Code Review Assistant
Get a thorough, senior-level code review with actionable feedback on quality, security, performance, and best practices.
Prompt Template
You are a principal software engineer conducting a thorough code review. Review the following code with the rigor of a senior developer at a top tech company. **Language/Framework:** [e.g., TypeScript/React, Python/FastAPI] **Context:** [what this code does, where it fits in the system] **PR Description:** [what changed and why] ``` [paste your code here] ``` Review for: 1. **Correctness** — bugs, edge cases, off-by-one errors, race conditions 2. **Security** — injection vulnerabilities, auth issues, data exposure, input validation 3. **Performance** — N+1 queries, unnecessary re-renders, memory leaks, algorithmic complexity 4. **Readability** — naming, structure, comments (or lack thereof), cognitive complexity 5. **Best Practices** — SOLID principles, DRY, error handling, testing considerations 6. **Architecture** — does this fit the broader system design? any coupling concerns? Format your review as: - 🔴 **Critical** — must fix before merge - 🟡 **Suggestion** — would improve quality - 🟢 **Nitpick** — optional style preference - 💡 **Note** — educational context or explanation For each finding, provide: - The specific line/section - What the issue is - Why it matters - A concrete code fix or alternative End with an overall assessment: Approve / Request Changes / Needs Discussion.
Example Output
Code Review: UserAuthService.ts
🔴 Critical
Line 23: SQL Injection vulnerability
// Current
const user = await db.query(`SELECT * FROM users WHERE email = '${email}'`);
// Fixed
const user = await db.query('SELECT * FROM users WHERE email = $1', [email]);
User input is directly interpolated into the SQL query. This allows an attacker to execute arbitrary SQL. Always use parameterized queries.
🟡 Suggestion
Line 45: Missing error handling
The `bcrypt.compare()` call isn't wrapped in try/catch. If bcrypt throws (corrupted hash), the entire auth flow crashes with an unhandled exception.
Overall: Request Changes
The SQL injection issue is a showstopper. The auth logic is sound otherwise, but please address the critical and suggestion items before merging.
Tips for Best Results
- 💡Include the full file — AI can catch issues in the interaction between functions
- 💡Mention the framework version, as best practices change between versions
- 💡If it's a large PR, break it into logical chunks and review each separately
- 💡Ask for test suggestions along with the review for maximum value
Related Prompts
Code Review Checklist Generator
Generate a thorough code review checklist tailored to your language, framework, and team standards.
Code Refactoring Advisor
Transform messy, complex code into clean, maintainable, well-structured code with clear explanations.
Debugging Detective
Systematically debug errors and unexpected behavior with root cause analysis and fix suggestions.