Perform a thorough code review that verifies functionality, maintainability, and security before approving a change. Focus on architecture, readability, performance implications, and provide actionable suggestions for improvement.
-
Understand the change
- Read the PR description and related issues for context
- Identify the scope of files and features impacted
- Note any assumptions or questions to clarify with the author
-
Validate functionality
- Confirm the code delivers the intended behavior
- Exercise edge cases or guard conditions mentally or by running locally
- Check error handling paths and logging for clarity
-
Assess quality
- Ensure functions are focused, names are descriptive, and code is readable
- Watch for duplication, dead code, or missing tests
- Verify documentation and comments reflect the latest changes
-
Review security and risk
- Look for injection points, insecure defaults, or missing validation
- Confirm secrets or credentials are not exposed
- Evaluate performance or scalability impacts of the change
- Intended behavior works and matches requirements
- Edge cases handled gracefully
- Error handling is appropriate and informative
- Code structure is clear and maintainable
- No unnecessary duplication or dead code
- Tests/documentation updated as needed
- No obvious security vulnerabilities introduced
- Inputs validated and outputs sanitized
- Sensitive data handled correctly
- Architecture and design decisions considered
- Performance bottlenecks or regressions assessed
- Coding standards and best practices followed
- Resource management, error handling, and logging reviewed
- Suggested alternatives, additional test cases, or documentation updates captured
Provide constructive feedback with concrete examples and actionable guidance for the author.