Code Review Standards

Master comprehensive code review practices that catch critical issues before they reach production. This skill covers security vulnerabilities, code quality metrics, performance optimization, testing requirements, and documentation standards to ensure every pull request meets professional engineering standards.

Introduction

Code review is your last line of defense against bugs, security vulnerabilities, and technical debt. A thorough review process prevents production incidents, maintains code quality, and transfers knowledge across the team.

Review Philosophy:

• Behavior over implementation - Focus on what the code does, not just how it's written
• Security-first mindset - Always check for vulnerabilities before code quality
• Constructive feedback - Explain the "why" behind every comment
• Question assumptions - If something isn't clear, ask before approving

When to Review vs. Auto-Approve:

• ✅ Always review: Security changes, authentication, data handling, database migrations, API changes
• ✅ Always review: Complex business logic, performance-critical code, public APIs
• ⚠️ Light review: Documentation updates, simple typo fixes, dependency updates (check changelogs)
• ❌ Never auto-approve: Anything you don't understand - ask questions instead