SOP: Code Review Workflow
Comprehensive code review using specialized reviewers for different quality aspects.
Timeline: 4 Hours
Phases:
- Automated Checks (30 min)
- Specialized Reviews (2 hours)
- Integration Review (1 hour)
- Final Approval (30 min)
Phase 1: Automated Checks (30 minutes)
Quick Quality Checks
Parallel Automated Testing:
javascript1// Initialize review swarm 2await mcp__ruv-swarm__swarm_init({ 3 topology: 'star', // Coordinator pattern for reviews 4 maxAgents: 6, 5 strategy: 'specialized' 6}); 7 8// Run all automated checks in parallel 9const [lint, tests, coverage, build] = await Promise.all([ 10 Task("Linter", ` 11Run linting checks: 12- ESLint for JavaScript/TypeScript 13- Pylint for Python 14- RuboCop for Ruby 15- Check for code style violations 16 17Store results: code-review/${prId}/lint-results 18`, "reviewer"), 19 20 Task("Test Runner", ` 21Run test suite: 22- Unit tests 23- Integration tests 24- E2E tests (if applicable) 25- All tests must pass 26 27Store results: code-review/${prId}/test-results 28`, "tester"), 29 30 Task("Coverage Analyzer", ` 31Check code coverage: 32- Overall coverage > 80% 33- New code coverage > 90% 34- No critical paths uncovered 35 36Generate coverage report 37Store: code-review/${prId}/coverage-report 38`, "reviewer"), 39 40 Task("Build Validator", ` 41Validate build: 42- Clean build (no warnings) 43- Type checking passes 44- No broken dependencies 45- Bundle size within limits 46 47Store build results: code-review/${prId}/build-status 48`, "reviewer") 49]); 50 51// If any automated check fails, stop and request fixes 52if (hasFailures([lint, tests, coverage, build])) { 53 await Task("Review Coordinator", ` 54Automated checks failed. Request fixes from author: 55${summarizeFailures([lint, tests, coverage, build])} 56 57Store feedback: code-review/${prId}/automated-feedback 58`, "pr-manager"); 59 return; // Stop review until fixed 60}
Deliverables:
- All automated checks passing
- Test results documented
- Coverage report generated
Phase 2: Specialized Reviews (2 hours)
Parallel Expert Reviews
Sequential coordination of parallel reviews:
javascript1// Spawn specialized reviewers in parallel 2const [codeQuality, security, performance, architecture, docs] = await Promise.all([ 3 Task("Code Quality Reviewer", ` 4Review for code quality: 5 6**Readability**: 7- Clear, descriptive names (variables, functions, classes) 8- Appropriate function/method length (< 50 lines) 9- Logical code organization 10- Minimal cognitive complexity 11 12**Maintainability**: 13- DRY principle (no code duplication) 14- SOLID principles followed 15- Clear separation of concerns 16- Proper error handling 17 18**Best Practices**: 19- Following language idioms 20- Proper use of design patterns 21- Appropriate comments (why, not what) 22- No code smells (magic numbers, long parameter lists) 23 24Store review: code-review/${prId}/quality-review 25Rating: 1-5 stars 26`, "code-analyzer"), 27 28 Task("Security Reviewer", ` 29Review for security issues: 30 31**Authentication & Authorization**: 32- Proper authentication checks 33- Correct authorization rules 34- No privilege escalation risks 35- Secure session management 36 37**Data Security**: 38- Input validation (prevent injection attacks) 39- Output encoding (prevent XSS) 40- Sensitive data encryption 41- No hardcoded secrets or credentials 42 43**Common Vulnerabilities** (OWASP Top 10): 44- SQL Injection prevention 45- XSS prevention 46- CSRF protection 47- Secure dependencies (no known vulnerabilities) 48 49Store review: code-review/${prId}/security-review 50Severity: Critical/High/Medium/Low for each finding 51`, "security-manager"), 52 53 Task("Performance Reviewer", ` 54Review for performance issues: 55 56**Algorithmic Efficiency**: 57- Appropriate time complexity (no unnecessary O(n²)) 58- Efficient data structures chosen 59- No unnecessary iterations 60- Lazy loading where appropriate 61 62**Resource Usage**: 63- No memory leaks 64- Proper cleanup (connections, files, timers) 65- Efficient database queries (avoid N+1) 66- Batch operations where possible 67 68**Optimization Opportunities**: 69- Caching potential 70- Parallelization opportunities 71- Database index needs 72- API call optimization 73 74Store review: code-review/${prId}/performance-review 75Impact: