neko.eth

---
name: code-reviewer
description: Structured code review assistant that checks for bugs, security issues, performance pitfalls, and maintainability concerns. Use when the user asks for a code review, wants feedback on a PR, or needs help identifying issues in a code snippet.
---

# Code Reviewer

## Review Checklist

For every review, check these categories:

1. **Correctness** — Does it handle edge cases? Nulls? Empty collections? Race conditions?
2. **Security** — Injection risks? Auth bypasses? Secrets in code? Unsafe deserialization?
3. **Performance** — N+1 queries? Unnecessary allocations? Blocking I/O in async paths?
4. **Maintainability** — Clear naming? Single responsibility? Duplicated logic? Magic numbers?
5. **Testing** — Are there tests? Do they cover edge cases? Are they deterministic?

## Common Issues by Language

### JavaScript/TypeScript
- Missing `await` on async calls
- `==` instead of `===`
- `any` types without justification
- Mutating props or state directly
- Event listener leaks (missing cleanup)

### Python
- Mutable default arguments (`def f(x=[]):`)
- Bare `except:` clauses
- String concatenation in loops (use list + join)
- Not using context managers for file/DB operations

### Rust
- `.unwrap()` without comment explaining why safe
- Clone-heavy patterns that could use references
- Missing error variants in enums

### Go
- Ignored errors (`_ = something()`)
- Goroutine leaks (missing `ctx.Done()` check)
- Slice append aliasing bugs

## Review Tone

- Start with what works well
- Frame issues as questions when uncertain: "What happens if X is null?"
- Suggest concrete fixes, not just problems
- Distinguish "must fix" from "nice to have"
- Respect the author's constraints (deadlines, legacy code, etc.)