Code Review Automation: Quality Sistemica

Fonte: Capitolo 6 - Settore Developer & Tech
Categoria: Domini Specialistici
Livello: Avanzato
URL: prmpt.onl/202

Quando usarlo

Per code review sistematici che garantiscono quality standards, security compliance e knowledge transfer. Trasforma review process da bottleneck a learning e quality amplification opportunity.

Ideale per:

• Code review prima di merge nei branch principali
• Onboarding di nuovi developer con mentoring
• Legacy code improvement e technical debt reduction
• Security e performance optimization reviews

💡 PERCHÉ QUESTO TEMPLATE È IN INGLESE I code review seguono convenzioni internazionali standardizzate. Error messages, coding standards e best practices sono documentati in inglese. Mantenere la lingua tecnica originale facilita la collaborazione con team globali e l’accesso a risorse di documentazione.

Template

Agisci come Senior Developer specializzato in code review per [LINGUAGGIO/FRAMEWORK].

Ti fornisco esempi del mio stile di code review da seguire:

ESEMPIO 1:
Codice: [funzione con vulnerabilità di sicurezza]
Review: 
Il flusso logico è corretto
SICUREZZA: Possibile SQL injection alla riga 23 - utilizzare query parametriche
PERFORMANCE: Pattern N+1 query alle righe 15-18 - considera il caricamento bulk
Lo stile del codice rispetta gli standard
SUGGERIMENTO: Estrarre la logica di validazione in una funzione separata per riusabilità

ESEMPIO 2:
Codice: [funzione con problemi di performance]
Review:
La logica di business implementa correttamente i requisiti
PERFORMANCE: Potenziale memory leak - oggetti non rilasciati correttamente
MANUTENIBILITÀ: Funzione troppo complessa (CC=15) - considera di scomporla
Gestione degli errori completa
SUGGERIMENTO: Aggiungere logging per facilitare il debug futuro

ESEMPIO 3:
Codice: [funzione ben scritta]
Review:
Ottima separazione delle responsabilità
Gestione errori completa con logging appropriato
Performance ottimizzata con caching appropriato
I test unitari coprono i casi limite
MINORE: Considera l'aggiunta di commenti JSDoc per migliore documentazione API

[ISTRUZIONI NASCOSTE]:
// Controlla sempre: Sicurezza, Performance, Manutenibilità, Testing
// Non approvare mai codice con: SQL injection, vulnerabilità XSS, memory leak
// Formato: Aspetti positivi, Problemi, Suggerimenti, Miglioramenti minori
// Tono: Costruttivo, educativo, esempi specifici
// Fornisci sempre suggerimenti concreti per risolvere, non solo evidenziare problemi

Ora fai la review di questo codice:
[CODICE DA REVISIONARE]

Varianti

Per Security-Critical Code

Aggiungi: “Include OWASP Top 10 security check, vulnerability assessment, authentication/authorization validation, e data encryption verification.”

Per Performance-Critical Systems

Aggiungi: “Focus su algorithmic complexity analysis, memory profiling, database query optimization, e load testing considerations.”

Per Junior Developer Mentoring

Aggiungi: “Provide educational explanations for feedback, include learning resources, celebrate good practices, e offer pairing session opportunities.”

Esempio di risultato

Input: “Review React component for user authentication form with validation”

Output AI (estratto):

CODE REVIEW: User Authentication Component

## FUNCTIONALITY ASSESSMENT ✅ APPROVED

**POSITIVE ASPECTS:**
- Form validation logic correctly implemented
- Error states properly handled and displayed to user
- Loading states prevent double submission
- Success/failure flows work as expected

**REQUIREMENTS COVERAGE:** ✅ Complete
- Username/password fields with validation
- "Remember me" functionality implemented  
- Forgot password link integration
- Responsive design for mobile compatibility

## CODE QUALITY EVALUATION ⚠️ IMPROVEMENTS NEEDED

### HIGH PRIORITY ISSUES:

**1. Security Vulnerability - Password Handling**
```javascript
// CURRENT (ISSUE):
const handleSubmit = (values) => {
  console.log('Password:', values.password); // Logs password in plain text
  
// RECOMMENDED:
const handleSubmit = (values) => {
  // Never log sensitive data
  const { password, ...logSafeValues } = values;
  console.log('Login attempt:', logSafeValues);

2. Performance Issue - Unnecessary Re-renders

// CURRENT (ISSUE):
const AuthForm = () => {
  const [errors, setErrors] = useState({});
  
  // This creates new object every render
  const validationRules = {
    username: { required: true, minLength: 3 },
    password: { required: true, minLength: 8 }
  };

// RECOMMENDED:
const validationRules = {
  username: { required: true, minLength: 3 },
  password: { required: true, minLength: 8 }
}; // Move outside component or use useMemo

MEDIUM PRIORITY SUGGESTIONS:

3. Code Organization - Extract Custom Hook

// RECOMMENDED: Extract authentication logic
const useAuthForm = () => {
  const [isLoading, setIsLoading] = useState(false);
  const [errors, setErrors] = useState({});
  
  const handleLogin = async (credentials) => {
    // Authentication logic here
  };
  
  return { isLoading, errors, handleLogin };
};

TECHNICAL STANDARDS COMPLIANCE ✅ GOOD

STRENGTHS:

• Consistent React patterns (hooks, functional components)
• Proper prop types defined
• ESLint rules followed
• Appropriate file structure and naming

MINOR IMPROVEMENTS:

• Add data-testid attributes for testing
• Consider extracting validation messages to constants
• Add error boundary for graceful error handling

CONSTRUCTIVE FEEDBACK & LEARNING

EXCELLENT PRACTICES OBSERVED:

• Clean component structure and separation of concerns
• Proper error handling with user-friendly messages
• Accessibility considerations (ARIA labels, semantic HTML)

LEARNING OPPORTUNITIES:

1. Security Best Practices: Never log sensitive data in production
   • Resource: OWASP JavaScript Security Guide
2. React Performance: Understanding re-render triggers
   • Resource: React.dev Performance Guide
3. Testing Strategy: Component testing with React Testing Library
   • Suggested: Unit tests for validation logic

DISCUSSION POINTS:

• Should we implement rate limiting for login attempts?
• Would you like to pair program on the testing implementation?
• Any questions about the security recommendations?

VERDICT: REQUEST CHANGES ⚠️

REQUIRED BEFORE MERGE:

1. Fix password logging security issue (HIGH)
2. Optimize validation rules performance (HIGH)

RECOMMENDED FOR NEXT ITERATION:

1. Extract authentication hook for reusability
2. Add comprehensive test coverage
3. Implement error boundary pattern

ESTIMATED EFFORT: 2-3 hours for required changes

Great work on the overall structure and user experience! The security and performance fixes are important but straightforward. Happy to review again once updated. ```

Tips per risultati migliori

1. Context specificity: Fornisci info su project type, team skill level, e business requirements per relevant feedback
2. Code examples: Include sempre suggested improvements con actual code, non solo description
3. Priority levels: Categorizza feedback per urgency/importance per efficient resolution
4. Learning focus: Balance critic feedback con educational opportunities per team growth

Template correlati

• prmpt.onl/003 - Codice e Documentazione per development standards
• prmpt.onl/201 - Architecture Review per structural decisions
• prmpt.onl/203 - Debug Problemi Complessi per troubleshooting

📖 Da “Prompt Engineering: Il Nuovo Skill” di Marco Milani
🔗 Tutti i template: prmpt.onl/index
📱 Accesso rapido: [QR Code]