AI Code Review Checklist
How to review AI-generated code before shipping. Catch bugs before users do.
review quality checklist
AI writes fast. You verify it’s correct. Never ship without reviewing.
The process:
- 30-Second Scan — Quick pass/fail
- Deep Review — Logic, edge cases, security
- Ship Checklist — Final gate
Bookmark this page. Use it every time.
The 30-Second Scan
Before reading details, answer:
□ Does this look like what I asked for?
□ Is the structure reasonable?
□ Any obvious red flags? (hardcoded secrets, huge functions)If any fail, regenerate before reviewing closely.
The Deep Review
1. Logic Check
□ Does the main logic make sense?
□ Are conditions correct? (>, <, >=, <=, ==, ===)
□ Are loops bounded? (no infinite loops)
□ Is the control flow clear?2. Edge Cases
□ What happens with null/undefined input?
□ What happens with empty arrays/objects?
□ What happens with very large inputs?
□ What happens with invalid types?3. Error Handling
□ Are errors caught appropriately?
□ Are error messages helpful?
□ Are errors logged (not swallowed)?
□ Does it fail gracefully?4. Security
□ No hardcoded secrets/keys?
□ User input validated/sanitized?
□ No SQL injection risk?
□ No XSS risk?
□ Auth checks in place?5. Performance
□ No unnecessary loops?
□ No N+1 queries?
□ Appropriate data structures?
□ Caching where needed?Review Prompts
After reviewing, ask AI to fix issues:
For missing error handling:
Add error handling to this function.
Handle: null input, network failures, invalid data.
Return user-friendly error messages.For security issues:
Review this code for security:
- Input validation
- Authentication checks
- Data sanitization
Check against OWASP top 10.For performance:
This code runs in a loop processing [X] items.
Identify performance bottlenecks.
Suggest optimizations.Red Flags
Stop and investigate if you see:
| Red Flag | Why It’s Bad |
|---|---|
// TODO comments | Incomplete code |
any type (TypeScript) | No type safety |
eval() or Function() | Security risk |
| Hardcoded URLs/keys | Should be env vars |
| No error handling | Will crash in prod |
| Very long functions | Hard to test/maintain |
| Deep nesting | Hard to understand |
| Magic numbers | Unclear intent |
Quick Review Commands
Ask AI to self-review:
Review this code for:
1. Bugs
2. Security issues
3. Performance problems
4. Missing edge cases
Be specific. Don't say "looks good" unless it's perfect.Or:
What could go wrong with this code in production?
Think like a pessimist.The Ship Checklist
Before deploying:
□ Code does what I asked
□ Edge cases handled
□ Errors handled gracefully
□ No security issues
□ Tests pass (if applicable)
□ I understand what it doesIf any box is unchecked, don’t ship.
🎯 Review Code Right Now
- Open AI-generated code you’re about to ship
- Run the 30-Second Scan above
- If it passes, do the Deep Review
- Use the Ship Checklist before deploying
Every review makes you faster at spotting issues. Start now.
Related Resources
Guides:
- Testing AI Code — Write tests before shipping
- Debugging with AI — Fix issues you find
- Shipping Fast — Ship with confidence
Cheatsheets:
- AI Debugging Checklist — When reviews find bugs
- Common Errors — Quick fixes
Blog:
- When AI Gets It Wrong — Learning from mistakes
- 7 Mistakes to Avoid — Including review mistakes
✓ Copied to clipboard!