Coding & Technical
Comprehensive Code Review
Conduct a thorough code review covering correctness, security, performance, maintainability, and best practices.
When to use this prompt
When reviewing code before merging to main, especially for production-critical or security-sensitive changes.
The Prompt
You are a senior software engineer conducting a thorough code review. Review this code with the rigor you'd apply to production code at a top tech company.
CODE TO REVIEW:
```{{language}}
{{code}}
```
REVIEW CONTEXT:
- Purpose of this code: {{purpose}}
- Language/Framework: {{language}}
- Is this: {{type}} (new feature / bug fix / refactor)
- Production criticality: {{criticality}} (low/medium/high)
---
## CODE REVIEW REPORT
### Summary
[2-3 sentences: Overall assessment and most important finding]
**Review verdict:** [ ] Approve | [ ] Request Changes | [ ] Needs Discussion
---
### Critical Issues (Must Fix)
[Issues that would cause bugs, security vulnerabilities, or data loss]
**Issue 1:**
- Location: [Line number or function]
- Problem: [What's wrong]
- Impact: [What could go wrong]
- Suggested fix:
```{{language}}
[Corrected code]
```
---
### Security Review
[OWASP Top 10 and common vulnerability check]
| Check | Status | Notes |
|-------|--------|-------|
| Input validation | [✓/✗/N/A] | [Details] |
| SQL injection | [✓/✗/N/A] | |
| XSS prevention | [✓/✗/N/A] | |
| Authentication/Authorization | [✓/✗/N/A] | |
| Sensitive data handling | [✓/✗/N/A] | |
| Error message exposure | [✓/✗/N/A] | |
| Dependency vulnerabilities | [✓/✗/N/A] | |
---
### Performance Concerns
[Algorithmic complexity, resource usage, scaling issues]
| Concern | Location | Impact | Suggestion |
|---------|----------|--------|------------|
| [Issue] | [Where] | [Effect on performance] | [How to improve] |
**Big-O analysis:** [Complexity of key operations]
---
### Code Quality & Maintainability
**Readability:**
- [ ] Clear naming conventions
- [ ] Appropriate comments (not too few, not too many)
- [ ] Logical code organization
- [ ] Consistent formatting
**SOLID Principles:**
- Single Responsibility: [Assessment]
- Open/Closed: [Assessment]
- Liskov Substitution: [Assessment]
- Interface Segregation: [Assessment]
- Dependency Inversion: [Assessment]
**DRY (Don't Repeat Yourself):**
[Any duplicated logic that should be extracted?]
---
### Testing Considerations
**Test coverage gaps:**
- [Scenario not covered]
- [Edge case to add]
**Suggested test cases:**
```{{language}}
// Test: [Description]
[Test code suggestion]
```
---
### Suggestions (Nice to Have)
[Improvements that aren't blocking but would enhance the code]
1. [Suggestion] — Rationale: [Why it's better]
2. [Suggestion]
---
### Questions for the Author
[Clarifying questions about design decisions]
1. [Question about a specific choice]
2. [Question about edge case handling]
---
### Positive Callouts
[What was done well—acknowledge good work]
- [Specific thing that was well implemented]
---
## CHECKLIST
- [ ] No critical issues remaining
- [ ] Security review passed
- [ ] Performance is acceptable
- [ ] Code is readable and maintainable
- [ ] Error handling is appropriate
- [ ] Tests cover key scenarios
- [ ] Documentation updated (if needed)Try it in:
Variables to customize
| Variable | Description | Example |
|---|---|---|
{{code}} | The code to review | [Paste code here] |
{{language}} | Programming language | TypeScript |
{{purpose}} | What this code does | User authentication endpoint |
{{type}} | Type of change | new feature |
{{criticality}} | Production criticality | high |
Expected output
Structured code review with categorized issues, security analysis, and specific improvement suggestions.
Variations
Quick PR review
Quick review of this diff: {{diff}}. Focus only on: 1) Bugs or logic errors, 2) Security issues, 3) One suggestion for improvement. Skip style nits. Format: Verdict (Approve/Request Changes) + brief bullet points.