Code Review
Quality assurance and optimization
Security Code Review Framework
Review code for security flaws with a threat-driven checklist (OWASP Top 10 + language-specific pitfalls), prioritize findings by exploitability × impact, and produce fix-grade reports that developers can act on — not vague "consider security implications" comments.
Pull Request Review Process Framework
Structure a complete pull request review — with a systematic review order, a finding severity standard that separates blocking from non-blocking feedback, and the merge criteria that ensure every merged PR meets the team's quality bar.
Dependency & Third-Party Code Review Framework
Review third-party dependencies — evaluating security vulnerabilities, license compatibility, maintenance health, and the coupling patterns that make dependencies difficult to remove when they become a liability.
Code Maintainability Review Framework
Review code for long-term maintainability — identifying naming that obscures intent, complexity that requires context to understand, missing documentation for non-obvious decisions, and structural issues that will compound as the codebase grows.
Test Coverage Code Review Framework
Review the test coverage for a code change — identifying missing test cases for documented error conditions, edge cases, and business-critical paths that coverage metrics won't catch but regressions will.
Error Handling Code Review Framework
Review error handling code — identifying swallowed exceptions, missing error context, unhandled promise rejections, and the logging gaps that make production failures impossible to diagnose without a code change.
Database Code Review Framework
Review database-related code — checking query parameterization, index coverage, transaction correctness, migration safety, and the specific patterns that cause production database failures and data corruption.
API Design Review Framework
Review an API implementation — checking HTTP method semantics, status code correctness, response consistency, and security controls against REST conventions and the specific issues that break consumer integrations.
Performance-Focused Code Review Framework
Review code specifically for performance — identifying N+1 queries, unbounded result sets, algorithmic complexity issues, and memory problems that look invisible at development scale but cause production failures at real data volumes.
Security-Focused Code Review Framework
Review code specifically for security vulnerabilities — systematically checking for injection, authentication bypass, authorization failures, sensitive data exposure, and the other OWASP Top 10 issues that exist in the code, not in theory.
Code Review Framework
Conduct a structured code review — evaluating correctness, security, performance, and maintainability in that priority order, providing feedback that is specific, actionable, and categorized by severity so the author knows exactly what to fix and what's optional.