All skills
Skillintermediate
PR Review Checklist
Use only relevant sections for the current pull request. Prefer depth over breadth.
Claude Code Knowledge Pack7/10/2026
Overview
PR Review Checklist
Use only relevant sections for the current pull request. Prefer depth over breadth.
1. Backend Code Quality and Structure
- Confirm naming follows project conventions.
- Confirm style and formatting align with repository standards.
- Flag duplicated logic that should be consolidated.
- Check separation of concerns across handlers/controllers, services, repositories, and domain logic.
- Flag complex functions or deeply nested branching that are hard to reason about or test.
- Flag unexplained magic numbers and hidden constants.
- Verify comments explain non-obvious logic and remove noise comments.
2. Security, Authentication, and Authorization
- Validate and sanitize all untrusted input.
- Verify SQL/database calls are parameterized.
- Verify authentication checks on protected backend operations.
- Verify authorization and role checks are complete on every sensitive code path.
- Flag hardcoded secrets, tokens, or credentials.
- Verify secure transport assumptions for sensitive backend operations.
- Flag dependency or package-level vulnerability concerns when visible.
3. Error Handling, Logging, and Observability
- Ensure expected failures are handled and surfaced safely.
- Ensure errors do not leak sensitive internals.
- Verify log level choices are appropriate.
- Verify cleanup paths for files, transactions, locks, and connections.
- Verify important operational signals are observable (metrics, traces, or structured logs where applicable).
4. Data Access and Migrations
- Check for N+1 queries and avoidable repeated database access.
- Validate indexes, query shape, and pagination for large datasets.
- Ensure schema changes include migrations.
- Ensure rollback or safe recovery path exists.
- Validate constraints and data integrity rules.
- Estimate migration impact on large datasets and runtime risk.
5. Performance and Scalability
- Check heavy computations and synchronous blocking work in request paths.
- Evaluate algorithmic complexity in hot paths.
- Verify async/concurrency usage avoids unnecessary blocking and race conditions.
- Check retry/backoff behavior for external dependencies.
- Identify useful caching opportunities when repeated reads dominate.
6. API Contracts and Backward Compatibility
- Validate API changes against existing contracts.
- Check backward compatibility and versioning impact.
- Ensure request/response and error formats stay consistent.
- Verify API behavior/documentation updates where needed.
- Consider rate limiting and abuse controls for exposed endpoints.
7. Testing Strategy
- Ensure new behavior has tests.
- Ensure tests cover boundary, failure, and concurrency cases.
- Ensure tests assert external behavior (not only implementation details).
- Ensure critical integration paths are exercised when changed.
- Verify mocks isolate external dependencies correctly.
8. Business Rules and Invariants
- Verify behavior matches requirements and acceptance criteria.
- Validate business-rule enforcement and edge cases.
- Verify auditability for high-risk backend operations.
- Flag flows that can violate invariants under concurrency.