High/Medium/Low for each finding 76`, "perf-analyzer"), 77 78 Task("Architecture Reviewer", ` 79Review for architectural consistency: 80 81**Design Patterns**: 82- Follows established patterns in codebase 83- Appropriate abstraction level 84- Proper dependency injection 85- Clean architecture principles 86 87**Integration**: 88- Fits well with existing code 89- No unexpected side effects 90- Backward compatibility maintained 91- API contracts respected 92 93**Scalability**: 94- Design supports future growth 95- No hardcoded limits 96- Stateless where possible 97- Horizontally scalable 98 99Store review: code-review/${prId}/architecture-review 100Concerns: Blocker/Major/Minor for each finding 101`, "system-architect"), 102 103 Task("Documentation Reviewer", ` 104Review documentation: 105 106**Code Documentation**: 107- Public APIs documented (JSDoc/docstring) 108- Complex logic explained 109- Non-obvious behavior noted 110- Examples provided where helpful 111 112**External Documentation**: 113- README updated (if needed) 114- API docs updated (if API changed) 115- Migration guide (if breaking changes) 116- Changelog updated 117 118**Tests as Documentation**: 119- Test names are descriptive 120- Test coverage demonstrates usage 121- Edge cases documented in tests 122 123Store review: code-review/${prId}/docs-review 124Completeness: 0-100% 125`, "api-docs") 126]); 127 128// Aggregate all reviews 129await Task("Review Aggregator", ` 130Aggregate specialized reviews: 131- Quality: ${codeQuality} 132- Security: ${security} 133- Performance: ${performance} 134- Architecture: ${architecture} 135- Documentation: ${docs} 136 137Identify: 138- Blocking issues (must fix before merge) 139- High-priority suggestions 140- Nice-to-have improvements 141 142Generate summary 143Store: code-review/${prId}/aggregated-review 144`, "reviewer");
Deliverables:
- 5 specialized reviews completed
- Issues categorized by severity
- Aggregated review summary
Phase 3: Integration Review (1 hour)
End-to-End Impact Assessment
Sequential Analysis:
javascript1// Step 1: Integration Testing 2await Task("Integration Tester", ` 3Test integration with existing system: 4- Does this change break any existing functionality? 5- Are all integration tests passing? 6- Does it play well with related modules? 7- Any unexpected side effects? 8 9Run integration test suite 10Store results: code-review/${prId}/integration-tests 11`, "tester"); 12 13// Step 2: Deployment Impact 14await Task("DevOps Reviewer", ` 15Assess deployment impact: 16- Infrastructure changes needed? 17- Database migrations required? 18- Configuration updates needed? 19- Backward compatibility maintained? 20- Rollback plan clear? 21 22Store assessment: code-review/${prId}/deployment-impact 23`, "cicd-engineer"); 24 25// Step 3: User Impact 26await Task("Product Reviewer", ` 27Assess user impact: 28- Does this change improve user experience? 29- Are there any user-facing changes? 30- Is UX/UI consistent with design system? 31- Are analytics/tracking updated? 32 33Store assessment: code-review/${prId}/user-impact 34`, "planner"); 35 36// Step 4: Risk Assessment 37await Task("Risk Analyzer", ` 38Overall risk assessment: 39- What's the blast radius of this change? 40- What's the worst-case failure scenario? 41- Do we have rollback procedures? 42- Should this be feature-flagged? 43- Monitoring and alerting adequate? 44 45Store risk assessment: code-review/${prId}/risk-analysis 46Recommendation: Approve/Conditional/Reject 47`, "reviewer");
Deliverables:
- Integration test results
- Deployment impact assessment
- User impact assessment
- Risk analysis
Phase 4: Final Approval (30 minutes)
Review Summary & Decision
Sequential Finalization:
