code-review-checklist
SKILL.md
Code Review Checklist
Exclusive to: reviewer agent
MCP Helpers (Brain + Memory)
๐ง Gemini-Bridge โ Deep Code Analysis
mcp_gemini-bridge_consult_gemini(query="Review this code for best practices, security, and performance: [code snippet]", directory=".")
๐ Open-Bridge โ Alternative Analysis
mcp_open-bridge_consult_gemini(query="Review this code for best practices, security, and performance: [code snippet]", directory=".")
๐ป Codex-Bridge โ Code-Focused Review
mcp_codex-bridge_consult_codex(query="Analyze this code for bugs, anti-patterns, and improvements: [code]", directory=".")
๐ Context7 (Memory) โ Up-to-Date Docs
Lookup best practices and anti-patterns:
mcp_context7_resolve-library-id(libraryName="[library]", query="best practices")
mcp_context7_query-docs(libraryId="/[resolved-id]", query="[specific pattern to validate]")
Validation Loop (MANDATORY)
Before completing any review, verify the codebase passes all checks:
composer test # All PHP tests pass
npm run types # No TypeScript errors
npm run lint # No linting errors
./vendor/bin/pint --test # PHP style OK
Report any failures as Critical findings.
Instructions
- Review against project standards in
docs/code-standards.md - Run through the checklist below
- Report issues by severity (Critical โ Warning โ Suggestion)
Review Checklist
โ Correctness
- Logic handles edge cases
- Error handling is appropriate
- Types are correct (no
anyunless justified) - Tests cover new/changed behavior
- No dead code or unused imports
๐ Security (OWASP)
- No secrets or credentials in code
- User input validated and sanitized
- Authorization checks in place
- No SQL injection (use Eloquent/query builder)
- No XSS (proper escaping, sanitization)
- CSRF protection enabled
- Rate limiting considered
โก Performance
- No N+1 queries (use eager loading:
with()) - No unnecessary database calls
- Large datasets are paginated
- Indexes exist for filtered/joined columns
๐งน Maintainability
- Follows patterns in
docs/code-standards.md - Names are clear and consistent
- No unnecessary complexity
- DRY โ no copy-paste duplication
๐จ Frontend
- Uses existing shadcn/ui components
- Loading and error states handled
- Accessible (keyboard, labels, contrast)
- Responsive (mobile + desktop)
๐ Documentation
- Code comments for non-obvious logic
- Docs updated if behavior changed
- Types documented with JSDoc if complex
Laravel Security Checks
| Check | Verify |
|---|---|
| Mass assignment | $fillable or $guarded defined |
| Authorization | Policy or Gate used |
| Validation | FormRequest with rules |
| CSRF | @csrf in forms |
| SQL injection | No raw queries with user input |
React Security Checks
| Check | Verify |
|---|---|
| XSS | No dangerouslySetInnerHTML |
| Props | TypeScript interfaces used |
| Secrets | No sensitive data in client |
Severity Guide
| Level | Criteria | Action |
|---|---|---|
| ๐จ Critical | Security flaw, data loss, breaks functionality | Block merge |
| โ ๏ธ Warning | Performance issue, code smell, missing test | Request fix |
| ๐ก Suggestion | Style improvement, better pattern | Optional |
Output Format
## ๐ Review Summary
[One paragraph overview]
## ๐จ Critical (must fix)
1. [Issue]: [File:Line] โ [Why critical]
## โ ๏ธ Warnings (should fix)
1. [Issue]: [File:Line] โ [Recommendation]
## ๐ก Suggestions (nice to have)
1. [Suggestion]: [File:Line] โ [Improvement]
## โ
What's Good
- [Positive observation]
Examples
- "Review this PR before merge"
- "Check this code for security issues"
- "Audit changes for performance"
Weekly Installs
5
Repository
htooayelwinict/โฆe-configFirst Seen
Jan 27, 2026
Security Audits
Installed on
codex4
continue4
cursor4
opencode3
gemini-cli3
codebuddy3