Code Reviewer

What Is Code Reviewer?

Code Reviewer is an automated code review skill designed to streamline and enhance the quality assurance process for software projects. Supporting TypeScript, JavaScript, Python, Go, Swift, and Kotlin, it automates the analysis of pull requests (PRs), detects code quality issues, and generates comprehensive review reports. The tool focuses on identifying code complexity, risk factors, and adherence to best practices such as the SOLID principles. By automating repetitive and error-prone aspects of code review, Code Reviewer helps teams maintain high code standards and reduce the likelihood of introducing bugs or vulnerabilities.

Why Use Code Reviewer?

Manual code reviews are time-consuming and prone to oversight, especially in fast-paced development environments or large codebases. Code Reviewer addresses these challenges by:

• Automating tedious checks: It scans for common issues such as hardcoded secrets, SQL injection patterns, and improper type usage.
• Consistent quality assurance: Automated checks enforce coding standards and best practices uniformly across the team.
• Early risk detection: It categorizes risks and flags critical issues before code is merged, reducing the chance of bugs reaching production.
• Faster PR turnaround: By providing initial automated feedback, Code Reviewer enables reviewers to focus on logic and architectural concerns, thus speeding up the review process.

For organizations seeking to balance velocity with code quality, Code Reviewer acts as a first line of defense, ensuring that only high-confidence, compliant code progresses through the pipeline.

How to Get Started

To integrate Code Reviewer into your workflow, follow these steps:

1. Clone the Repository:

   bash

   git clone https://github.com/alirezarezvani/claude-skills.git
   cd claude-skills/engineering-team/code-reviewer

2. Install Dependencies:

   Ensure you have Python installed. Then, install required dependencies:

   bash

   pip install -r requirements.txt

3. Run PR Analysis:

   To analyze the current branch against main:

   bash

   python scripts/pr_analyzer.py /path/to/repo

   To compare two specific branches:

   bash

   python scripts/pr_analyzer.py . --base main --head feature-branch

   For machine-readable output (integration with CI/CD):

   bash

   python scripts/pr_analyzer.py /path/to/repo --json

4. Review Output:

   The tool generates a report including a complexity score, risk categorization, and a summary of detected issues.

Key Features

PR Analyzer

The PR Analyzer compares the git diff between branches. It calculates a complexity score (1-10) and categorizes risk as critical, high, medium, or low. Its detection capabilities include:

• Hardcoded secrets: Detects literals resembling passwords, API keys, or tokens.
• SQL injection patterns: Flags string concatenation in database queries.
• Debug statements: Identifies lingering console.log, debugger, or similar statements.
• ESLint rule suppression: Warns when ESLint rules are disabled in the code.
• TypeScript “any” types: Highlights usage of the any type, which undermines type safety.
• TODO/FIXME comments: Lists areas of code marked for future work or fixes.

Example output:

{
  "complexity_score": 6,
  "risk": "medium",
  "issues": [
    {
      "type": "hardcoded_secret",
      "file": "src/config.js",
      "line": 12,
      "snippet": "const API_KEY = 'abcd1234secret';"
    },
    {
      "type": "debug_statement",
      "file": "src/server.py",
      "line": 88,
      "snippet": "print('Debug mode enabled')"
    }
  ]
}

Code Quality Checker

The Code Quality Checker analyzes code for SOLID principle violations and common code smells. For example, it might flag a Python function that violates the Single Responsibility Principle (SRP):

def process_and_save(user_data):
    # Processes user data
    processed = clean_data(user_data)
    # Saves to database
    db.save(processed)

Feedback: "Function process_and_save performs multiple responsibilities. Consider separating data processing and persistence logic."

Review Report Generator

This tool aggregates findings into a structured review report, summarizing:

• Detected issues and their severity
• Complexity analysis
• Risk assessment
• Recommended actions

Such reports can be integrated into PR comments or CI/CD checks for developer visibility.

Best Practices

• Integrate with CI/CD: Automate PR checks by invoking Code Reviewer in your pipeline to prevent merging code with unresolved high-severity issues.
• Use JSON output: For deeper integration, use the JSON output to feed results into dashboards or custom alert systems.
• Act on actionable feedback: Treat highlighted issues, especially those marked as critical or high risk, as blocking for merges.
• Iterative improvement: Regularly review the types of issues flagged to evolve your team’s code standards and practices.
• Customize as needed: Extend detection rules or tailor the tool to focus on project-specific risks and coding conventions.

Important Notes

• Language support: Code Reviewer currently supports TypeScript, JavaScript, Python, Go, Swift, and Kotlin. For other languages, results may be incomplete.
• Not a substitute for human review: While it automates many checks, nuanced design and architectural decisions still require human judgment.
• Sensitive data: Ensure that reports do not expose secrets or proprietary code when used in public or shared channels.
• Resource requirements: For large repositories, initial scans may take several minutes. Consider running on dedicated CI/CD runners.
• Extensibility: The tool is open source and can be extended to enforce project-specific guidelines or integrate with custom workflows.

By leveraging Code Reviewer, development teams can automate critical aspects of code review, accelerate feedback loops, and maintain high code quality with less manual effort.