DeepSeek Code Review Checklist & Framework Builder Prompt
Build a comprehensive code review checklist and framework for your team — covering correctness, security, performance, and maintainability.
Category
💻 Coding
Difficulty
Intermediate
Models
3
Last Updated
2026-06-29
Works with
📄 Example output
⚠️ Common Mistakes
❓ FAQ
⚙️ Fill in your variables
📋 Prompt
You are a senior software engineer and engineering manager who has built code review cultures at 5+ engineering teams.
Stack: [languages and frameworks your team uses]
Team size: [number of engineers]
Current review process: [no formal process / informal / structured]
Biggest code quality problem: [bugs in production / slow reviews / inconsistent style / security issues / other]
PR size typical: [small under 200 lines / medium 200-500 lines / large over 500 lines]
Task:
1. REVIEW CHECKLIST: Category-by-category checklist with specific questions for each
2. PRIORITY TIERS: Which issues are blockers, which are suggestions, which are optional
3. REVIEW TIME BUDGET: How long each PR size should take and how to stay within it
4. AUTHOR CHECKLIST: What the PR author should self-review before requesting review
5. COMMENTING GUIDELINES: How to give constructive feedback that improves code and relationships
6. TEAM NORMS: 5 review agreements every team should make explicit
7. AUTOMATION FIRST: What to automate so reviewers focus on what only humans can review
Stack: [languages and frameworks your team uses]
Team size: [number of engineers]
Current review process: [no formal process / informal / structured]
Biggest code quality problem: [bugs in production / slow reviews / inconsistent style / security issues / other]
PR size typical: [small under 200 lines / medium 200-500 lines / large over 500 lines]
Task:
1. REVIEW CHECKLIST: Category-by-category checklist with specific questions for each
2. PRIORITY TIERS: Which issues are blockers, which are suggestions, which are optional
3. REVIEW TIME BUDGET: How long each PR size should take and how to stay within it
4. AUTHOR CHECKLIST: What the PR author should self-review before requesting review
5. COMMENTING GUIDELINES: How to give constructive feedback that improves code and relationships
6. TEAM NORMS: 5 review agreements every team should make explicit
7. AUTOMATION FIRST: What to automate so reviewers focus on what only humans can review
CODE REVIEW FRAMEWORK: Python/FastAPI + React/TypeScript
AUTHOR CHECKLIST (before requesting review):
□ PR does one thing — if it does more than one thing, split it
□ Self-reviewed the diff line by line
□ All tests pass locally
□ Added tests for new behaviour
□ No debug code or commented-out blocks left in
□ PR description explains WHY not just WHAT
REVIEWER CHECKLIST:
BLOCKERS (must fix before merge):
□ Does the code do what the PR description says it does?
□ Are there obvious bugs — null checks, boundary conditions, edge cases?
□ Any security issues — SQL injection, unsanitised input, exposed secrets, improper auth?
□ Does this break any existing tests?
□ Is any sensitive data logged or exposed?
IMPORTANT (should fix, but discuss):
□ Is the logic easy to understand — could someone new to this area follow it?
□ Are functions and variables named clearly and consistently?
□ Is there appropriate error handling — HTTP errors, validation, timeouts?
□ Are there missing tests for important code paths?
□ Does this introduce any performance issues — N+1 queries, missing indexes, blocking calls?
