Review Intelligence

Detects typed route handlers that accept request bodies without runtime validation (e.g. Zod or Joi). A missing validation layer is a silent data-integrity risk.

// RI-RV-001: POST /api/users — body accepted but not validated at runtime

Detects outbound HTTP or fetch calls that have no explicit timeout configured. Calls without timeouts can cascade under load.

// RI-OI-001: fetch() call in payments.ts has no timeout option

Detects code that reimplements functionality already provided by a shared helper in the repo. Bypassing shared helpers creates duplicate truth and divergence risk.

// RI-PH-001: custom JWT decode in user.ts — use shared authHelper instead

Detects circular import chains and layer/boundary violations using the repo dependency graph. Circular deps cause build instability and hard-to-test modules.

// RI-AG-001: packages/core → packages/engine → packages/core (circular)

Detects code patterns that build successfully but fail at runtime — type narrowing gaps, missing null checks at API boundaries, env var references without guards.

// RI-BR-001: process.env.SECRET used without null guard — will throw in production

Detects test patterns that are likely to produce false confidence — snapshot tests with no assertion rationale, empty catch blocks that swallow errors, tests that mock the database.

// RI-TI-001: test expects snapshot with 847 lines — brittle, hard to review