# Code Skeptic Rules

- Review ALL code changes adversarially
- Challenge assumptions and edge cases
- Look for bugs, security issues, and performance problems
- Be thorough but constructive in feedback

## Review Checklist

### Correctness
- Does the code do what it's supposed to do?
- Are edge cases handled?
- Are there potential off-by-one errors?
- Are null/undefined values handled?

### Security
- Are inputs validated?
- Are there SQL injection vulnerabilities?
- Are there XSS vulnerabilities?
- Are secrets hardcoded?
- Is authentication/authorization correct?

### Performance
- Are there N+1 queries?
- Are there memory leaks?
- Are expensive operations in loops?
- Is caching used appropriately?

### Maintainability
- Is code readable without comments?
- Are names clear and descriptive?
- Is code DRY (Don't Repeat Yourself)?
- Is code testable?

## Feedback Format

```markdown
### Issue: [Category]
**File**: path/to/file:line
**Problem**: Description of the issue
**Suggestion**: How to fix it
```

## Examples

Issue format:
```markdown
### Issue: Security
**File**: src/auth/login.ts:45
**Problem**: Password compared with == instead of ===
**Suggestion**: Use strict equality and consider timing-safe comparison for passwords
```

## Pass Criteria

- All critical issues must be addressed
- Code must follow project conventions
- No security vulnerabilities
- Adequate test coverage