Skip to content

code-review.md

Latest commit

 

History

History
41 lines (36 loc) · 2.35 KB

code-review.md

File metadata and controls

41 lines (36 loc) · 2.35 KB

Code Review

Review Checklist

  • Does the code do what the PR description says? Read the diff against the stated goal.
  • Are there adequate tests? New logic needs new tests. Changed logic needs updated tests.
  • Are error cases handled? Check for missing try/catch, unhandled promise rejections, and null checks.
  • Is input validated at the boundary? API inputs, form data, and CLI args must be validated.
  • Are there security concerns? SQL injection, XSS, hardcoded secrets, excessive permissions.
  • Is the code readable without comments? Variable names, function names, and structure should be self-documenting.
  • Are there performance concerns? N+1 queries, unbounded loops, missing pagination, large payloads.
  • Does it follow project conventions? Naming, file structure, import order, error handling patterns.

Approval Criteria

  • All CI checks must pass before review.
  • At least one approval from a code owner for the changed area.
  • Two approvals required for: database migrations, auth changes, payment logic, infrastructure changes.
  • No unresolved comments. Author must respond to every comment (resolve or discuss).
  • Diff must be under 400 lines. If larger, split into smaller PRs.

Reviewer Guidelines

  • Review within 4 business hours of being tagged.
  • Start with the PR description and linked issue to understand context.
  • Read the full diff before leaving comments. Avoid reviewing file-by-file without context.
  • Prefix comments with intent: nit:, question:, suggestion:, blocker:.
  • Only blocker: comments prevent approval. Everything else is optional for the author.
  • Suggest specific alternatives when requesting changes, not just "this is wrong."

Author Guidelines

  • Write a clear PR description: what changed, why, how to test, and any risks.
  • Self-review the diff before requesting reviews. Catch obvious issues yourself.
  • Keep PRs focused on one concern. Do not mix refactoring with feature work.
  • Add screenshots or recordings for UI changes.
  • Link the related issue or ticket in the PR description.
  • Respond to all review comments within one business day.

Automated Checks

  • Lint and format checks in CI (ESLint, Prettier, Ruff, Clippy).
  • Type checking in CI (TypeScript, mypy, pyright).
  • Test suite with minimum coverage thresholds.
  • Bundle size check for frontend changes.
  • Migration safety check (no locking operations on large tables).