SUGGESTIONS (nice to have):
□ Code style preferences that differ from standards but are not wrong
□ Alternative approaches worth considering
□ Documentation that could help future readers
COMMENTING GUIDELINES:
Prefix comments by type:
nit: minor style preference, take it or leave it
question: I am confused about this, can you help me understand
blocker: this needs to change before merge, here is why
suggestion: an alternative to consider, not a requirement
REVIEW TIME BUDGET:
Small PR under 200 lines: 15-20 minutes
Medium PR 200-500 lines: 30-45 minutes
Large PR over 500 lines: ask for it to be split; if unavoidable, schedule a dedicated review session
AUTOMATION FIRST:
Lint and formatting: ruff + black for Python, ESLint + Prettier for TypeScript — automated, never a review comment
Type checking: mypy and TypeScript strict mode — automated
Security scanning: Bandit for Python, npm audit for JS — automated
Test coverage: enforce minimum threshold in CI — automated
Humans review: logic, architecture, naming, business correctness, security edge cases that scanners miss
AUTHOR CHECKLIST (before requesting review):
□ PR does one thing — if it does more than one thing, split it
□ Self-reviewed the diff line by line
□ All tests pass locally
□ Added tests for new behaviour
□ No debug code or commented-out blocks left in
□ PR description explains WHY not just WHAT
REVIEWER CHECKLIST:
BLOCKERS (must fix before merge):
□ Does the code do what the PR description says it does?
□ Are there obvious bugs — null checks, boundary conditions, edge cases?
□ Any security issues — SQL injection, unsanitised input, exposed secrets, improper auth?
□ Does this break any existing tests?
□ Is any sensitive data logged or exposed?
IMPORTANT (should fix, but discuss):
□ Is the logic easy to understand — could someone new to this area follow it?
□ Are functions and variables named clearly and consistently?
□ Is there appropriate error handling — HTTP errors, validation, timeouts?
□ Are there missing tests for important code paths?
□ Does this introduce any performance issues — N+1 queries, missing indexes, blocking calls?
SUGGESTIONS (nice to have):
□ Code style preferences that differ from standards but are not wrong
□ Alternative approaches worth considering
□ Documentation that could help future readers
COMMENTING GUIDELINES:
Prefix comments by type:
nit: minor style preference, take it or leave it
question: I am confused about this, can you help me understand
blocker: this needs to change before merge, here is why
suggestion: an alternative to consider, not a requirement
REVIEW TIME BUDGET:
Small PR under 200 lines: 15-20 minutes
Medium PR 200-500 lines: 30-45 minutes
Large PR over 500 lines: ask for it to be split; if unavoidable, schedule a dedicated review session
AUTOMATION FIRST:
Lint and formatting: ruff + black for Python, ESLint + Prettier for TypeScript — automated, never a review comment
Type checking: mypy and TypeScript strict mode — automated
Security scanning: Bandit for Python, npm audit for JS — automated
Test coverage: enforce minimum threshold in CI — automated
Humans review: logic, architecture, naming, business correctness, security edge cases that scanners miss
🏆
💡 Pro Tips
Best model for this prompt
Claude
Claude (Opus 4 / Sonnet 4)
The best code review culture has a norm that any comment can be marked nit — meaning the reviewer has a preference but will not block the merge over it
Small PRs are reviewed faster and more carefully — establish a soft maximum of 400 lines and encourage engineers to split larger changes
Review the tests first — they tell you what the author thought the code should do, which makes reviewing the implementation much easier
Nit comments should never block a PR; reserve blocking comments for actual correctness, security, and clarity issues
Reviewing style and formatting that should be caught by automated linting — this wastes reviewer time and creates friction
Blocking PRs on subjective preferences without explanation — distinguish your opinion from a genuine issue
Reviews that only say LGTM with no substantive feedback — these provide no learning opportunity for the author
No author self-review — most review time is spent catching issues the author would have caught with a 5-minute self-review
- How many reviewers should a PR require?1 required reviewer is standard for most teams. 2 for changes to core infrastructure, security-sensitive code, or database migrations. More than 2 creates diffusion of responsibility — nobody feels fully responsible for catching issues.
- How long should a code review take?Research by SmartBear found reviewers who spend more than 60 minutes on a review find significantly fewer defects — attention degrades. Aim for 30-45 minutes for a medium PR. If it takes longer, the PR is probably too large.
- What should never be a code review comment?Automated linting and formatting issues — these should be caught by CI before review. Personal style preferences marked as blockers without explanation. Comments that are vague without a suggested fix.
- Best model for code review frameworks?Claude produces the most technically accurate and practically structured review frameworks — it understands the distinction between blocker and nit levels and produces specific, actionable checklist items rather than generic principles.