sop-code-review

Comprehensive code review using specialized reviewers for different quality aspects.

Phases: • Automated Checks (30 min) • Specialized Reviews (2 hours) • Integration Review (1 hour) • Final Approval (30 min) ---

Parallel Automated Testing: `javascript // Initialize review swarm await mcp__ruv-swarm__swarm_init({ topology: 'star', // Coordinator pattern for reviews maxAgents: 6, strategy: 'specialized' }); // Run all automated checks in parallel const [lint, tests, coverage, build] = await Promise.all([ Task("Linter", ` Run linting checks: • ESLint for JavaScript/TypeScript • Pylint for Python • RuboCop for Ruby • Check for code style violations Store results: code-review/${prId}/lint-results `, "reviewer"), Task("Test Runner", ` Run test suite: • Unit tests • Integration tests • E2E tests (if applicable) • All tests must pass Store results: code-review/${prId}/test-results `, "tester"), Task("Coverage Analyzer", ` Check code coverage: • Overall coverage > 80% • New code coverage > 90% • No critical paths uncovered Generate coverage report Store: code-review/${prId}/coverage-report `, "reviewer"), Task("Build Validator", ` Validate build: • Clean build (no warnings) • Type checking passes • No broken dependencies • Bundle size within limits Store build results: code-review/${prId}/build-status `, "reviewer") ]); // If any automated check fails, stop and request fixes if (hasFailures([lint, tests, coverage, build])) { await Task("Review Coordinator", ` Automated checks failed. Request fixes from author: ${summarizeFailures([lint, tests, coverage, build])} Store feedback: code-review/${prId}/automated-feedback `, "pr-manager"); return; // Stop review until fixed } ` Deliverables: • All automated checks passing • Test results documented • Coverage report generated ---

Sequential coordination of parallel reviews: `javascript // Spawn specialized reviewers in parallel const [codeQuality, security, performance, architecture, docs] = await Promise.all([ Task("Code Quality Reviewer", ` Review for code quality: Readability: • Clear, descriptive names (variables, functions, classes) • Appropriate function/method length (< 50 lines) • Logical code organization • Minimal cognitive complexity Maintainability: • DRY principle (no code duplication) • SOLID principles followed • Clear separation of concerns • Proper error handling Best Practices: • Following language idioms • Proper use of design patterns • Appropriate comments (why, not what) • No code smells (magic numbers, long parameter lists) Store review: code-review/${prId}/quality-review Rating: 1-5 stars `, "code-analyzer"), Task("Security Reviewer", ` Review for security issues: Authentication & Authorization: • Proper authentication checks • Correct authorization rules • No privilege escalation risks • Secure session management Data Security: • Input validation (prevent injection attacks) • Output encoding (prevent XSS) • Sensitive data encryption • No hardcoded secrets or credentials Common Vulnerabilities (OWASP Top 10): • SQL Injection prevention • XSS prevention • CSRF protection • Secure dependencies (no known vulnerabilities) Store review: code-review/${prId}/security-review Severity: Critical/High/Medium/Low for each finding `, "security-manager"), Task("Performance Reviewer", ` Review for performance issues: Algorithmic Efficiency: • Appropriate time complexity (no unnecessary O(n²)) • Efficient data structures chosen • No unnecessary iterations • Lazy loading where appropriate Resource Usage: • No memory leaks • Proper cleanup (connections, files, timers) • Efficient database queries (avoid N+1) • Batch operations where possible Optimization Opportunities: • Caching potential • Parallelization opportunities • Database index needs • API call optimization Store review: code-review/${prId}/performance-review Impact: High/Medium/Low for each finding `, "perf-analyzer"), Task("Architecture Reviewer", ` Review for architectural consistency: Design Patterns: • Follows established patterns in codebase • Appropriate abstraction level • Proper dependency injection • Clean architecture principles Integration: • Fits well with existing code • No unexpected side effects • Backward compatibility maintained • API contracts respected Scalability: • Design supports future growth • No hardcoded limits • Stateless where possible • Horizontally scalable Store review: code-review/${prId}/architecture-review Concerns: Blocker/Major/Minor for each finding `, "system-architect"), Task("Documentation Reviewer", ` Review documentation: Code Documentation: • Public APIs documented (JSDoc/docstring) • Complex logic explained • Non-obvious behavior noted • Examples provided where helpful External Documentation: • README updated (if needed) • API docs updated (if API changed) • Migration guide (if breaking changes) • Changelog updated Tests as Documentation: • Test names are descriptive • Test coverage demonstrates usage • Edge cases documented in tests Store review: code-review/${prId}/docs-review Completeness: 0-100% `, "api-docs") ]); // Aggregate all reviews await Task("Review Aggregator", ` Aggregate specialized reviews: • Quality: ${codeQuality} • Security: ${security} • Performance: ${performance} • Architecture: ${architecture} • Documentation: ${docs} Identify: • Blocking issues (must fix before merge) • High-priority suggestions • Nice-to-have improvements Generate summary Store: code-review/${prId}/aggregated-review `, "reviewer"); ` Deliverables: • 5 specialized reviews completed • Issues categorized by severity • Aggregated review summary ---