-
-
Notifications
You must be signed in to change notification settings - Fork 19
Self‐Review Checklist for Code Commits
Use this before every commit or PR. It combines IDE checks, GitHub checks, and ChatGPT prompts that surface bugs and improvements you would likely miss. If any of this is unfamiliar ask ChatGPT to explain. You can also paste in this checklist and have it guide you through.
With ChatGPT Connectors or Claude Code, you can give it access to the repo and just run the checklist for you (fastest). If you haven't learned about this, and "agentic swarm coding", you should get up to speed FAST if you plan to work in software development (as of 2025).
- Sync with main:
git fetch origin && git rebase origin/main - Stage intentionally:
git add -p - Review staged changes:
git diff --staged
- Commit does one coherent thing
- Inputs validated at boundaries; defaults explicit
- Edge cases considered: empty/None/null, 0/1, large N, unicode/emoji, timezones/DST
- Idempotency where relevant
- Randomness/time/network calls controllable in tests
- No swallowed exceptions
- Context-rich error messages
- Structured logs where appropriate
- Unit tests: positive, negative, boundary, regression
- Touched lines covered (aim ≥80% coverage locally)
- Tests isolated from wall-clock, network, global state
- Fixtures representative of real data
Run common stacks:
- Python:
pytest -q - JS/TS:
npm test -- --watchAll=false - Go:
go test ./...
- Names descriptive and consistent
- Functions < 50 lines; helpers extracted
- Comments/docstrings explain why
- Type hints / TS types up to date
- Formatters and linters run (
black,ruff,eslint,prettier)
- Big-O unchanged in hot paths
- No unnecessary memory copies
- Batch DB/Network operations
- Timeouts & retries bounded
- No secrets in code or diffs (
.env, keys, dumps ignored) - Inputs sanitized; no unsafe eval/exec
- SQL parameterized; file paths validated
- Dependencies scanned (
pip-audit,npm audit,go list -m -u all)
- Locks/awaits correct; shared state safe
- Timeouts on I/O
- Retries bounded with jitter
- Schema validated (pydantic/dataclasses/TS types)
- File readers robust to BOMs, CRLF, missing headers
- Time stored in UTC; conversions explicit
- CLI flags documented;
--helpupdated - HTTP APIs: pagination, 429/5xx handling
- UI: error/loading/empty states, accessibility basics
- Logs/metrics/traces for new failure modes
- Feature flags scoped
- Rollback plan if migration involved
- Remove
TODO|FIXME|HACK|XXX - Strip
print/console.log/debuggers - Normalize whitespace/line endings
- Exclude large/unwanted files (
git diff --staged --stat)
- Commit message follows Conventional Commits
-
git range-diff origin/main...HEADclean - PR self-reviewed in split view
- PR description includes risk + rollback notes
- All checks green
- Tests pass locally
- Risk and rollback noted in PR
- Ready for teammate review
Use these prompts with your staged diff (git diff --staged) or PR content. They speed up reviews and find issues you’d likely miss.
Act as a strict reviewer. Identify logic bugs, edge cases, race conditions, and missing tests. Return concrete patch diffs and name specific tests to add.
[paste git diff --staged]
List adversarial inputs for each public function in this diff and write minimal failing tests (pytest/Jest) that would catch them. Prefer property/metamorphic tests.
Estimate time/space complexity changes in this diff. Identify O(n²) or memory hotspots and suggest low-risk speedups.
Perform a security review of this diff: injection, deserialization, path traversal, secrets. For each risk, propose exact patches and tests.
Enumerate assumptions in this code (inputs, services, files). For each, provide a failure test and an improved error message.
Propose a 3-commit refactor plan with no behavior changes to improve readability and maintainability. Provide tiny diffs for each step.
Suggest a high-quality Conventional Commit message and PR description with:
- Why the change
- What changed
- Risks & rollback plan
- Test plan
Act as my adversarial reviewer. Attack assumptions in this diff. Where could it fail in production? Provide repro steps and fixes.
Propose observability hooks (logs, metrics, traces) for these functions. Give copy-paste snippets in the project’s style.
List quick wins from this diff: dead code removal, unused imports, better error messages, improved variable names. Output as a checklist.