code-review-checklist
4
总安装量
3
周安装量
#53775
全站排名
安装命令
npx skills add https://github.com/htooayelwinict/claude-config --skill code-review-checklist
Agent 安装分布
cursor
2
claude-code
2
codex
2
continue
2
windsurf
2
mcpjam
1
Skill 文档
Code Review Checklist
Exclusive to: reviewer agent
MCP Helpers (Brain + Memory)
ð§ Gemini-Bridge â Deep Code Analysis
mcp_gemini-bridge_consult_gemini(query="Review this code for best practices, security, and performance: [code snippet]", directory=".")
ð Open-Bridge â Alternative Analysis
mcp_open-bridge_consult_gemini(query="Review this code for best practices, security, and performance: [code snippet]", directory=".")
ð» Codex-Bridge â Code-Focused Review
mcp_codex-bridge_consult_codex(query="Analyze this code for bugs, anti-patterns, and improvements: [code]", directory=".")
ð Context7 (Memory) â Up-to-Date Docs
Lookup best practices and anti-patterns:
mcp_context7_resolve-library-id(libraryName="[library]", query="best practices")
mcp_context7_query-docs(libraryId="/[resolved-id]", query="[specific pattern to validate]")
Validation Loop (MANDATORY)
Before completing any review, verify the codebase passes all checks:
composer test # All PHP tests pass
npm run types # No TypeScript errors
npm run lint # No linting errors
./vendor/bin/pint --test # PHP style OK
Report any failures as Critical findings.
Instructions
- Review against project standards in
docs/code-standards.md - Run through the checklist below
- Report issues by severity (Critical â Warning â Suggestion)
Review Checklist
â Correctness
- Logic handles edge cases
- Error handling is appropriate
- Types are correct (no
anyunless justified) - Tests cover new/changed behavior
- No dead code or unused imports
ð Security (OWASP)
- No secrets or credentials in code
- User input validated and sanitized
- Authorization checks in place
- No SQL injection (use Eloquent/query builder)
- No XSS (proper escaping, sanitization)
- CSRF protection enabled
- Rate limiting considered
â¡ Performance
- No N+1 queries (use eager loading:
with()) - No unnecessary database calls
- Large datasets are paginated
- Indexes exist for filtered/joined columns
𧹠Maintainability
- Follows patterns in
docs/code-standards.md - Names are clear and consistent
- No unnecessary complexity
- DRY â no copy-paste duplication
ð¨ Frontend
- Uses existing shadcn/ui components
- Loading and error states handled
- Accessible (keyboard, labels, contrast)
- Responsive (mobile + desktop)
ð Documentation
- Code comments for non-obvious logic
- Docs updated if behavior changed
- Types documented with JSDoc if complex
Laravel Security Checks
| Check | Verify |
|---|---|
| Mass assignment | $fillable or $guarded defined |
| Authorization | Policy or Gate used |
| Validation | FormRequest with rules |
| CSRF | @csrf in forms |
| SQL injection | No raw queries with user input |
React Security Checks
| Check | Verify |
|---|---|
| XSS | No dangerouslySetInnerHTML |
| Props | TypeScript interfaces used |
| Secrets | No sensitive data in client |
Severity Guide
| Level | Criteria | Action |
|---|---|---|
| ð¨ Critical | Security flaw, data loss, breaks functionality | Block merge |
| â ï¸ Warning | Performance issue, code smell, missing test | Request fix |
| ð¡ Suggestion | Style improvement, better pattern | Optional |
Output Format
## ð Review Summary
[One paragraph overview]
## ð¨ Critical (must fix)
1. [Issue]: [File:Line] â [Why critical]
## â ï¸ Warnings (should fix)
1. [Issue]: [File:Line] â [Recommendation]
## ð¡ Suggestions (nice to have)
1. [Suggestion]: [File:Line] â [Improvement]
## â
What's Good
- [Positive observation]
Examples
- “Review this PR before merge”
- “Check this code for security issues”
- “Audit changes for performance”