By name: code-review description: Provide a structured checklist for reviewing code changes, PRs, and implementations. Use when reviewing completed work from /speckit.implement or conducting PR reviews. metadata: source: github/awesome-copilot adopted: 2026-02-03
Code Review Skill
Use this skill to conduct a comprehensive review of code changes. Evaluate the following areas and provide feedback organized by severity.
Severity Levels
| Severity | Description | Action Required |
|---|---|---|
| Blocker | Must fix before merge. Security vulnerabilities, broken functionality, specification violations. | Create task for immediate fix |
| Should Fix | Strongly recommended. Performance issues, missing tests, code smells. | Address before or during merge |
| Suggestion | Nice to have. Refactoring opportunities, alternative approaches. | Consider for future |
| Nit | Minor preference. Formatting, naming alternatives. | Optional |
Review Checklist
Correctness & Specification
- Change implements the specification and satisfies the tasks
- All acceptance criteria from spec.md are met
- Edge cases are handled gracefully
- Code integrates properly with existing components and data flows
- No logic errors or missing error handling
Test Coverage (TDD Compliance)
- Tests exist for all new functionality
- Tests cover both positive and negative scenarios
- Tests follow AAA pattern (Arrange, Act, Assert)
- Tests are deterministic and repeatable
- Test setup is clear and isolated from production code
- Coverage meets project requirements
Design & Architecture
- Code is consistent with planned architecture in plan.md
- Layer boundaries are respected (no dependency violations)
- Abstractions are clear and don't leak internal details
- Responsibilities are well divided across classes and functions
- SOLID principles are followed
- No unnecessary coupling between modules
Style & Readability
- Code follows project style guidelines
- Names are descriptive and consistent
- Code is easy to read and understand
- Comments explain "why" not "what"
- Dead code is removed
- No debug statements or console.log left behind
Security
- Inputs are validated and sanitized
- No injection risks (SQL, shell, template, XSS)
- Secrets handled securely (no hardcoded tokens)
- Authentication/authorization implemented correctly
- Sensitive data is protected/encrypted
- Error messages don't leak internal details
Performance
- No obvious performance bottlenecks
- Database queries are efficient (no N+1 problems)
- Resources are released properly
- Caching applied where appropriate
- Data structures appropriate for expected load
- Code scales horizontally or handles concurrency
LLM-Generated Code Scrutiny
Apply additional scrutiny for AI-generated implementations:
- Verify alignment to plan: Changes match spec/tasks
- Check for hallucinations: No unknown APIs or non-existent functions
- Enforce acceptance criteria: Tests cover intended behavior
- Maintain architecture: Watch for boundary violations
- Evaluate telemetry: New flows have spans and structured logs
Output Format
Structure your review as:
# Code Review
**Status**: APPROVED | APPROVED WITH COMMENTS | CHANGES REQUESTED
## Summary
{Brief assessment}
## Blockers
- [{file}:{line}] {issue description}
## Should Fix
- [{file}:{line}] {recommendation}
## Suggestions
- {improvement opportunity}
## Nits
- {minor preference}
## Technical Debt
{Items to track in docs/TECHNICAL_DEBT.md}
Review Principles
- Prefer facts and data over opinion
- Be specific: reference file paths and line numbers
- Keep feedback constructive and actionable
- If multiple valid approaches exist, accept author's choice
- Focus on the code, not the coder