YAML
---
name: reviewing-code-thoroughly
description: Performs comprehensive code reviews covering security, performance, maintainability, and architecture. Use when you need rigorous analysis beyond basic linting.
---

Quick Start

Python
# Example: Review this Python function
def process_user_data(data):
    result = []
    for item in data:
        if item['status'] == 'active':
            result.append({
                'id': item['id'],
                'name': item['name'].upper(),
                'score': item['score'] * 2
            })
    return result

Immediate issues found:

• No input validation (KeyError risk)
• No error handling for missing keys
• Inefficient list building
• Hard-coded business logic
• No type hints

Workflow

Progress:

• Security scan - Check for vulnerabilities, injection risks, auth bypasses
• Performance analysis - Identify bottlenecks, memory leaks, inefficient algorithms
• Architecture review - Assess design patterns, coupling, separation of concerns
• Code quality - Check readability, naming, complexity, duplication
• Testing coverage - Verify test completeness and quality
• Documentation review - Ensure adequate comments and docs
• Error handling - Check exception handling and edge cases
• Dependencies audit - Review third-party libraries and versions

For each section, provide:

1. Specific issues found
2. Risk level (Critical/High/Medium/Low)
3. Concrete fix recommendations
4. Code examples where helpful

Examples

Example 1: Input: React component with inline styles and mixed concerns

JavaScript
function UserProfile({ userId }) {
    const [user, setUser] = useState(null);
    useEffect(() => {
        fetch('/api/users/' + userId).then(r => r.json()).then(setUser);
    }, []);
    return <div style={{color: 'red'}}>{user && user.name}</div>;
}

Output:

• Security (High): URL concatenation vulnerable to injection
• Performance (Medium): No cleanup in useEffect, potential memory leak
• Architecture (Medium): Mixed data fetching and presentation logic
• Code Quality (Low): Inline styles, no error handling
• Fix: Extract custom hook, add proper error handling, use CSS modules

Example 2: Input: Database query function

SQL
SELECT * FROM users WHERE status = 'active' AND created_at > '2023-01-01'

Output:

• Performance (High): SELECT * is inefficient, missing indexes likely
• Maintainability (Medium): Hard-coded date, no parameterization
• Fix: Specify needed columns, add date parameter, ensure index on (status, created_at)

Best Practices

Security-first mindset:

• Always check for SQL injection, XSS, CSRF vulnerabilities
• Verify authentication and authorization logic
• Review data validation and sanitization

Performance focus:

• Look for N+1 queries, inefficient loops, memory leaks
• Check algorithm complexity (O(n²) vs O(n log n))
• Identify caching opportunities

Maintainability standards:

• Functions should do one thing (Single Responsibility)
• Avoid deep nesting (max 3-4 levels)
• Check for code duplication and extract common patterns

Testing requirements:

• Unit tests for business logic
• Integration tests for external dependencies
• Edge case coverage (null, empty, boundary values)

Common Pitfalls

Surface-level reviews:

• Don't just check formatting and naming
• Always dig into business logic and data flow

Missing context:

• Consider the broader system architecture
• Review related files, not just the changed code

Ignoring non-functional requirements:

• Security and performance are not optional
• Scalability and monitoring considerations matter

False positives:

• Don't flag every minor style issue as critical
• Distinguish between preferences and actual problems

Incomplete feedback:

• Always provide actionable suggestions
• Include code examples in recommendations