unused deps, no circular deps, public API imports only, audit for CVEs.
E — Tests: handler test per endpoint, integration test per adapter, error path coverage, E2E for primary journeys.
F — Mobile: API version compat, offline sync tested, token refresh flows.
<3 findings → MUST produce Dimensions Covered attestation:
## Dimensions Covered
| Dimension | Status | Files Examined |
|---|---|---|
| A. Integration | ✅ / ⏭ Skipped (reason) | e.g., 26 routes vs 11 adapters |
| B. Database | ✅ / ⏭ Skipped | e.g., 8 tables + 4 adapters |
| C. Config | ✅ | scanned for secrets, .env.template |
| D. Deps | ✅ | npm audit, unused check |
| E. Tests | ✅ | handler tests for all endpoints |
| F. Mobile | ⏭ Skipped | no mobile app |