code-review-methodologylisted

# Code Review Methodology Domain skill for structured, multi-faceted code review. ## Iron Law **FIRST VERIFY IT WORKS, THEN VERIFY IT'S GOOD. Never review code quality on code that doesn't function correctly.** Spec compliance is Stage 1. Code quality is Stage 2. Reviewing style on broken logic is wasted effort. ## Two-Stage Review **Stage 1 — Spec Compliance**: Does the code do what the issue/acceptance criteria require? Map each criterion to implementation evidence. If Stage 1 fails, stop — no point reviewing quality on code that doesn't meet requirements. **Stage 2 — Code Quality** (in priority order): 1. **Security** — vulnerabilities, auth bypass, injection, secrets 2. **Correctness** — logic errors, race conditions, edge cases 3. **Performance** — O(n^2) in hot paths, unnecessary allocations, N+1 queries 4. **Maintainability** — readability, naming, structure (lowest priority) Do NOT flag maintainability issues if security or correctness issues exist. Fix the important things first. ## 6-Facet Review Every review evaluates these facets (parallelizable): | Facet | Focus | Agent / Skill | |-------|-------|---------------| | **Security** | OWASP top 10, secrets, auth/authz, input validation | security-reviewer | | **Quality** | Logic correctness, edge cases | code-reviewer | | **Conventions** | Commit format, branch naming, PR structure, patterns | convention-checker | | **Tests** | Coverage, quality commands pass, test quality | test-runner | | **Error handling