Phase: Optimize
Tags:#review#quality#checklist#gatesAI Model: Any (model-agnostic)
Use this prompt before merging or shipping code to catch issues that are easy to fix now but expensive to fix later. It’s a structured self-review or AI-assisted peer review.
| Variable | Description | Example |
|---|---|---|
| `` | The diff or files to review | (paste diff or file paths) |
| `` | What the code should do | “Add user profile editing” |
| `` | Team/project conventions | “ESLint strict, 80% test coverage” |
| `` | Required checks before approval | “Auth verified, tests pass, rollback documented” |
| `` | Specific edge cases to verify | “Expired token, duplicate submit, empty result set” |
Review the following code changes:
Original requirements:
Codebase standards:
Quality gates to enforce:
Edge cases to verify:
Run through this checklist and report findings:
## Quality Gates
- [ ] Do all required quality gates pass?
- [ ] Are failed gates documented with severity and a concrete fix?
- [ ] Are known edge cases covered by code, tests, monitoring, or explicit deferral?
- [ ] Is rollback or recovery clear for risky changes?
## Correctness
- [ ] Does the code do what the requirements specify?
- [ ] Are there any logical errors or off-by-one bugs?
- [ ] Are all edge cases handled?
- [ ] Are error states handled gracefully?
## Security
- [ ] Is user input validated and sanitized?
- [ ] Are there any SQL injection or XSS vulnerabilities?
- [ ] Are secrets/credentials hardcoded?
- [ ] Are API endpoints properly authenticated/authorized?
## Readability
- [ ] Are variable/function names descriptive and consistent?
- [ ] Is complex logic commented (why, not what)?
- [ ] Is the code structure easy to follow?
- [ ] Are there any overly clever one-liners that should be
simplified?
## Maintainability
- [ ] Is there duplicated code that should be extracted?
- [ ] Are functions/components focused (single responsibility)?
- [ ] Are types/interfaces properly defined (no `any`)?
- [ ] Would a new team member understand this code?
## Testing
- [ ] Are the important behaviors tested?
- [ ] Do tests have descriptive names?
- [ ] Are edge cases and error paths tested?
- [ ] Are tests independent (no shared mutable state)?
## Performance
- [ ] Are there any obvious performance issues?
- [ ] Are large data sets handled efficiently?
- [ ] Are there unnecessary re-renders or recomputations?
For each failed check:
- Explain the issue
- Rate severity (CRITICAL / WARNING / SUGGESTION)
- Provide a specific fix
- If a required quality gate fails, do not approve the PR
Rate the overall PR: ✅ Approve | ⚠️ Approve with comments | ❌ Request changes
Review the following code changes:
[paste a git diff adding a search feature with debounced input,
API call, and results display]
Original requirements: Add full-text search to the products page
Codebase standards: TypeScript strict mode, Vitest for tests,
no console.log in production code
Quality gates to enforce: query input is safe, empty and failed searches are handled, tests pass
Edge cases to verify: empty query, no results, API failure, slow network, special characters
[rest of prompt...]
The output should include quality gate status and request changes when a required gate fails. Checklist with: ✅ correctness (search works), ⚠️ security (search input not sanitized — XSS via reflected results), ⚠️ readability (debounce helper should be extracted to utils), ❌ testing (no tests for empty results or API failure), overall: ⚠️ Approve with comments. Specific fixes for each issue.