Step 3 · Code Review & Quality Check

Goal

Review code quality, identify technical debt, and ensure best practices are followed.

Instructions

You are in workflow step 3. Focus on code quality and maintainability.

Tasks to perform

1. Code Quality Analysis

  • Look for code smells.
  • Identify duplicated code.
  • Check for overly complex functions.
  • Review naming conventions.

2. Security Review

  • Check for security vulnerabilities.
  • Verify input validation.
  • Look for SQL injection risks.
  • Check for XSS vulnerabilities.

3. Performance Review

  • Identify N+1 query problems.
  • Look for inefficient algorithms.
  • Check for memory leaks.
  • Review database queries.

4. Best Practices

  • Verify PSR compliance (PHP), ESLint (JS/TS), PEP 8 (Python), or the relevant standard.
  • Check for proper error handling.
  • Review logging practices.
  • Verify proper use of design patterns.

5. Populate TODO.md

  • Create refactoring tasks.
  • Document security issues.
  • Note performance improvements.
  • List technical debt items.
  • Use the format: - [ ] [prefix]: description _(ref: workflows/dev-cycle/03-code-review.md)_
  • Status rules: [ ] = not started · [~] = in progress (one at a time) · [x] = done (prefix the date)

Expected Output

After completing this workflow step, TODO.md should contain:

  • Code quality improvements needed.
  • Security vulnerabilities to fix.
  • Performance optimizations to implement.
  • Technical debt to address.

If the code is clean, add:

- [ ] verify: Code review complete, no issues found _(ref: workflows/dev-cycle/03-code-review.md)_

Example TODO.md output

## Todo
- [ ] refactor: Extract user validation logic into separate service _(ref: workflows/dev-cycle/03-code-review.md)_
- [ ] security: Sanitize user input in contact form _(ref: workflows/dev-cycle/03-code-review.md)_
- [ ] performance: Add database index on users.email column _(ref: workflows/dev-cycle/03-code-review.md)_
- [ ] improve: Replace nested loops with more efficient algorithm _(ref: workflows/dev-cycle/03-code-review.md)_

Exit Criteria

This workflow step is complete when:

  • Code quality has been assessed across all dimensions.
  • TODO.md has been updated with actionable improvement tasks.
  • Security, performance, and maintainability issues are documented.