API Review Checklist Prompt
Architecture review for the public surface: abstractions that earn their place, dependency direction, seams, and the patterns the codebase already has.
View Resource →Coding Workflows
Code Review Prompt Generator
"Review this code" gets you shallow comments. Pick the review focus — security, performance, correctness, production readiness — and get a review contract: real criteria, a dynamic checklist, a severity standard, and verdict rules. Runs entirely in your browser.
What is being reviewed, and what is at stake? E.g. "Review the authentication middleware before the release."
Paste the snippet, file, or diff here and the prompt carries it; leave empty and the prompt ends with a paste-here placeholder.
Review Checklist Preview (live — the checks your prompt will enforce)
Code Review Prompt
Code Review Prompt — the Review Contract
"Review this code" gets shallow comments. The review contract gets findings with severities, a checklist, and a verdict.
View Resource →Legacy Code Review Prompt
Mentoring-style maintainability review: what makes the next change expensive, explained with corrected examples — teach, don't just judge.
View Resource →Performance Code Review Prompt
Allocations in hot loops, N+1 queries, complexity against real input sizes — the performance review that thinks about production load.
View Resource →Production Readiness Review Prompt
SHIP or DO NOT SHIP: twelve checks on failure modes, observability, rollback, and load — the review that happens before the incident.
View Resource →Pull Request Review Prompt
Review the change as it will land: cross-file impact, deployment risk, migration safety — plus whether the PR does what its description says.
View Resource →Review AI-Generated Code
AI wrote it; review it with extra suspicion: strict correctness review of the diff, because generated code fails confidently.
View Resource →Review C# Code with AI
Correctness review with C#'s own traps: async deadlocks, undisposed IDisposables, double-enumerated LINQ, silenced nullability.
View Resource →Review JavaScript Code with AI
Best-practices review with JavaScript's own traps added: equality coercion, floating promises, this-binding, shared-object mutation.
View Resource →Security Code Review Prompt
Twelve security checks — injection, auth, secrets, SSRF, privilege escalation — reviewed the way an attacker would read the code.
View Resource →AI Code Review Workflow
A complete AI-assisted review pass — not one prompt — that ends with ranked findings, tests guarding behavior, and a refactor plan when one is warranted.
View Playbook →AI Legacy Code Modernization Workflow
Update old, risky code you didn't write — safely — by understanding and pinning its behavior in tests before you change a single line.
View Playbook →AI Code Refactoring Workflow
Restructure code you own without breaking it — change only what's worth changing, and prove with tests and a diff that behavior held.
View Playbook →AI Test Generation Workflow
Build a test suite that fails for real reasons, not green decoration — coverage across unit, integration, and edge cases, then a review for the gaps.
View Playbook →How it works
State the review objective — what is being reviewed and what's at stake — then pick the review focus: Correctness, Security, Performance, Maintainability, Readability, Architecture, Best Practices, or Production Readiness. Each focus swaps in its own real criteria set and a 10–12 item checklist (Security checks injection vectors and privilege paths; Performance checks allocations and N+1 queries) — the live preview shows exactly which checks your prompt will enforce. Set the review scope (Diff adds breaking-change and regression criteria; Pull Request adds cross-file, deployment, and migration risk), the language (each adds its own traps — async deadlocks for C#, mutable defaults for Python), and the review style — Production Gate asks one question of every finding: would you approve this for production? Optionally paste the code so the prompt carries it. Click Generate Review Prompt for the full contract: objective, scope, criteria, severity rules, checklist, output format, and verdict rules. Nothing leaves your browser.
Use cases
- Turning "review this code" into a security review that actually checks injection and auth
- Standardizing one review contract across the whole team
- Gating production deploys with a SHIP / DO NOT SHIP review
- Reviewing AI-generated code with the suspicion it deserves
Pro tips
- Pick the focus for what's at stake, not what's interesting: a payment handler gets Security, a batch job gets Performance, a hotfix gets Correctness. One focused review beats one shallow review of everything.
- The severity system is half the value: findings tagged [CRITICAL] through [NIT] are triageable; untagged findings are a wall of text. Keep it even when you trim other sections.
- Use Diff or Pull Request scope for changes — the breaking-change and regression criteria only appear there, and they're where reviews earn their keep.
- Production Gate plus Production Readiness focus is the strongest combination on the page: every finding answers "would this survive production?", and the verdict is a deployment decision with the minimal fix list.
FAQ
How is this different from asking the AI to refactor my code?
Direction. Review JUDGES the code: it reports findings with severities and a verdict, and the generated prompt explicitly says "report findings; do not rewrite the code". Refactoring CHANGES the code — that's the Refactor Prompt Builder, coming soon in this category. Review first, refactor second: you want to agree on what's wrong before anything gets rewritten.
Does the review focus really change the review, or just the title?
It swaps the entire criteria set and checklist. Security reviews check authentication on every entry point, injection vectors, secrets in code, privilege escalation, SSRF — twelve checks. Performance reviews check hot-loop allocations, N+1 queries, algorithmic complexity, resource leaks — ten different checks. The live preview shows the exact list before you generate.
What does the severity system do?
It forces every finding to carry exactly one tag — [CRITICAL], [MAJOR], [MINOR], or [NIT] — with defined meanings (CRITICAL = must fix before merge; NIT = optional style preference) and one calibration rule: severity reflects impact, not effort to fix. Tagged findings are triageable; without tags, a review is just opinions in a row.
What changes between the review scopes?
The criteria. A snippet is judged on its own terms; a file adds structure and ownership; a Diff adds breaking changes, backward compatibility, regression risk, and whether the diff does one thing; a Pull Request adds cross-file impact, deployment risk, and migration risk. Reviewing a diff with snippet criteria misses exactly the things diffs break.
Should I paste my code into the tool?
Optional. Paste it and the prompt carries it in a fenced block — one artifact to copy into the AI. Leave it empty and the prompt ends with a paste-here placeholder. Either way the code is never executed or rendered — it travels as plain text, and nothing leaves your browser.
Can I use this for SQL code?
For review, yes — the SQL language mode adds review-perspective checks: SELECT * in production paths, indexes implied by WHERE clauses, scan-forcing predicates. Deep query optimization — execution plans, schema context, rewrites — is a different job with different inputs: that's the SQL Optimization Prompt, coming soon in this category.