---
name: code-review
description: >
  Perform comprehensive code reviews covering bugs, style, performance, security,
  and best practices. Use this skill when the user mentions: review my code,
  check this code, code review, find bugs, improve code, refactor suggestions,
  security audit, performance optimization, code quality, static analysis.
license: MIT
metadata:
  author: Jiva Community
  version: 1.0.0
  tags: [code-quality, security, performance, best-practices]
---

# Code Review Skill

## Overview
Perform comprehensive code reviews analyzing bugs, style issues, performance bottlenecks, security vulnerabilities, and adherence to best practices.

## Workflow

### 1. Scan Code Structure
- Use `view` tool to read all relevant files in the codebase
- Identify file types, frameworks, and languages used
- Map dependencies and module relationships

### 2. Analyze Code Quality
Check for the following categories:

**Bugs & Logic Errors:**
- Null/undefined handling
- Off-by-one errors
- Race conditions
- Memory leaks
- Incorrect algorithm implementation

**Security Issues:**
- SQL injection vulnerabilities
- XSS vulnerabilities
- Authentication/authorization flaws
- Sensitive data exposure
- Unsafe dependencies

**Performance Problems:**
- Inefficient algorithms (O(n²) where O(n) possible)
- Unnecessary database queries
- Memory overuse
- Blocking operations
- Missing caching

**Code Style:**
- Naming conventions
- Code formatting inconsistencies
- Magic numbers/strings
- Dead code
- Overly complex functions

**Best Practices:**
- DRY (Don't Repeat Yourself) violations
- SOLID principles adherence
- Error handling patterns
- Testing coverage
- Documentation quality

### 3. Categorize Findings
Group issues by:
- **Critical**: Security vulnerabilities, data loss risks
- **High**: Bugs that cause crashes/errors
- **Medium**: Performance issues, maintainability problems
- **Low**: Style issues, minor improvements

### 4. Provide Solutions
For each issue:
- Explain WHY it's a problem
- Show the problematic code snippet
- Provide a SPECIFIC fix with code examples
- Explain the benefits of the fix

### 5. Generate Report
Structure the output as:

```
# Code Review Report

## Summary
- Total files reviewed: X
- Issues found: Y (Z critical, W high, V medium, U low)

## Critical Issues
[List critical issues with fixes]

## High Priority Issues
[List high priority issues with fixes]

## Medium Priority Issues
[List medium priority issues with fixes]

## Low Priority Issues
[List low priority issues with fixes]

## Strengths
[Mention good practices found in the code]

## Recommendations
[Overall suggestions for improvement]
```

## Resources

### When to Use References
- Read `references/security_checklist.md` when analyzing security
- Consult `references/performance_patterns.md` for performance optimization
- Check `references/language_guides/` for language-specific best practices

### Scripts (Future Enhancement)
- `scripts/run_linter.sh <file>` - Run automated linting
- `scripts/complexity_analysis.py <file>` - Calculate cyclomatic complexity
- `scripts/security_scan.py <dir>` - Run security vulnerability scanner

## Example Usage

**User:** "Review this authentication code"

**Process:**
1. Read authentication-related files with `view` tool
2. Check for common auth vulnerabilities (password storage, session management, etc.)
3. Analyze token handling and encryption
4. Check for privilege escalation risks
5. Provide detailed report with fixes

## Tips for Effective Reviews

1. **Be Specific**: Don't just say "improve error handling" - show exactly how
2. **Prioritize**: Focus on critical/high issues first
3. **Be Constructive**: Acknowledge good code practices too
4. **Provide Context**: Explain the "why" behind each suggestion
5. **Code Examples**: Always show concrete before/after code
6. **Consider Trade-offs**: Mention any downsides to suggested changes