Skip to content

Code Review

Reviewer Responsibilities

As a reviewer you are checking: - Correctness — does it do what the issue says? - Security — no injection, no hardcoded secrets, no exposed credentials - Test coverage — critical paths have tests or a clear reason they don't - Style — CI (lint/format) handles style; don't block on style CI already catches

AI Review

Every PR receives an automatic Claude review. It checks: - Logical correctness and edge cases - Security vulnerabilities (OWASP top 10) - Test coverage gaps - Performance concerns

You don't need to re-check what Claude has already flagged unless you disagree. Respond to Claude's comments in the PR thread.

Human Review

  • CODEOWNERS auto-assigns reviewers based on the files changed
  • 1 approval required before merge
  • Review within 2 business days of PR submission
  • If you need more time, comment to let the author know

Requesting Re-review

After addressing review comments: 1. Mark all resolved threads as resolved 2. Re-request review from the same reviewer 3. Add a summary comment: "Addressed all comments — ready for re-review"

What NOT to Block On

  • Formatting/style (CI handles this)
  • Minor naming preferences
  • Alternative implementations that are equally correct
  • Speculative "what if" concerns not relevant to the current change