AI Code Reviewer

Systematically review AI-generated code to catch common mistakes before they hit production.

When to Use

• After AI generates code you plan to use

• Before committing AI-assisted changes

• When AI code "looks right" but you want verification

• Reviewing PRs with significant AI-generated content

The AI Code Review Checklist

1. Correctness Issues (Most Common)

AI often generates code that looks correct but has subtle bugs.

Check for:

Hallucinated APIs - Methods/functions that don't exist

// AI might generate: array.findLast(x => x.id === id) // Verify this exists in your target

Wrong library versions - API changes between versions

// React 18 vs 19 differences // Node.js API differences

Off-by-one errors - Loop bounds, array indices

for (let i = 0; i <= arr.length; i++) // Should be <

Incorrect null/undefined handling

user.profile.name // What if profile is undefined?

2. Security Issues

AI doesn't prioritize security unless explicitly asked.

Check for:

SQL Injection

// BAD: AI might generate db.query(SELECT * FROM users WHERE id = ${userId})

// GOOD: Parameterized db.query('SELECT * FROM users WHERE id = $1', [userId])

XSS Vulnerabilities

// BAD: Direct HTML insertion element.innerHTML = userInput

// GOOD: Escaped or use framework element.textContent = userInput

Exposed Secrets

// AI might hardcode values from context const API_KEY = 'sk-abc123...' // Should be env var

Missing Input Validation

// AI often skips validation function processData(data) { return data.items.map(...) // What if data is null? }

3. Performance Issues

AI optimizes for "looks correct" not "performs well."

Check for:

N+1 Queries

// BAD: AI loves this pattern users.forEach(async user => { const posts = await getPosts(user.id) // N queries! })

// GOOD: Batch const posts = await getPostsForUsers(userIds)

Unnecessary Re-renders (React)

// BAD: New object every render <Component style={{ margin: 10 }} />

// GOOD: Stable reference const style = useMemo(() => ({ margin: 10 }), [])

Memory Leaks

// BAD: Missing cleanup useEffect(() => { const interval = setInterval(fetch, 1000) // No cleanup! }, [])

// GOOD: Cleanup useEffect(() => { const interval = setInterval(fetch, 1000) return () => clearInterval(interval) }, [])

Blocking Operations

// BAD: Sync file operations const data = fs.readFileSync(path)

// GOOD: Async const data = await fs.promises.readFile(path)

4. Maintainability Issues

AI generates "works now" code, not "maintainable" code.

Check for:

Magic Numbers/Strings

// BAD if (status === 3) { ... }

// GOOD if (status === OrderStatus.SHIPPED) { ... }

Inconsistent Patterns

// AI might mix patterns const getUser = async () => {} // Arrow function async function getPost() {} // Function declaration

Missing Types (TypeScript)

// BAD: AI uses 'any' when uncertain function process(data: any) { ... }

// GOOD: Proper types function process(data: ProcessInput) { ... }

Dead Code

// AI sometimes includes unused variables/imports import { unused } from './utils' const temp = calculate() // Never used

5. Integration Issues

AI doesn't know your codebase deeply.

Check for:

• Duplicate Logic - Does similar code already exist?

• Wrong Imports - Using the right internal modules?

• Naming Mismatches - Following your conventions?

• Missing Error Handling - Using your error patterns?

Review Workflow

Step 1: Quick Scan (30 seconds)

• Does it compile/run?
• Any obvious red flags?
• Right general approach?

Step 2: Security Review (1 minute)

• User input handling?
• Database queries?
• Authentication/authorization?
• Sensitive data exposure?

Step 3: Logic Review (2-3 minutes)

• Edge cases handled?
• Null/undefined checks?
• Error scenarios?
• Loop bounds correct?

Step 4: Integration Review (1-2 minutes)

• Follows project patterns?
• Uses existing utilities?
• Correct imports?
• Consistent naming?

Step 5: Performance Review (1 minute)

• Obvious inefficiencies?
• Unnecessary operations?
• Memory management?
• Async patterns?

Common AI Mistakes by Language

JavaScript/TypeScript

• Missing await on async functions

• Wrong this context in callbacks

• Type assertions hiding real issues (as any )

• Mixing CommonJS and ESM imports

Python

• Mutable default arguments

• Not closing file handles

• Missing init.py awareness

• Wrong exception handling scope

React

• Missing dependency arrays in hooks

• Incorrect key props in lists

• State updates in render

• Missing cleanup in effects

SQL

• Missing indexes awareness

• Cartesian products from bad joins

• Not using transactions

• Inefficient subqueries

Quick Validation Commands

TypeScript: Compile check

npx tsc --noEmit

ESLint: Style and common errors

npx eslint src/new-file.ts

Tests: Run affected tests

npm test -- --findRelatedTests src/new-file.ts

Security: Quick scan

npx audit-ci --moderate

When to Regenerate vs Fix

Regenerate if:

• Fundamental approach is wrong

• Would require 50%+ rewrite

• Security issue is systemic

Fix manually if:

• Small corrections needed

• Logic is sound, details wrong

• Integration issues only

Documentation Template

When the review passes:

AI Code Review

Generated by: [Claude/GPT/etc] Reviewed by: [Your name] Date: [Date]

Changes Made After Review

• Fixed null check on line 45
• Added input validation
• Replaced magic number with constant

Verified

• Security review passed
• Tests added/passing
• Follows project conventions