# Code Review

## Purpose

Review code with a bug-finding mindset that prioritizes correctness, regressions, risky assumptions, edge cases, and missing tests over style commentary.

## When to use

- Reviewing a pull request or patch
- Auditing a risky change before merge
- Evaluating whether a change is safe to ship
- Checking for test and documentation gaps

## Inputs to gather

- The diff or changed files
- Nearby code paths and contracts affected by the change
- Existing tests, especially those intended to cover the modified behavior
- Context on expected behavior, rollout risk, and compatibility requirements

## How to work

- Start with correctness, then move to regressions, then test gaps, then maintainability risks.
- Trace changed code through call sites, error paths, and data flow rather than reading only the edited lines in isolation.
- Focus comments on issues that materially affect behavior, safety, or maintainability.
- Be explicit about severity and the concrete consequence of each issue.
- Keep summary brief after listing the findings.

## Output expectations

- A prioritized list of findings with clear reasoning
- Open questions or assumptions that affect confidence
- Brief summary of overall risk after the findings

## Quality checklist

- Findings identify real behavior or verification risk, not cosmetic preferences.
- Severity is proportional to user impact and likelihood.
- Missing tests are called out where they reduce confidence materially.
- If no issues are found, residual risk and coverage gaps are still noted.

## Handoff notes

- Include file references and tight line references when available.
- Distinguish confirmed issues from lower-confidence concerns.