Perform a structured code review of a file or function, covering correctness, security, readability, edge cases, and test coverage.
Review the target code and produce a structured, actionable report.
Accept any of:
src/auth/middleware.tsUserService.createUsersrc/payments/For a file path, read the file directly. For a function/class name, use Grep to locate it, then read the containing file. For a directory, Glob for source files and read the most significant ones.
Also read related files where relevant: tests, types, callers, schema definitions.
Work through each dimension in order:
Correctness — Does the code do what it appears to intend? Look for logic errors, off-by-one errors, incorrect conditionals, broken error handling.
Security — Check for OWASP Top 10 issues: injection (SQL, command, XSS), broken auth, insecure direct object references, sensitive data exposure, missing input validation at system boundaries.
Edge cases — What happens with null/undefined/empty inputs, empty collections, concurrent access, unexpected types, or large inputs?
Readability — Are names clear? Is complexity justified? Are there long functions that should be split? Is control flow easy to follow?
Test coverage — Are there tests? Do they cover the happy path and key failure modes? Are there obvious gaps?
Performance — Any obvious N+1 queries, unnecessary re-computation, or missing indexes? Only flag real concerns, not speculative ones.
Respond inline — do NOT write a file.
{target}Summary One paragraph overall assessment — severity, main themes, whether the code is safe to merge/use.
Findings
Use this format for each finding:
[SEVERITY] Category — Short title Description of the issue and why it matters.
// Problematic code snippet (if short)Suggested fix or approach.
Severity levels: CRITICAL (must fix before use), MAJOR (should fix), MINOR (worth improving), NIT (optional polish).
What looks good Brief bullet list of things done well — this anchors the review and is not filler.
Suggested next steps Ordered list of the most important actions to take.