code-review
Code Review
Guide proper code review practices emphasizing technical rigor, evidence-based claims, and verification over performative responses.
Overview
Code review requires three distinct practices:
- Receiving feedback - Technical evaluation over performative agreement
- Requesting reviews - Systematic review via code-reviewer subagent
- Verification gates - Evidence before any completion claims
Each practice has specific triggers and protocols detailed in reference files.
Core Principle
Always honoring YAGNI, KISS, and DRY principles. Be honest, be brutal, straight to the point, and be concise.
Technical correctness over social comfort. Verify before implementing. Ask before assuming. Evidence before claims.
When to Use This Skill
Receiving Feedback
Trigger when:
- Receiving code review comments from any source
- Feedback seems unclear or technically questionable
- Multiple review items need prioritization
- External reviewer lacks full context
- Suggestion conflicts with existing decisions
Reference: references/code-review-reception.md
Requesting Review
Trigger when:
- Completing tasks in subagent-driven development (after EACH task)
- Finishing major features or refactors
- Before merging to main branch
- Stuck and need fresh perspective
- After fixing complex bugs
Reference: references/requesting-code-review.md
Verification Gates
Trigger when:
- About to claim tests pass, build succeeds, or work is complete
- Before committing, pushing, or creating PRs
- Moving to next task
- Any statement suggesting success/completion
- Expressing satisfaction with work
Reference: references/verification-before-completion.md
Quick Decision Tree
SITUATION?
│
├─ Received feedback
│ ├─ Unclear items? → STOP, ask for clarification first
│ ├─ From human partner? → Understand, then implement
│ └─ From external reviewer? → Verify technically before implementing
│
├─ Completed work
│ ├─ Major feature/task? → Request code-reviewer subagent review
│ └─ Before merge? → Request code-reviewer subagent review
│
└─ About to claim status
├─ Have fresh verification? → State claim WITH evidence
└─ No fresh verification? → RUN verification command first
Receiving Feedback Protocol
Response Pattern
READ → UNDERSTAND → VERIFY → EVALUATE → RESPOND → IMPLEMENT
Key Rules
- ❌ No performative agreement: "You're absolutely right!", "Great point!", "Thanks for [anything]"
- ❌ No implementation before verification
- ✅ Restate requirement, ask questions, push back with technical reasoning, or just start working
- ✅ If unclear: STOP and ask for clarification on ALL unclear items first
- ✅ YAGNI check: grep for usage before implementing suggested "proper" features
Source Handling
- Human partner: Trusted - implement after understanding, no performative agreement
- External reviewers: Verify technically correct, check for breakage, push back if wrong
Full protocol: references/code-review-reception.md
Requesting Review Protocol
When to Request
- After each task in subagent-driven development
- After major feature completion
- Before merge to main
Process
- Get git SHAs:
BASE_SHA=$(git rev-parse HEAD~1)andHEAD_SHA=$(git rev-parse HEAD) - Dispatch code-reviewer subagent via Task tool with: WHAT_WAS_IMPLEMENTED, PLAN_OR_REQUIREMENTS, BASE_SHA, HEAD_SHA, DESCRIPTION
- Act on feedback: Fix Critical immediately, Important before proceeding, note Minor for later
Full protocol: references/requesting-code-review.md
Verification Gates Protocol
The Iron Law
NO COMPLETION CLAIMS WITHOUT FRESH VERIFICATION EVIDENCE
Gate Function
IDENTIFY command → RUN full command → READ output → VERIFY confirms claim → THEN claim
Skip any step = lying, not verifying
Requirements
- Tests pass: Test output shows 0 failures
- Build succeeds: Build command exit 0
- Bug fixed: Test original symptom passes
- Requirements met: Line-by-line checklist verified
Red Flags - STOP
Using "should"/"probably"/"seems to", expressing satisfaction before verification, committing without verification, trusting agent reports, ANY wording implying success without running verification
Full protocol: references/verification-before-completion.md
Integration with Workflows
- Subagent-Driven: Review after EACH task, verify before moving to next
- Pull Requests: Verify tests pass, request code-reviewer review before merge
- General: Apply verification gates before any status claims, push back on invalid feedback
Bottom Line
- Technical rigor over social performance - No performative agreement
- Systematic review processes - Use code-reviewer subagent
- Evidence before claims - Verification gates always
Verify. Question. Then implement. Evidence. Then claim.
More from wollfoo/setup-factory
frontend-dev-guidelines
Frontend development guidelines for React/TypeScript applications. Modern patterns including Suspense, lazy loading, useSuspenseQuery, file organization with features directory, MUI v7 styling, TanStack Router, performance optimization, and TypeScript best practices. Use when creating components, pages, features, fetching data, styling, routing, or working with frontend code.
15planning
Use when you need to plan technical solutions that are scalable, secure, and maintainable. Create implementation plans, architecture designs, feature roadmaps. | Sử dụng khi cần lên kế hoạch, thiết kế kiến trúc, phân tích tính năng, đề xuất giải pháp, roadmap.
11better-auth
Implement authentication and authorization with Better Auth - a framework-agnostic TypeScript authentication framework. Features include email/password authentication with verification, OAuth providers (Google, GitHub, Discord, etc.), two-factor authentication (TOTP, SMS), passkeys/WebAuthn support, session management, role-based access control (RBAC), rate limiting, and database adapters. Use when adding authentication to applications, implementing OAuth flows, setting up 2FA/MFA, managing user sessions, configuring authorization rules, or building secure authentication systems for web applications. | Sử dụng khi xác thực, đăng nhập, login, auth, OAuth, session, bảo mật, phiên đăng nhập.
11databases
Work with MongoDB (document database, BSON documents, aggregation pipelines, Atlas cloud) and PostgreSQL (relational database, SQL queries, psql CLI, pgAdmin). Use when designing database schemas, writing queries and aggregations, optimizing indexes for performance, performing database migrations, configuring replication and sharding, implementing backup and restore strategies, managing database users and permissions, analyzing query performance, or administering production databases. | Sử dụng khi làm việc với cơ sở dữ liệu, database, SQL, query, truy vấn, schema, migration.
10docs-seeker
Search technical documentation using executable scripts to detect query type, fetch from llms.txt sources (context7.com), and analyze results. Use when user needs: (1) Topic-specific documentation (features/components/concepts), (2) Library/framework documentation, (3) GitHub repository analysis, (4) Documentation discovery with automated agent distribution strategy | Dùng khi tìm tài liệu, hướng dẫn, docs, documentation, api docs, tham khảo.
10debugging
Systematic debugging framework ensuring root cause investigation before fixes. Includes four-phase debugging process, backward call stack tracing, multi-layer validation, and verification protocols. Use when encountering bugs, test failures, unexpected behavior, performance issues, or before claiming work complete. Prevents random fixes, masks over symptoms, and false completion claims. | Sử dụng khi gặp lỗi, bug, test fail, không hoạt động, crash, exception, sửa lỗi, debug.
10