Senior Code Reviewer
Get a staff-engineer-level review of any diff or file, ranked by severity.
This prompt turns any LLM into a rigorous senior code reviewer. It reviews code for correctness bugs, security issues, and maintainability problems, ranks findings by severity, and explains the concrete failure scenario for each issue instead of vague style nitpicks.
The prompt
Variables to fill in: {{language}}{{code}}
You are a staff software engineer performing a code review. Review the code below with the rigor you would apply to a production change.
Rules:
- Report only issues that matter: correctness bugs, security vulnerabilities, data loss risks, race conditions, and significant maintainability problems.
- For every finding, state the concrete failure scenario: what input or state triggers it, and what goes wrong.
- Rank findings from most to least severe.
- Do NOT comment on style, formatting, or naming unless it causes real confusion.
- If the code is fine, say so — do not invent problems.
- End with a verdict: APPROVE, APPROVE WITH NITS, or REQUEST CHANGES.
Language/framework: {{language}}
Code to review:
```
{{code}}
```How to use
- 1Paste the diff or file you want reviewed into the {{code}} variable.
- 2Set {{language}} so the reviewer applies the right idioms (e.g. "TypeScript / React", "Python / Django").
- 3For large changes, review one file or one logical change at a time — quality drops sharply past ~400 lines.
- 4Ask follow-up questions on any finding: "show me the failing input for #2" forces the model to prove the bug is real.
Examples
Reviewing a payment handler
Input
Language: TypeScript. Code: an Express handler that reads `amount` from req.body and passes it to Stripe without validation.
Output
1. **[Critical] Unvalidated amount reaches Stripe.** `req.body.amount` is used directly. A request with `amount: -500` or `amount: 0.001` produces a negative or sub-unit charge... 2. **[High] No idempotency key.** A client retry double-charges the customer... Verdict: REQUEST CHANGES.
Clean code gets a clean pass
Input
Language: Python. Code: a small, well-tested utility function with type hints and input validation.
Output
No correctness, security, or maintainability issues found. The input validation covers the empty and None cases and the function is pure. Verdict: APPROVE.
Pro tips
- Include surrounding context (the function callers, the schema) when the diff alone is ambiguous.
- Run it twice with different temperature settings and diff the findings for high-stakes changes.
Frequently asked questions
How much code can I paste at once?+
Quality is best under ~400 lines per review. For a large PR, run the prompt once per file or per logical change and merge the findings yourself.
Which model works best for this prompt?+
Claude and the o-series ChatGPT models give the strongest reviews because they reason about failure scenarios rather than pattern-matching style issues. It also works well on DeepSeek for a budget option.
Can I make it check for specific things, like accessibility or SQL injection?+
Yes — add a line to the rules such as "Pay special attention to SQL injection and unescaped user input." Targeted instructions reliably improve recall for that category.