peopleanalyst

Tools · Software engineering

Code Review Checklist

Describe a project — get a context-fit code-review rubric.

How it works

Corpus-grounded (software-engineering cluster). Builds a review rubric tailored to the stack/team — categories of checks, what BLOCKS a merge vs. what's a NIT, and what to automate so reviewers aren't human linters.

You bring

{ context, cluster? }

You get

{ context_summary, categories[]{category, checks[]}, blocking[], nits[], automation_suggestions[], riskiest_assumptions[], grounded_in, provenance }

Use it for

See it work

example output

Project: a TypeScript React frontend + Node/Express API, a 4-engineer team shipping to production daily.

Code-Review Checklist — TS/React + Node API (4-engineer team, daily ship)

Context: Small team, fast cadence — the rubric optimizes for catching real defects and offloading mechanical checks to CI so reviewers aren't human linters.

Review categories

Correctness

  • Does it do what the PR description says? Are edge cases / empty states handled?
  • Error paths handled (no swallowed promises, no unhandled rejections)?
  • API inputs validated and typed at the boundary?

Security

  • No secrets in code; env vars used.
  • User input sanitized; authorization checked on every new endpoint (not just authentication).

Data & state

  • DB migrations reversible; no N+1 in new queries.
  • React state: no derived state stored; effects have correct dependency arrays.

Tests & maintainability

  • New logic has a test; the test would fail without the change.
  • Names + boundaries clear; no copy-paste duplication of an existing utility.

Blocks the merge

  • Failing CI / type errors · missing authorization on a new endpoint · an unhandled error path on a critical flow · a committed secret · no test for new business logic.

Nits (comment, don't block)

  • Naming / style preferences · minor refactors · "I'd have done it differently" · non-critical TODOs.

Automate (stop reviewing by hand)

  • Formatting + lint (Prettier / ESLint) on pre-commit and CI.
  • Type-check + test suite as required status checks.
  • Bundle-size + dependency-audit bots.

Riskiest assumptions

  • That CI already enforces lint / type / test — if not, that's step zero; don't burn reviewers on it.
  • That "daily ship" leaves room for review at all; consider a review-time SLA.

Grounded in: software-engineering review discipline — block-vs-nit signal, automate-the-mechanical (SWE cluster).

Run it now

Generate a code-review checklist

Get a context-specific review rubric — categories of checks, what blocks a merge vs. what's a nit, and what to automate instead of reviewing by hand.

Prefer code? Call it over the API or hand it to your AI agent via MCP — POST /api/bicycle/code-review-checklist · build_code_review_checklist. API & agent access →

← All tools