Code Review
Real scenarios for reviewing and improving code.
PR Review
Goal: Review changes before merging.
Command:
Review the changes in src/modules/auth/What happens:
- Analyzes all changed files
- Checks spec compliance
- Checks code quality
- Checks architecture patterns
- Provides verdict
Result:
Review: src/modules/auth/
Spec Compliance: PASS
✓ Login functionality works
✓ Token refresh implemented
✓ Logout clears state
Code Quality: PASS
✓ No TypeScript errors
✓ Tests pass
✓ No console.logs
Architecture: WARN
⚠ auth-service.ts:15 — Try/catch should be at boundary, not in service
⚠ useAuth.ts:42 — Missing error handling for refresh failure
Verdict: APPROVED WITH NOTES
Fix the 2 warnings before deploying to production.Architecture Check
Goal: Verify code follows architecture patterns.
Command:
Check architecture of the orders moduleWhat happens:
- Reads ARCHITECTURE.md
- Verifies folder structure
- Checks layer separation
- Validates imports
Result:
Architecture Check: orders module
Structure: PASS
✓ types/ contains only type definitions
✓ services/ contains only HTTP calls
✓ adapters/ contains only transformations
Layer Separation: PASS
✓ Components don't import services directly
✓ Services don't contain business logic
✓ No circular dependencies
Violations: 1 found
✗ OrderList.tsx imports ordersService directly
Should use useOrders hook instead
Overall: 95% compliantRefactor Code
Goal: Clean up messy or duplicated code.
Command:
Refactor src/utils/helpers.ts — it has too many responsibilitiesWhat happens:
- Analyzes the file
- Identifies code smells
- Suggests refactoring plan
- Applies changes
Result:
Analysis: helpers.ts (450 lines)
Issues Found:
- 15 unrelated functions in one file
- 3 functions duplicated with slight variations
- 2 functions over 50 lines
Refactoring Plan:
1. Extract date functions → utils/date.ts
2. Extract format functions → utils/format.ts
3. Extract validation → utils/validation.ts
4. Merge duplicates
5. Split long functions
After:
utils/
├── date.ts (45 lines)
├── format.ts (60 lines)
├── validation.ts (80 lines)
└── index.ts (re-exports)Security Review
Goal: Check for security issues.
Command:
Review the checkout flow for security issuesWhat happens:
- Checks for OWASP top 10
- Reviews auth/authz
- Checks data handling
- Reviews API security
Result:
Security Review: Checkout Flow
CRITICAL (fix immediately):
✗ checkout-service.ts:25 — Credit card number logged
✗ payment-form.tsx:18 — Card data in component state
HIGH:
✗ No rate limiting on payment attempts
✗ Missing CSRF token on form submission
MEDIUM:
⚠ PCI compliance: Card data should never touch your servers
Use Stripe.js or similar to tokenize client-side
Recommendations:
1. Remove all card logging
2. Use payment provider's hosted fields
3. Add rate limiting (3 attempts per minute)
4. Add CSRF protectionPerformance Review
Goal: Find performance bottlenecks.
Command:
Review the dashboard for performance issuesWhat happens:
- Analyzes component renders
- Checks data fetching
- Reviews bundle impact
- Identifies optimizations
Result:
Performance Review: Dashboard
Render Issues:
⚠ MetricsCard re-renders 12x on data load
Fix: Wrap with memo, stabilize props
⚠ ChartWidget creates new function on every render
Fix: Use useCallback for event handlers
Data Fetching:
⚠ 8 separate API calls on mount
Fix: Combine into single dashboard endpoint or use parallel queries
⚠ No staleTime set — refetches on every focus
Fix: Add staleTime: 5 * 60 * 1000 (5 min)
Bundle:
⚠ chart.js adds 180KB
Fix: Dynamic import, load only when needed
Estimated Impact:
- Initial load: 2.4s → 1.1s (-54%)
- Time to interactive: 3.8s → 2.2s (-42%)Quick Tips
Scope Your Review
# Review everything (slow, expensive)
Review the entire codebase
# Review specific area (fast, focused)
Review src/modules/payments/
# Review recent changes only
Review the files I changed todayAsk Specific Questions
# General (less useful)
Review this code
# Specific (more useful)
Review this code for:
- SQL injection vulnerabilities
- Missing error handling
- N+1 query problemsFollow Up
After review:
Fix the security issues found in the reviewRelated Scenarios
- Build Features — Build code to review
- Debug Issues — When review finds bugs
- Security — Deep security audit