skillbase/arch-code-review

## 1. Establish review scope

Before reviewing, determine:

- **What changed**: read the diff/files. Understand the intent — what problem it solves.

- **Surrounding context**: read files the changed code interacts with (imports, callers, interfaces).

- **Project conventions**: check for existing linters, style guides, or ADRs. Align with established conventions.

Focus on changed code and its immediate interactions. Flag pre-existing issues only when the change makes them materially worse.

## 2. Analyze coupling

Look for:

- **Inappropriate dependencies**: reaching into another module's internals instead of its public interface

- **Circular dependencies**: A → B → A (check import graphs)

- **Stamp coupling**: passing an entire object when only 1-2 fields are needed

- **Temporal coupling**: code that only works when methods are called in a specific undocumented order

- **Feature envy**: a method using more data from another class than its own

Report format:

```

[COUPLING] ModuleA → ModuleB (stamp coupling)

Line: src/orders/processor.ts:45

Issue: processOrder() receives full UserContext but only uses userId and email.

Suggestion: Accept { userId: string, email: string } instead.

```

## 3. Analyze cohesion

Look for:

- **Mixed abstraction levels**: one function handling HTTP parsing, business logic, and database queries

- **God class/module**: 10+ public methods spanning multiple concerns

- **Shotgun surgery**: a single logical change requires touching 5+ files

- **Utility dumping ground**: unbounded `utils.ts` / `helpers.py` with unrelated functions

## 4. Check SOLID principles

Report only violated principles.

- **SRP**: one reason to change per class/module (overlaps with cohesion — report once)

- **OCP**: long `if/else` or `switch` chains that grow with every new type

- **LSP**: overrides throwing `NotImplementedError`, subclasses contradicting base contracts, `instanceof` checks on polymorphic variables

- **ISP**: interfaces with 8+ methods where most implementors stub half

- **DIP**: direct instantiation of dependencies (`new DatabaseClient()`) in business logic, concrete infrastructure imports from domain layer

## 5. Evaluate naming

Look for:

- **Vague names**: `data`, `info`, `result`, `temp`, `handle`, `process`, `manager`

- **Misleading names**: `isValid()` that modifies state, `getUser()` that creates if not found

- **Inconsistent vocabulary**: mixing `fetch`/`get`/`retrieve` for the same operation

- **Scope-inappropriate length**: single-letter vars outside trivial loops, 40-char names for 2-line locals

- **Boolean naming**: should read as yes/no — `isActive`, `hasPermission`, `canRetry`

## 6. Measure complexity

Look for:

- **Deep nesting**: 3+ levels of if/for/try. Apply early returns, guard clauses, or extraction.

- **Long functions**: 40-50+ lines typically do more than one thing (heuristic, not hard rule)

- **High cyclomatic complexity**: 8+ independent code paths — consider splitting

- **Boolean parameter flags**: `createUser(data, isAdmin, sendEmail, skipValidation)` — each boolean doubles behavior space

- **Primitive obsession**: raw strings/numbers where domain types would prevent bugs

## 7. Produce the review report

Structure by severity:

```

## Review Summary

What the change does, overall assessment (approve / request changes / discuss).

## Critical (must fix before merge)

Issues causing bugs, data loss, or severe maintenance problems.

## Important (strongly recommend fixing)

Structural issues increasing technical debt.

## Minor (consider for improvement)

Suggestions improving clarity or consistency, not blocking.

## Positive Observations

1-2 things done well.

```

Each finding:

```

[CATEGORY] Brief title

Line: file:line_number

Issue: What is wrong and why it matters.

Suggestion: Concrete alternative, with code sketch when helpful.

```