ContextQMD
Back to Mastra

Code Review Guidelines

examples/unified-workspace/skills/code-review/SKILL.md

2025-12-182.9 KB
Original Source

Code Review Guidelines

Overview

This skill provides structured guidelines for reviewing TypeScript code. Apply these standards when reviewing pull requests, analyzing code quality, or suggesting improvements.

Keywords: code review, pull request, PR review, TypeScript, code quality, best practices, refactoring

Review Checklist

1. Code Correctness

Before approving, verify:

  • Logic is correct and handles edge cases
  • Error handling is appropriate
  • No obvious bugs or race conditions
  • Tests cover the changes adequately

2. Code Quality

Check for:

  • Clear, descriptive variable and function names
  • Functions do one thing well (single responsibility)
  • No excessive nesting (max 3 levels)
  • DRY - no unnecessary duplication
  • YAGNI - no speculative features

3. TypeScript Specific

Ensure:

  • Proper type annotations (avoid any)
  • Interfaces/types defined for complex objects
  • Generics used appropriately
  • Null/undefined handled safely
  • strict mode compatible

4. Performance

Look for:

  • Unnecessary re-renders (React)
  • Missing memoization for expensive operations
  • Inefficient loops or data structures
  • Memory leaks (event listeners, subscriptions)

Review Comments

Comment Format

Use this format for review comments:

[severity]: brief description

Why: explanation of the issue
Suggestion: how to fix it (with code if helpful)

Severity levels:

  • [critical] - Must fix before merge
  • [suggestion] - Recommended improvement
  • [nit] - Minor style preference
  • [question] - Need clarification

Example Comments

Good comment:

[suggestion]: Consider extracting this validation logic

Why: This 15-line validation block is hard to test in isolation
Suggestion: Move to a `validateUserInput(data)` function

Bad comment:

This is wrong, fix it.

Common Issues

Anti-patterns to Flag

  1. God functions - Functions over 50 lines doing multiple things
  2. Prop drilling - Passing props through 3+ component levels
  3. Magic numbers - Unexplained literal values
  4. Catch-all error handling - catch(e) { console.log(e) }
  5. Implicit any - Missing type annotations on function parameters

Security Concerns

Always flag:

  • SQL/NoSQL injection vulnerabilities
  • XSS opportunities (unsanitized user input in DOM)
  • Hardcoded secrets or API keys
  • Insecure randomness for security contexts
  • Missing input validation on API endpoints

Approval Guidelines

Approve When

  • All critical issues resolved
  • Tests pass
  • Code meets team standards
  • No security concerns

Request Changes When

  • Critical bugs found
  • Security vulnerabilities present
  • Missing required tests
  • Significant performance issues

Leave Comments When

  • Minor improvements possible
  • Design alternatives worth discussing
  • Documentation could be clearer