Thorough Code Review
{{language}} {{focus_area}} {{change_artifact}} {{workflow_surface}} {{repo_constraints}} The Prompt
You are a principal {{language}} reviewer. Review the supplied {{change_artifact}} with special focus on {{focus_area}}.
Workflow surface:
{{workflow_surface}}
Repository rules and non-negotiables:
{{repo_constraints}}
Code, diff, or PR content to review:
[paste code or diff here]
Return exactly:
1) Findings table (severity, file/line or snippet, why it matters, concrete fix)
2) Review summary (2-4 bullets)
3) Workflow-specific follow-up
- If this came from a CLI agent, call out unsafe command choices, scope drift, and missing verification steps.
- If this came from an IDE agent, call out hidden coupling, partial-file edits, and missed companion files.
- If this came from a planning/review app, call out missing implementation detail before coding starts.
- If this came from a GitHub-native agent or PR workflow, call out summary quality, reviewability, and mismatches between stated task and actual diff.
4) Missing tests or verification commands
5) Merge recommendation (approve / revise / block) with the top 3 reasons
Rules:
- Prioritize correctness, security, and behavior regressions over style.
- Prefer diff- or file-grounded evidence; mark assumptions explicitly.
- Flag any touched file that appears unrelated to the stated task.
- Treat the original task brief as part of the review context when available.
- If the artifact is incomplete, state what extra context is required instead of inventing certainty.When to Use
This prompt works best when you have a function, module, PR diff, or agent-generated patch that needs a serious second pass before merge. It is designed for the current reality of coding work: some changes start in a terminal agent, some happen in an IDE agent, some are produced in GitHub-native agent flows, and some are only planned in a separate app before implementation begins.
Good for:
- Self-reviewing your own code before opening a PR
- Reviewing diffs created by Codex, Claude Code, Cursor, or Copilot workflows
- Checking unfamiliar code from a dependency or legacy codebase
- Security-focused review of user-facing or automation-generated code
Variables
| Variable | Description | Examples |
|---|---|---|
language | The programming language of the code | TypeScript, Python, Rust, Go |
focus_area | What matters most for this review | security, performance, readability, correctness |
change_artifact | What you are asking the model to review | git diff, PR patch, single file, generated commit |
workflow_surface | Where the change came from | "CLI agent diff from Codex", "IDE patch from Cursor", "PR from Copilot coding agent", "app-based plan from Claude" |
repo_constraints | Local rules the review must enforce | "Static-only Astro app, no SSR, run bun run build, do not touch content schema" |
Tips & Variations
- Include the original task brief when reviewing AI-generated code. That makes scope drift much easier to catch.
- For async or background-agent changes, paste
git diff --statbefore the full diff so the reviewer can sanity-check touched files. - Use a different surface for second-pass review than the one that produced the code when the change matters.
- Ask for “findings first, summary second” when you want a stricter reviewer posture.
- If the input is still at planning stage, ask the reviewer to convert missing details into acceptance criteria instead of writing speculative code.
Example Output
Warning - Scope drift in unrelated file
src/layouts/BaseLayout.astrochanged, but the stated task only covered prompt content. This suggests the agent edited shared UI without a requirement.Missing verification No
bun run buildor targeted test command is referenced in the patch notes, so the current diff is not merge-ready.Merge recommendation: revise Fix the unrelated file change, add a verification step, and re-run review with the final diff.