mirror of
https://github.com/affaan-m/everything-claude-code.git
synced 2026-03-30 13:43:26 +08:00
b5148f184a
- Add comprehensive code review standards for all languages - Define when to review (after code changes, before commits) - Include security review triggers and severity levels - Reference relevant agents (code-reviewer, security-reviewer, etc.) - Add review checklist covering security, quality, and performance - Define approval criteria (Approve/Warning/Block) This rule complements the existing code-reviewer agent by providing clear guidelines on when and how to conduct code reviews.
3.2 KiB
3.2 KiB
Code Review Standards
Purpose
Code review ensures quality, security, and maintainability before code is merged. This rule defines when and how to conduct code reviews.
When to Review
MANDATORY review triggers:
- After writing or modifying code
- Before any commit to shared branches
- When security-sensitive code is changed (auth, payments, user data)
- When architectural changes are made
- Before merging pull requests
Review Checklist
Before marking code complete:
- Code is readable and well-named
- Functions are focused (<50 lines)
- Files are cohesive (<800 lines)
- No deep nesting (>4 levels)
- Errors are handled explicitly
- No hardcoded secrets or credentials
- No console.log or debug statements
- Tests exist for new functionality
- Test coverage meets 80% minimum
Security Review Triggers
STOP and use security-reviewer agent when:
- Authentication or authorization code
- User input handling
- Database queries
- File system operations
- External API calls
- Cryptographic operations
- Payment or financial code
Review Severity Levels
| Level | Meaning | Action |
|---|---|---|
| CRITICAL | Security vulnerability or data loss risk | BLOCK - Must fix before merge |
| HIGH | Bug or significant quality issue | WARN - Should fix before merge |
| MEDIUM | Maintainability concern | INFO - Consider fixing |
| LOW | Style or minor suggestion | NOTE - Optional |
Agent Usage
Use these agents for code review:
| Agent | Purpose |
|---|---|
| code-reviewer | General code quality, patterns, best practices |
| security-reviewer | Security vulnerabilities, OWASP Top 10 |
| typescript-reviewer | TypeScript/JavaScript specific issues |
| python-reviewer | Python specific issues |
| go-reviewer | Go specific issues |
| rust-reviewer | Rust specific issues |
Review Workflow
1. Run git diff to understand changes
2. Check security checklist first
3. Review code quality checklist
4. Run relevant tests
5. Verify coverage >= 80%
6. Use appropriate agent for detailed review
Common Issues to Catch
Security
- Hardcoded credentials (API keys, passwords, tokens)
- SQL injection (string concatenation in queries)
- XSS vulnerabilities (unescaped user input)
- Path traversal (unsanitized file paths)
- CSRF protection missing
- Authentication bypasses
Code Quality
- Large functions (>50 lines) - split into smaller
- Large files (>800 lines) - extract modules
- Deep nesting (>4 levels) - use early returns
- Missing error handling - handle explicitly
- Mutation patterns - prefer immutable operations
- Missing tests - add test coverage
Performance
- N+1 queries - use JOINs or batching
- Missing pagination - add LIMIT to queries
- Unbounded queries - add constraints
- Missing caching - cache expensive operations
Approval Criteria
- Approve: No CRITICAL or HIGH issues
- Warning: Only HIGH issues (merge with caution)
- Block: CRITICAL issues found
Integration with Other Rules
This rule works with:
- testing.md - Test coverage requirements
- security.md - Security checklist
- git-workflow.md - Commit standards
- agents.md - Agent delegation