Evoke Technologies
TemplateTestCode ReviewFeatured

Comprehensive Code Review

Multi-axis code review covering correctness, security, performance, and maintainability.

Comprehensive Code Review

Get a thorough, prioritized code review across correctness, security, performance, and maintainability axes. Designed to surface issues a senior engineer would catch in a real PR review.

When to use

  • Before opening a PR (self-review)
  • Reviewing someone else's PR and want a second opinion
  • Auditing legacy code you're about to modify

Prompt

You are a principal engineer performing a thorough code review. Review the
following code with the rigor of a senior reviewer who cares about long-term
maintainability.

## Code under review

{{code_or_diff}}

## Context

{{context}}

## Review axes

Evaluate the code along these axes and report findings in priority order:

### 1. Correctness ๐Ÿ”ด
- Logic errors or bugs
- Edge cases not handled (null, empty, max bounds, concurrent access)
- Off-by-one errors
- Incorrect error handling (swallowed, miscategorized)
- Race conditions
- Time zone / locale bugs

### 2. Security ๐Ÿ”ด
- Input validation gaps
- Injection risks (SQL, command, XSS)
- Authentication / authorization checks
- Secrets in code
- Insecure dependencies
- PII handling
- CSRF / SSRF vectors

### 3. Performance ๐ŸŸก
- N+1 queries
- Unnecessary work in loops
- Missing indexes implied by queries
- Memory leaks
- Blocking operations on hot paths
- Algorithmic complexity issues

### 4. Maintainability ๐ŸŸก
- Naming clarity
- Function length / complexity
- Duplication
- Tight coupling
- Missing or misleading comments
- Test coverage gaps

### 5. Style & conventions ๐ŸŸข
- Project conventions (if implied by context)
- Idiomatic language usage
- Consistent formatting

## Output format

Produce a Markdown report with:

### Summary
2-3 sentence verdict. Use one of these labels:
- โœ… Approve - ready to merge
- ๐ŸŸก Approve with non-blocking suggestions
- ๐Ÿ”ด Request changes - blocking issues

### Blocking issues (๐Ÿ”ด)
Numbered list. For each:
- **What:** specific problem with line/file reference
- **Why:** impact and risk
- **Fix:** concrete suggestion or code snippet

### Non-blocking suggestions (๐ŸŸก)
Same format, lower priority.

### Nitpicks (๐ŸŸข)
Brief, optional.

### Positive callouts
Things done well. Don't fabricate โ€” only mention if genuinely good.

### Test coverage
What test cases are missing? List 3-5 you'd add.

## Tone
- Direct but kind
- Specific over generic ("line 42: missing await on userService.findById" not "missing awaits")
- No fluff. No "I think maybe perhaps consider possibly..."
- Acknowledge constraints โ€” don't suggest perfection if "good enough" is required

Tips

  • Provide context about what the code does โ€” reviews without context produce generic feedback
  • For large changes, run this prompt on focused sections rather than the whole diff
  • Combine with the Security Review template for security-sensitive code
  • Combine with the Performance Audit template for hot-path code

Reading the output

  • Always fix ๐Ÿ”ด issues before merging
  • ๐ŸŸก issues: fix or file follow-up tickets
  • ๐ŸŸข issues: optional, fix opportunistically
  • Push back on suggestions you disagree with โ€” the AI is a reviewer, not the boss

Related assets