ai-code-reviewer

AI Code Reviewer

Systematically review AI-generated code to catch common mistakes before they hit production.

When to Use

• After AI generates code you plan to use
• Before committing AI-assisted changes
• When AI code "looks right" but you want verification
• Reviewing PRs with significant AI-generated content

The AI Code Review Checklist

1. Correctness Issues (Most Common)

AI often generates code that looks correct but has subtle bugs.

Check for:

• Hallucinated APIs - Methods/functions that don't exist

  // AI might generate:
  array.findLast(x => x.id === id)  // Verify this exists in your target
  

• Wrong library versions - API changes between versions

  // React 18 vs 19 differences
  // Node.js API differences
  

• Off-by-one errors - Loop bounds, array indices

  for (let i = 0; i <= arr.length; i++)  // Should be <
  

• Incorrect null/undefined handling

  user.profile.name  // What if profile is undefined?
  

2. Security Issues

AI doesn't prioritize security unless explicitly asked.

Check for:

• SQL Injection

  // BAD: AI might generate
  db.query(`SELECT * FROM users WHERE id = ${userId}`)
  
  // GOOD: Parameterized
  db.query('SELECT * FROM users WHERE id = $1', [userId])
  

• XSS Vulnerabilities

  // BAD: Direct HTML insertion
  element.innerHTML = userInput
  
  // GOOD: Escaped or use framework
  element.textContent = userInput
  

• Exposed Secrets

  // AI might hardcode values from context
  const API_KEY = 'sk-abc123...'  // Should be env var
  

• Missing Input Validation

  // AI often skips validation
  function processData(data) {
    return data.items.map(...)  // What if data is null?
  }
  

3. Performance Issues

AI optimizes for "looks correct" not "performs well."

Check for:

• N+1 Queries

  // BAD: AI loves this pattern
  users.forEach(async user => {
    const posts = await getPosts(user.id)  // N queries!
  })
  
  // GOOD: Batch
  const posts = await getPostsForUsers(userIds)
  

• Unnecessary Re-renders (React)

  // BAD: New object every render
  <Component style={{ margin: 10 }} />
  
  // GOOD: Stable reference
  const style = useMemo(() => ({ margin: 10 }), [])
  

• Memory Leaks

  // BAD: Missing cleanup
  useEffect(() => {
    const interval = setInterval(fetch, 1000)
    // No cleanup!
  }, [])
  
  // GOOD: Cleanup
  useEffect(() => {
    const interval = setInterval(fetch, 1000)
    return () => clearInterval(interval)
  }, [])
  

• Blocking Operations

  // BAD: Sync file operations
  const data = fs.readFileSync(path)
  
  // GOOD: Async
  const data = await fs.promises.readFile(path)
  

4. Maintainability Issues

AI generates "works now" code, not "maintainable" code.

Check for:

• Magic Numbers/Strings

  // BAD
  if (status === 3) { ... }
  
  // GOOD
  if (status === OrderStatus.SHIPPED) { ... }
  

• Inconsistent Patterns

  // AI might mix patterns
  const getUser = async () => {}  // Arrow function
  async function getPost() {}      // Function declaration
  

• Missing Types (TypeScript)

  // BAD: AI uses 'any' when uncertain
  function process(data: any) { ... }
  
  // GOOD: Proper types
  function process(data: ProcessInput) { ... }
  

• Dead Code

  // AI sometimes includes unused variables/imports
  import { unused } from './utils'
  const temp = calculate()  // Never used
  

5. Integration Issues

AI doesn't know your codebase deeply.

Check for:

• Duplicate Logic - Does similar code already exist?
• Wrong Imports - Using the right internal modules?
• Naming Mismatches - Following your conventions?
• Missing Error Handling - Using your error patterns?

Review Workflow

Step 1: Quick Scan (30 seconds)

- Does it compile/run?
- Any obvious red flags?
- Right general approach?

Step 2: Security Review (1 minute)

- User input handling?
- Database queries?
- Authentication/authorization?
- Sensitive data exposure?

Step 3: Logic Review (2-3 minutes)

- Edge cases handled?
- Null/undefined checks?
- Error scenarios?
- Loop bounds correct?

Step 4: Integration Review (1-2 minutes)

- Follows project patterns?
- Uses existing utilities?
- Correct imports?
- Consistent naming?

Step 5: Performance Review (1 minute)

- Obvious inefficiencies?
- Unnecessary operations?
- Memory management?
- Async patterns?

Common AI Mistakes by Language

JavaScript/TypeScript

• Missing await on async functions
• Wrong this context in callbacks
• Type assertions hiding real issues (as any)
• Mixing CommonJS and ESM imports

Python

• Mutable default arguments
• Not closing file handles
• Missing __init__.py awareness
• Wrong exception handling scope

React

• Missing dependency arrays in hooks
• Incorrect key props in lists
• State updates in render
• Missing cleanup in effects

SQL

• Missing indexes awareness
• Cartesian products from bad joins
• Not using transactions
• Inefficient subqueries

Quick Validation Commands

# TypeScript: Compile check
npx tsc --noEmit

# ESLint: Style and common errors
npx eslint src/new-file.ts

# Tests: Run affected tests
npm test -- --findRelatedTests src/new-file.ts

# Security: Quick scan
npx audit-ci --moderate

When to Regenerate vs Fix

Regenerate if:

• Fundamental approach is wrong
• Would require 50%+ rewrite
• Security issue is systemic

Fix manually if:

• Small corrections needed
• Logic is sound, details wrong
• Integration issues only

Documentation Template

When the review passes:

## AI Code Review

**Generated by:** [Claude/GPT/etc]
**Reviewed by:** [Your name]
**Date:** [Date]

### Changes Made After Review
- Fixed null check on line 45
- Added input validation
- Replaced magic number with constant

### Verified
- [x] Security review passed
- [x] Tests added/passing
- [x] Follows project conventions