Code Reviewer Guide¶
๐ฏ Complete Code Review Workflow with AI-SDLC Tools¶
This guide provides step-by-step instructions for code reviewers to leverage AI-SDLC automation tools for efficient and thorough code reviews.
๐ Code Review Workflow¶
1. Pre-Review Automated Validation¶
Step 1: Check automated quality gates
Required automated checks (must be green):
- โ Linting (ESLint)
- โ Formatting (Prettier)
- โ Smart tests (only changed files)
- โ Coverage thresholds (80/80/70)
- โ E2E tests (on PRs only)
- โ Security scan (GitGuardian + security-scanner.js)
- โ Branch naming convention
Step 2: Review test coverage changes
2. AI-Assisted Code Review¶
Use AI tools for initial analysis:
# Get AI code review suggestions
./scripts-complex/qodo-pr-agent.js analyze <PR-number>
# Security-focused review
./scripts-complex/security-scanner.js quick
AI review capabilities:
- Code quality analysis
- Security vulnerability detection
- Test coverage gaps identification
- Credit repair compliance validation
- Performance impact assessment
3. Manual Review Focus Areas¶
Since automation handles quality basics, focus on:
Business Logic Review¶
- [ ] Credit calculation accuracy (scores capped at 850)
- [ ] FCRA/FACTA compliance implementation
- [ ] Consumer data protection patterns
- [ ] Error handling for credit repair workflows
Architecture Review¶
- [ ] Component design patterns
- [ ] API contract adherence
- [ ] Database query optimization
- [ ] State management patterns
Domain Expertise Review¶
- [ ] Credit repair industry requirements
- [ ] Regulatory compliance implementation
- [ ] Consumer protection measures
- [ ] Data security best practices
๐ง Review Tool Usage¶
GitHub Integration¶
Command-line PR review:
# Checkout PR locally for testing
gh pr checkout <PR-number>
# Run full validation suite
npm run ci:test-fast
# Test E2E changes visually
npm run test:e2e-headed
Test Quality Assessment¶
Verify AI-generated tests are comprehensive:
# Check what tests were generated
find tests/ -name "*.test.js" -newer $(git merge-base HEAD main)
# Validate test quality
npm run test:changed -- --reporter=verbose
Test review checklist:
- [ ] Tests cover happy path
- [ ] Tests cover error conditions
- [ ] Tests include credit repair edge cases
- [ ] E2E tests validate user workflows
- [ ] Compliance requirements tested
Coverage Analysis¶
Review coverage changes:
# Generate coverage diff
npm run test:coverage -- --reporter=json > coverage-new.json
git checkout main
npm run test:coverage -- --reporter=json > coverage-main.json
diff coverage-main.json coverage-new.json
Coverage review criteria:
- [ ] Overall coverage maintained or improved
- [ ] No critical paths left uncovered
- [ ] New code has adequate test coverage
- [ ] Credit repair logic fully tested
๐ Automated Review Insights¶
Security Review¶
Automated security validation:
# Comprehensive security scan
./scripts-complex/security-scanner.js scan
# Check GitGuardian status
echo "GitGuardian status in PR checks"
Security review checklist (automated):
- [ ] No secrets in code
- [ ] No PII exposure
- [ ] Proper encryption implementation
- [ ] Secure authentication patterns
Performance Review¶
Performance impact analysis:
# Run performance monitoring
./ai-sdlc perf monitor
# Compare performance metrics
./ai-sdlc perf report
Performance review areas:
- [ ] Database query efficiency
- [ ] API response times
- [ ] Frontend rendering performance
- [ ] Credit report generation speed
๐จ Review Decision Framework¶
Approval Criteria¶
Automatic approval indicators:
- โ All automated checks pass
- โ Coverage thresholds met (80/80/70)
- โ E2E tests pass with no failures
- โ Security scan clean
- โ AI code review suggests approval
Manual verification required:
- Business logic correctness
- Credit repair compliance
- User experience impact
- Integration considerations
Rejection Criteria¶
Immediate rejection (automated):
- โ Any required check fails
- โ Coverage below thresholds
- โ Security vulnerabilities detected
- โ E2E test failures
- โ Branch naming violations
Manual rejection reasons:
- Incorrect business logic
- Missing compliance requirements
- Poor user experience
- Architectural concerns
๐ Deep Dive Review Process¶
1. Code Quality Assessment¶
Automated quality covered:
- Linting (ESLint)
- Formatting (Prettier)
- TypeScript compliance
- Import/export validation
Manual quality focus:
- Variable naming clarity
- Function complexity
- Code organization
- Comment quality for complex logic
2. Test Strategy Review¶
Validate test approach:
# Review test files for PR
git diff --name-only main...HEAD | grep -E "\.(test|spec)\."
