code-review-checklist
Review code changes for correctness, security, performance, and maintainability. Use for PR reviews, code audits, pre-merge checks, or quality validation of Laravel + React code. EXCLUSIVE to reviewer agent.
Installation
Details
Usage
After installing, this skill will be available to your AI coding assistant.
Verify installation:
npx agent-skills-cli listSkill Instructions
name: code-review-checklist description: | Review code changes for correctness, security, performance, and maintainability. Use for PR reviews, code audits, pre-merge checks, or quality validation of Laravel + React code. EXCLUSIVE to reviewer agent. allowed-tools: Read, Grep, Glob, Bash
Code Review Checklist
Exclusive to: reviewer agent
Validation Loop (MANDATORY)
Before completing any review, verify the codebase passes all checks:
composer test # All PHP tests pass
npm run types # No TypeScript errors
npm run lint # No linting errors
./vendor/bin/pint --test # PHP style OK
Report any failures as Critical findings.
Instructions
- Review against project standards in
docs/code-standards.md - Run through the checklist below
- Report issues by severity (Critical β Warning β Suggestion)
Review Checklist
β Correctness
- Logic handles edge cases
- Error handling is appropriate
- Types are correct (no
anyunless justified) - Tests cover new/changed behavior
- No dead code or unused imports
π Security (OWASP)
- No secrets or credentials in code
- User input validated and sanitized
- Authorization checks in place
- No SQL injection (use Eloquent/query builder)
- No XSS (proper escaping, sanitization)
- CSRF protection enabled
- Rate limiting considered
β‘ Performance
- No N+1 queries (use eager loading:
with()) - No unnecessary database calls
- Large datasets are paginated
- Indexes exist for filtered/joined columns
π§Ή Maintainability
- Follows patterns in
docs/code-standards.md - Names are clear and consistent
- No unnecessary complexity
- DRY β no copy-paste duplication
π¨ Frontend
- Uses existing shadcn/ui components
- Loading and error states handled
- Accessible (keyboard, labels, contrast)
- Responsive (mobile + desktop)
π Documentation
- Code comments for non-obvious logic
- Docs updated if behavior changed
- Types documented with JSDoc if complex
Laravel Security Checks
| Check | Verify |
|---|---|
| Mass assignment | $fillable or $guarded defined |
| Authorization | Policy or Gate used |
| Validation | FormRequest with rules |
| CSRF | @csrf in forms |
| SQL injection | No raw queries with user input |
React Security Checks
| Check | Verify |
|---|---|
| XSS | No dangerouslySetInnerHTML |
| Props | TypeScript interfaces used |
| Secrets | No sensitive data in client |
Severity Guide
| Level | Criteria | Action |
|---|---|---|
| π¨ Critical | Security flaw, data loss, breaks functionality | Block merge |
| β οΈ Warning | Performance issue, code smell, missing test | Request fix |
| π‘ Suggestion | Style improvement, better pattern | Optional |
Output Format
## π Review Summary
[One paragraph overview]
## π¨ Critical (must fix)
1. [Issue]: [File:Line] β [Why critical]
## β οΈ Warnings (should fix)
1. [Issue]: [File:Line] β [Recommendation]
## π‘ Suggestions (nice to have)
1. [Suggestion]: [File:Line] β [Improvement]
## β
What's Good
- [Positive observation]
Examples
- "Review this PR before merge"
- "Check this code for security issues"
- "Audit changes for performance"
More by mgkyawzayya
View allCoordinate multiple agents by routing tasks to appropriate specialists. EXCLUSIVE to project-manager agent.
Plan and implement safe database schema changes including migrations, indexes, and backfills. Use when creating tables, adding columns, optimizing queries, or managing Eloquent relationships. EXCLUSIVE to database-admin agent.
Diagnose errors and failing tests in Laravel + React applications. Use when encountering bugs, exceptions, stack traces, 500 errors, TypeErrors, failing Pest/Vitest tests, or unexpected behavior. EXCLUSIVE to debugger agent.
Fetch and summarize authoritative external sources into actionable guidance. EXCLUSIVE to researcher agent.