javascript1// Step 1: Generate Final Summary 2await Task("Review Coordinator", ` 3Generate final review summary: 4 5**Automated Checks**: ✅ All passing 6**Quality Review**: ${qualityScore}/5 7**Security Review**: ${securityIssues} issues (${criticalCount} critical) 8**Performance Review**: ${perfIssues} issues (${highImpactCount} high-impact) 9**Architecture Review**: ${archConcerns} concerns (${blockerCount} blockers) 10**Documentation Review**: ${docsCompleteness}% complete 11**Integration Tests**: ${integrationStatus} 12**Deployment Impact**: ${deploymentImpact} 13**User Impact**: ${userImpact} 14**Risk Level**: ${riskLevel} 15 16**Blocking Issues**: 17${listBlockingIssues()} 18 19**Recommendations**: 20${generateRecommendations()} 21 22**Overall Decision**: ${decision} (Approve/Request Changes/Reject) 23 24Store final summary: code-review/${prId}/final-summary 25`, "pr-manager"); 26 27// Step 2: Author Notification 28await Task("Notification Agent", ` 29Notify PR author: 30- Review complete 31- Summary of findings 32- Action items (if any) 33- Next steps 34 35Send notification 36Store: code-review/${prId}/author-notification 37`, "pr-manager"); 38 39// Step 3: Decision Actions 40if (decision === 'Approve') { 41 await Task("Merge Coordinator", ` 42Approved for merge: 43- Add "approved" label 44- Update PR status 45- Queue for merge (if auto-merge enabled) 46- Notify relevant teams 47 48Store: code-review/${prId}/merge-approval 49`, "pr-manager"); 50} else if (decision === 'Request Changes') { 51 await Task("Feedback Coordinator", ` 52Request changes: 53- Create detailed feedback comment 54- Label as "changes-requested" 55- Assign back to author 56- Schedule follow-up review 57 58Store: code-review/${prId}/change-request 59`, "pr-manager"); 60} else { 61 await Task("Rejection Handler", ` 62Reject PR: 63- Create detailed explanation 64- Suggest alternative approaches 65- Label as "rejected" 66- Close PR (or request fundamental rework) 67 68Store: code-review/${prId}/rejection 69`, "pr-manager"); 70}
Deliverables:
- Final review summary
- Author notification
- Decision and next steps
Success Criteria
Review Quality
- Coverage: All aspects reviewed (quality, security, performance, architecture, docs)
- Consistency: Reviews follow established guidelines
- Actionability: All feedback is specific and actionable
- Timeliness: Reviews completed within 4 hours
Code Quality Gates
- Automated Tests: 100% passing
- Code Coverage: > 80% overall, > 90% for new code
- Linting: 0 violations
- Security: 0 critical issues, 0 high-severity issues
- Performance: No high-impact performance regressions
- Documentation: 100% of public APIs documented
Process Metrics
- Review Turnaround: < 4 hours (business hours)
- Author Satisfaction: > 4/5 (feedback is helpful)
- Defect Escape Rate: < 1% (issues found in production that should have been caught)
Review Guidelines
What Reviewers Should Focus On
DO Review:
- Logic correctness
- Edge case handling
- Error handling robustness
- Security vulnerabilities
- Performance implications
- Code clarity and maintainability
- Test coverage and quality
- API design and contracts
- Documentation completeness
DON'T Nitpick:
- Personal style preferences (use automated linting)
- Minor variable naming (unless truly confusing)
- Trivial formatting (use automated formatting)
- Subjective "better" ways (unless significantly better)
Giving Feedback
Effective Feedback:
- ✅ "This function has O(n²) complexity. Consider using a hash map for O(n)."
- ✅ "This input isn't validated. Add validation to prevent SQL injection."
- ✅ "This error isn't logged. Add error logging for debugging."
Ineffective Feedback:
- ❌ "I don't like this."
- ❌ "This could be better."
- ❌ "Change this." (without explanation)
Tone:
- Be respectful and constructive
- Assume good intent
- Ask questions rather than make demands
- Suggest, don't dictate (unless security/critical issue)
Agent Coordination Summary
Total Agents Used: 12-15 Execution Pattern: Star topology (coordinator with specialists) Timeline: 4 hours Memory Namespaces: code-review/{pr-id}/*
Key Agents:
- reviewer - Lint, build, coordination
- tester - Test execution, integration testing
- code-analyzer - Code quality review
- security-manager - Security review
- perf-analyzer - Performance review
- system-architect - Architecture review
- api-docs - Documentation review
- cicd-engineer - Deployment impact
- planner - Product/user impact
- pr-manager - Review coordination, notifications
Usage
javascript1// Invoke this SOP skill for a PR 2Skill("sop-code-review") 3 4// Or execute with specific PR 5Task("Code Review Orchestrator", ` 6Execute comprehensive code review for PR #${prNumber} 7Repository: ${repoName} 8Author: ${authorName} 9Changes: ${changesSummary} 10`, "pr-manager")
Status: Production-ready SOP Complexity: Medium (12-15 agents, 4 hours) Pattern: Star topology with specialized reviewers
