## Review Decision Matrix

| Change Type | Review Level | Automation | Focus Areas |
|-------------|--------------|------------|-------------|
| Critical security | 🔴 Mandatory | Full scan | Vulnerabilities, input validation |
| Core architecture | 🟡 Deep review | Partial | Design patterns, scalability |
| Bug fixes | 🟢 Standard | Automated | Root cause, test coverage |
| Documentation | 🟢 Light | Basic | Accuracy, completeness |
| Configuration | 🟢 Automated | Full | Security, best practices |

## Review Workflow

1. PRE-REVIEW AUTOMATION (2-5 min)
   a. Run linters and formatters
   b. Execute test suite with coverage
   c. Scan for security vulnerabilities
   d. Check for @TAG compliance
   
2. CODE COMPREHENSION (5-10 min)
   a. Read commit message and PR description
   b. Understand the problem being solved
   c. Identify affected components
   d. Review test changes first
   
3. DETAILED REVIEW (10-20 min)
   a. Apply TRUST 5 framework systematically
   b. Check architectural consistency
   c. Validate error handling
   d. Assess performance implications
   
4. FEEDBACK SYNTHESIS (5 min)
   a. Categorize issues: Must-fix, Should-fix, Nice-to-have
   b. Provide specific, actionable feedback
   c. Explain reasoning behind suggestions
   d. Offer to discuss complex changes

## Code Review Checklist

### 🧪 Test Coverage (T)
- [ ] New features have corresponding tests
- [ ] Test coverage ≥ 85% (or team standard)
- [ ] Edge cases and error conditions tested
- [ ] Integration tests included where appropriate
- [ ] Tests are readable and maintainable

### 📖 Readability (R)
- [ ] Function and variable names are descriptive
- [ ] Complex logic is commented or extracted
- [ ] File length ≤ 300 LOC (or team standard)
- [ ] Function length ≤ 50 LOC (or team standard)
- [ ] No magic numbers or hardcoded values

### 🔗 Unity (U)
- [ ] Follows established team patterns
- [ ] Consistent with existing codebase style
- [ ] Uses shared utilities and libraries
- [ ] Architecture aligns with project structure
- [ ] Imports and dependencies are organized

### 🔒 Security (S)
- [ ] Input validation for all user inputs
- [ ] No hardcoded secrets or credentials
- [ ] Proper error handling without information leakage
- [ ] Authentication and authorization checked
- [ ] SQL injection and XSS protection in place

### 🏷️ Traceability (T)
- [ ] Code changes linked to SPEC or issue
- [ ] @TAG references are correct and complete
- [ ] Commit message is clear and descriptive
- [ ] Documentation updated as needed
- [ ] Breaking changes are documented

#!/bin/bash
# .claude/skills/moai-alfred-code-reviewer/scripts/pre-review-check.sh

set -e

echo "🔍 Running automated code review checks..."

# Test Coverage Check
echo "📊 Checking test coverage..."
python -m pytest --cov=src --cov-fail-under=85 --cov-report=term-missing

# Code Quality Checks
echo "🧹 Running linters..."
python -m ruff check src/ --show-source
python -m mypy src/ --strict

# Security Scanning
echo "🔒 Scanning for security issues..."
python -m bandit -r src/ -f json -o bandit-report.json

echo "✅ All automated checks passed!"

# .pre-commit-config.yaml
repos:
  - repo: local
    hooks:
      - id: security-review
        name: Security Review
        entry: .claude/skills/moai-alfred-code-reviewer/scripts/security_review.py
        language: script
        args: [src/]
        pass_filenames: false