Code Review Command

Conduct thorough code review to identify issues, suggest improvements, and ensure code quality standards.

Usage

/code-review [file_or_directory]

Examples:

/code-review                           # Review recent git changes
/code-review src/api/users.js         # Review specific file
/code-review src/components/          # Review directory
/code-review --pr 123                 # Review pull request

What This Command Does

Performs comprehensive code review across multiple dimensions:

1. Code Quality: Structure, readability, maintainability
2. Security: Vulnerabilities, authentication, data protection
3. Performance: Bottlenecks, optimization opportunities
4. Best Practices: Standards compliance, design patterns
5. Testing: Coverage, test quality, edge cases

Review Process

Step 1: Identify Changes

First, determine what to review:

# Check recent changes
git status
git diff HEAD

# For PR reviews
gh pr diff <pr_number>

Step 2: Multi-Dimensional Analysis

Code Quality Check:

• Cyclomatic complexity (functions should be <10)
• Code duplication (identify DRY violations)
• Naming conventions (clear, descriptive names)
• Function length (keep under 50 lines)
• Comment quality (explain why, not what)

Security Analysis:

• Input validation (SQL injection, XSS prevention)
• Authentication/authorization checks
• Secrets management (no hardcoded credentials)
• Dependency vulnerabilities
• Error handling (no sensitive data leaks)

Performance Review:

• Algorithm efficiency (time/space complexity)
• Database query optimization (N+1 problems)
• Resource management (memory leaks, connections)
• Caching opportunities
• Async operations usage

Architecture Assessment:

• SOLID principles adherence
• Design pattern usage
• Separation of concerns
• Dependency management
• API design quality

Testing Evaluation:

• Test coverage (aim for >80%)
• Test quality (unit, integration, edge cases)
• Mocking strategy
• Test maintainability
• Error scenario coverage

Step 3: Generate Feedback

Provide actionable feedback in this format:

## Code Review Results

### Critical Issues (Must Fix)
- [SECURITY] SQL injection vulnerability in user.login() - Line 45
- [BUG] Null pointer exception possible in processOrder() - Line 123

### Important (Should Fix)
- [PERFORMANCE] N+1 query in getUserOrders() - Line 67
- [QUALITY] Function complexity too high (CC: 15) in calculatePrice() - Line 234

### Suggestions (Nice to Have)
- [REFACTOR] Extract method: validateUserInput() from createUser()
- [STYLE] Use consistent naming: camelCase vs snake_case

### Positive Feedback
- Excellent error handling in PaymentService
- Good test coverage for authentication module (92%)

Review Checklist

Code Quality

• Functions are single-purpose and focused
• Variable names are descriptive and clear
• No code duplication (DRY principle)
• Proper error handling throughout
• Consistent code style and formatting

Security

• All inputs are validated and sanitized
• Authentication/authorization implemented correctly
• No hardcoded secrets or credentials
• SQL queries use parameterization
• Sensitive data is encrypted

Performance

• No obvious performance bottlenecks
• Database queries are optimized
• Appropriate data structures used
• Caching implemented where beneficial
• Async operations used for I/O

Testing

• New code has test coverage
• Tests are meaningful and maintainable
• Edge cases are covered
• Tests follow AAA pattern (Arrange, Act, Assert)
• No flaky or unreliable tests

Documentation

• Complex logic is explained
• API changes are documented
• README updated if needed
• Breaking changes are noted
• Examples provided for new features

Common Issues & Fixes

Security Issues

SQL Injection:

// Bad
const query = `SELECT * FROM users WHERE id = ${userId}`;

// Good
const query = 'SELECT * FROM users WHERE id = ?';
db.query(query, [userId]);

XSS Prevention:

// Bad
element.innerHTML = userInput;

// Good
element.textContent = userInput;
// Or use sanitization library
element.innerHTML = DOMPurify.sanitize(userInput);

Performance Issues

N+1 Query Problem:

# Bad
users = User.query.all()
for user in users:
    orders = user.orders  # Executes query for each user

# Good
users = User.query.options(joinedload(User.orders)).all()

Memory Leak:

// Bad - event listener not removed
element.addEventListener('click', handler);

// Good - cleanup
useEffect(() => {
  element.addEventListener('click', handler);
  return () => element.removeEventListener('click', handler);
}, []);

Code Quality Issues

High Complexity:

# Bad - complexity 12
def process_payment(user, amount, method, promo):
    if user.is_premium:
        if method == "credit":
            if promo:
                # ... nested logic
            else:
                # ... more logic
        elif method == "debit":
            # ... more nesting
    else:
        # ... even more logic

# Good - extract methods
def process_payment(user, amount, method, promo):
    discount = calculate_discount(user, promo)
    final_amount = apply_discount(amount, discount)
    return charge_payment(user, final_amount, method)

Review Best Practices

1. Be Constructive: Focus on the code, not the person
2. Provide Context: Explain why changes are needed
3. Suggest Solutions: Don't just point out problems
4. Prioritize Issues: Critical > Important > Suggestions
5. Acknowledge Good Work: Positive feedback is valuable
6. Ask Questions: "Why did you choose this approach?"
7. Use Examples: Show better alternatives with code

Automated Checks

Run these tools before manual review:

# Linting
eslint src/
pylint app/

# Security scanning
npm audit
safety check

# Test coverage
jest --coverage
pytest --cov

# Complexity analysis
complexity src/

Review Context

When reviewing, gather this information:

# Recent changes
git log --oneline -5
git diff main...HEAD

# Changed files
git diff --name-only main...HEAD

# Test results
npm test
pytest

# Build status
npm run build

Methodology

This command follows code review best practices:

• Risk-Based Prioritization: Critical issues first
• Constructive Feedback: Solutions, not just problems
• Knowledge Sharing: Explain reasoning
• Consistency: Apply standards uniformly
• Continuous Learning: Capture best practices