Code Review
Goal: Find bugs, ensure quality, share knowledge.
Process
UNDERSTAND -> What changed and why?
EXAMINE -> Check code systematically
TEST -> Run it yourself
FEEDBACK -> Provide actionable comments
FOLLOW-UP -> Verify fixes
Examine Code
git diff main...feature-branch --stat
git checkout feature-branch && npm test
Check:
- Correctness: Logic? Edge cases? Error paths?
- Security: Input validation? Auth checked?
- Testing: Tests exist? Cover regressions?
Feedback Severity
| Level | Meaning | Action |
|---|---|---|
| Critical | Bug, security | Must fix |
| Important | Logic error | Should fix |
| Minor | Style, naming | Can fix later |
Good Format:
**[Important]** Missing null check
`user` could be null if API fails. Throws at line 45.
Review Checklist
- Logic errors - Will it work?
- Security holes - Can it be exploited?
- Error handling - Will it crash?
- Test coverage - Will regressions be caught?
Block PR If
- Hardcoded credentials
- Disabled security checks
- Tests that always pass
- Catch-all error swallowing
Decision Criteria
| Finding | Action |
|---|---|
| Critical issue | Block merge |
| Important issue | Request changes |
| Only minor/nitpicks | Approve with comments |
Pairs with: pr-workflow, verification, tdd