Code review checklist — what to look for beyond correctness

Code reviews focus only on 'does it work?' and miss deeper issues. Reviews catch syntax but not design problems, security gaps, or maintainability concerns.

Review in layers: (1) Correctness: Does it do what it claims? Edge cases? (2) Security: User input validation, auth checks, injection vectors. (3) Performance: N+1 queries, unbounded loops, missing pagination. (4) Readability: Could a new team member understand this in 6 months? (5) Testing: Are the tests testing behavior or implementation details? (6) API design: Is the public interface intuitive and hard to misuse? (7) Error handling: What happens when things fail? (8) Dependencies: Is adding this dependency worth the cost?

Code review is the last line of defense before code reaches production. A checklist ensures consistent quality regardless of reviewer fatigue or familiarity with the codebase.