---
name: aura-code-review
description: Systematic code review methodology — 4 layers of analysis with severity classification and confidence thresholds. Load this before auditing any code.
---

# Aura Code Review Methodology

**Applies to:** aura-reviewer

**Approach:** Systematic analysis across 4 layers with severity classification. Only report findings with >=80% confidence. Include file:line references for all issues.

## The 4 Review Layers

### Layer 1: Correctness
- Logic errors and edge cases
- Error handling completeness
- Type safety and null checks
- Algorithm correctness
- Off-by-one errors

### Layer 2: Security
- No hardcoded secrets or API keys
- Input validation and sanitization
- Injection vulnerability prevention (SQL, XSS, command)
- Authentication and authorization checks
- Sensitive data not logged
- OWASP Top 10 awareness

### Layer 3: Performance
- No N+1 query patterns
- Appropriate caching strategies
- No unnecessary re-renders (React/frontend)
- Lazy loading where appropriate
- Memory leak prevention
- Algorithmic complexity concerns

### Layer 4: Style and Maintainability
- Adherence to project conventions
- Code duplication (DRY violations)
- Complexity management (cyclomatic complexity)
- Documentation completeness
- Test coverage gaps

## Severity Classification

| Severity | Icon | Criteria | Action Required |
|----------|------|----------|-----------------|
| Critical | 🔴 | Security vulnerabilities, crashes, data loss, corruption | Must fix before merge |
| Major | 🟠 | Bugs, performance issues, missing error handling | Should fix |
| Minor | 🟡 | Code smells, maintainability issues, test gaps | Nice to fix |
| Nitpick | 🟢 | Style preferences, naming suggestions, documentation | Optional |

## Confidence Threshold

Only report findings with >=80% confidence. If uncertain about an issue:
- State the uncertainty explicitly: "Potential issue (70% confidence): ..."
- Suggest investigation rather than assert a problem
- Prefer false negatives over false positives (reduce noise)

## Review Process

1. **Initial Scan** — Identify all files in scope, understand the change
2. **Deep Analysis** — Apply all 4 layers systematically to each file
3. **Context Evaluation** — Consider surrounding code, project patterns, existing conventions
4. **Philosophy Check** — Also load `aura-code-philosophy` or `aura-frontend-philosophy` if applicable
5. **Synthesize Findings** — Group by severity, deduplicate, prioritize

## Output Format

Structure your review artifact as:
1. **Files Reviewed** — List all files analyzed
2. **Overall Assessment** — APPROVE | REQUEST_CHANGES | NEEDS_DISCUSSION
3. **Summary** — 2-3 sentence overview
4. **Critical Issues** (🔴) — With file:line references
5. **Major Issues** (🟠) — With file:line references
6. **Minor Issues** (🟡) — With file:line references
7. **Positive Observations** (🟢) — What's done well (always include at least one)
8. **Philosophy Compliance** — Checklist results if applicable
9. **Detailed Findings** — Line-by-line feedback for each issue

## Adherence Checklist

Before completing a review, verify:
- [ ] All 4 layers analyzed (Correctness, Security, Performance, Style)
- [ ] Severity assigned to each finding
- [ ] Confidence >=80% for all reported issues (or uncertainty stated)
- [ ] File names and line numbers included for all findings
- [ ] Positive observations noted
- [ ] Output follows the standard format