Prompts for reviewing code
Prompts for getting senior-engineer-level code reviews on diffs and pull requests.
Code review is the kind of careful, repetitive scrutiny that AI is genuinely good at, especially on the parts humans skim when they're tired. Drop a diff or a pull request into the Perform a Thorough Code Review on a Pull Request prompt and you get senior-engineer-style feedback that's categorized and references specific files, so it reads like a real review rather than a vague "looks good." It's a fast second pair of eyes before a teammate spends theirs.
This collection treats review as a cluster of related checks. The Run a Security Review on Code prompt aligns findings to OWASP with severity ratings, the Audit Code for Performance Bottlenecks and Optimize a Slow Function prompts surface hot paths with explicit tradeoffs, and the Generate Unit Tests prompts let you probe coverage gaps the diff quietly introduced. The Refactor Code for Readability prompt and the Write a Clear Git Commit Message prompt round out the loop. AI's biggest value here is catching the boring-but-costly stuff: an unhandled error path, an off-by-one, a missing test for the branch you just added.
What makes a good prompt for reviewing code
A good code-review prompt gives the model context it can't infer from the diff alone: the language and framework, what the change is supposed to do, and what you specifically want scrutinized, whether that's security, performance, or readability. Asking it to categorize findings and rate severity stops it from burying a real bug under five style nitpicks.
The other half is grounding. Provide enough surrounding code that the model isn't guessing about types or call sites, and ask it to flag assumptions it's making. A review that says "if `userId` can be null here, this throws" is far more useful than one that confidently asserts a bug that doesn't exist in code it never saw.
Get sharper results
- 01Tell the model what the change is meant to accomplish before pasting the diff, so it reviews against intent rather than guessing the purpose from syntax.
- 02Ask explicitly for severity-ranked findings (blocking, should-fix, nit) so you can triage instead of treating every comment as equally urgent.
- 03Run the security and performance prompts as separate passes rather than one mega-review, since a focused prompt catches more than a kitchen-sink one.
- 04Have it propose unit tests for any branch it flags as risky, turning a review comment into a concrete regression guard you can actually commit.
Common questions
Can AI replace a human reviewer on my team?
No, and it shouldn't try to. It's excellent at catching mechanical issues, missing edge cases, and inconsistent patterns, which frees your human reviewers to focus on architecture, intent, and tradeoffs the model can't judge. Treat it as the first pass that makes the human pass faster.
Why does the AI flag bugs that aren't actually there?
Usually because it can't see the full context, like a validation that happens upstream or a type guarantee from a function you didn't paste. Give it more surrounding code and ask it to state its assumptions, then dismiss findings that rest on context it was missing.
How much code can I review at once?
Smaller is better. A focused diff or a single file gets sharper, more reliable feedback than dumping an entire pull request. For large changes, break the review into logical chunks and review each against its specific purpose.
Perform a Thorough Code Review on a Pull Request
Get a senior-engineer-style code review with categorized, file-referenced feedback.
Refactor Code for Readability and Maintainability
Refactor any code for readability and maintainability without changing its behavior.
Generate Unit Tests for a Function
Generate comprehensive unit tests with happy path, edge cases, and failure modes.
Write a Clear Git Commit Message
Generate a Conventional Commits-compliant git commit message with context and rationale.
Audit Code for Performance Bottlenecks
Identify performance bottlenecks in code and get ranked, impact-focused optimization suggestions.
Run a Security Review on Code
Get an OWASP-aligned security review with severity ratings and remediation snippets.
Design a Clean REST API for a New Resource
Get a complete REST endpoint design with shapes, errors, and idempotency notes.
Write Unit Tests for an Existing Function
Generate a thorough unit test suite covering happy path, branches, edges, and errors.
Optimize a Slow Function With Specific Tradeoffs
Get a ranked list of optimizations with complexity analysis and explicit tradeoffs.
Refactor a long, tangled function into smaller, testable units
Breaks an overgrown function into smaller, single-responsibility units while preserving behavior and the public signature.
Turn a diff into a clear, reviewer-friendly PR description
Converts a diff and context into a structured, reviewer-friendly pull request description and title.