# Check test patterns
grep -r "describe\|it\|test" tests/ | grep -f <(git diff --name-only)
Test strategy checklist:
- [ ] Unit tests for business logic
- [ ] Integration tests for API endpoints
- [ ] E2E tests for user workflows
- [ ] Edge case coverage
- [ ] Error condition testing
3. Credit Repair Domain Review¶
Domain-specific validation:
- [ ] Credit score calculations accurate
- [ ] FCRA Section 604 compliance
- [ ] Consumer consent handling
- [ ] PII data protection
- [ ] Dispute workflow correctness
AI-generated compliance tests:
๐ Review Metrics and Reporting¶
Review Efficiency Metrics¶
Track review performance:
- Time to first review (target: < 2 hours)
- Automated vs manual issues found
- Review accuracy (bugs caught vs missed)
- Approval/rejection rates
Quality Metrics¶
Code quality indicators:
- Test coverage percentage
- Code complexity scores
- Security vulnerability count
- Performance impact measurement
๐ Review Workflow Integration¶
PR Comment Templates¶
For approval with minor suggestions:
โ
**Approved with suggestions**
Automated checks: All passed โ
Coverage: X% (above threshold) โ
Security: Clean โ
E2E tests: Passed โ
**Minor suggestions:**
- Consider refactoring X for better readability
- Add documentation for complex credit calculation
**AI Review Summary:** [Include AI suggestions if relevant]
For changes requested:
๐ **Changes requested**
**Required changes:**
- [ ] Fix failing E2E test for credit dispute flow
- [ ] Increase coverage for error handling (currently X%, need 80%)
- [ ] Address security concern in PII handling
**Automated check status:**
- Tests: โ (requirement)
- Coverage: โ (below threshold)
- Security: โ
Please address required changes and re-request review.
Post-Review Actions¶
After approval:
After rejection:
- Clear feedback provided
- Specific action items listed
- Resources/documentation linked
- Available for follow-up questions
๐ฏ Credit Repair Specific Review¶
Compliance Code Review¶
FCRA compliance checklist:
- [ ] Permissible purpose validation
- [ ] Consumer notification requirements
- [ ] Accurate reporting standards
- [ ] Dispute resolution processes
FACTA compliance checklist:
- [ ] Identity verification processes
- [ ] Fraud alert implementation
- [ ] Credit monitoring features
- [ ] Secure disposal requirements
Data Security Review¶
PII protection validation:
- [ ] Encryption at rest and in transit
- [ ] Access control implementation
- [ ] Audit logging for sensitive operations
- [ ] Data retention policy compliance
๐ Reviewer Resources¶
Documentation Links¶
- Developer Workflow Guide - Understanding development process
- QA Team Workflow Guide - QA integration
- Scripts Reference - Tool command reference
- Glossary - Technical terminology
- Troubleshooting Guide - Common issues
Emergency Procedures¶
When automation fails:
- Check GitHub Actions logs
- Run local validation:
./ai-sdlc doctor - Escalate to development team if needed
- Document automation issues for improvement
๐ Review Success Indicators¶
Effective review outcomes:
- 95%+ automated check pass rate
- < 2 hour average review time
- 90%+ first-time approval rate (when automated checks pass)
- Zero security issues in production
- 98%+ credit repair compliance validation
Review efficiency with AI-SDLC:
- 70% reduction in manual review time
- 95% automated issue detection
- 90% faster feedback loop
- 85% fewer follow-up reviews needed