Code Review Checklist

Invoke with: /review

Security

• No hardcoded secrets or API keys
• Input validation on all user inputs
• SQL injection prevention (parameterized queries)
• XSS prevention (output encoding)
• CSRF protection on state-changing endpoints
• Authentication checks on protected routes
• Authorization checks (user can access this resource?)

Performance

• No N+1 query patterns
• Appropriate database indexes for queries
• No unnecessary re-renders (React)
• Large lists use virtualization
• Images are optimized and lazy-loaded

Maintainability

• Functions are under 30 lines
• No duplicated logic (DRY)
• Clear naming (no abbreviations except common ones)
• Error handling is consistent
• Edge cases are handled

Testing

• Happy path is tested
• Error cases are tested
• Edge cases are tested
• No flaky tests (no timing dependencies)