Code Review

Let MyDeskBot act as your code reviewer, catching bugs, suggesting improvements, and ensuring code quality.

Overview

MyDeskBot's code review feature analyzes your code changes and provides comprehensive feedback on potential issues, best practices violations, security concerns, and opportunities for improvement.

Code Review Capabilities

1. Bug Detection

Find potential bugs before they reach production:

// MyDeskBot detects:
const users = getUserList();
for (let i = 0; i <= users.length; i++) {
  // Bug: ArrayIndexOutOfBounds when i == users.length
  console.log(users[i]);
}

// Suggestion: Change to
for (let i = 0; i < users.length; i++) {
  console.log(users[i]);
}

Common bugs detected:

• Off-by-one errors
• Null/undefined reference errors
• Type mismatches
• Unhandled exceptions
• Race conditions
• Memory leaks

2. Code Quality Issues

Identify quality problems:

# MyDeskBot flags:
def get_data(id):
    # Issue: Function name doesn't follow snake_case
    # Issue: No type hints
    # Issue: No docstring
    # Issue: No error handling
    d = requests.get(f'/api/data/{id}')
    return d.json()

# Suggestions:
def get_data(data_id: int) -> dict:
    """Retrieve data by ID.

    Args:
        data_id: The unique identifier for the data

    Returns:
        The data as a dictionary

    Raises:
        DataFetchError: If data cannot be retrieved
    """
    try:
        response = requests.get(f'/api/data/{data_id}')
        response.raise_for_status()
        return response.json()
    except requests.RequestException as e:
        raise DataFetchError(f"Failed to fetch data: {e}")

3. Security Vulnerabilities

Find security issues:

// MyDeskBot detects SQL injection risk:
const query = `SELECT * FROM users WHERE id = ${userId}`;
db.execute(query);

// Suggestion: Use parameterized queries
const query = "SELECT * FROM users WHERE id = ?";
db.execute(query, [userId]);

Security issues detected:

• SQL injection
• XSS vulnerabilities
• Insecure random number generation
• Weak password handling
• Missing input validation
• Timing attacks
• Hardcoded secrets

4. Performance Issues

Identify performance bottlenecks:

# MyDeskBot flags O(n²) complexity:
def find_duplicates(items):
    duplicates = []
    for i, item in enumerate(items):
        for j in range(i + 1, len(items)):
            if items[j] == item:
                duplicates.append(item)
    return duplicates

# Suggestion: Use O(n) approach
def find_duplicates(items):
    seen = set()
    duplicates = []
    for item in items:
        if item in seen:
            duplicates.append(item)
        else:
            seen.add(item)
    return duplicates

Performance issues detected:

• Inefficient algorithms
• Unnecessary database queries (N+1 problem)
• Large object creation in loops
• Missing caching opportunities
• Blocking operations

5. Style and Consistency

Enforce consistent code style:

// Inconsistent style detected:
public void processData() {
    String name = "John";    // Double quotes
    char type = 'A';         // Single quote
    if (condition) {         // Opening brace on same line
        doSomething();
    }
}

6. Documentation Gaps

Find missing or poor documentation:

# MyDeskBot flags:
def complex_calculation(a, b, c, d, e):
    # No docstring explaining what this does
    result = (a * b + c) / (d + e)
    return result

# Suggestion: Add comprehensive docstring
def complex_calculation(
    a: float,
    b: float,
    c: float,
    d: float,
    e: float
) -> float:
    """Calculate a weighted average with offset.

    Computes (a * b + c) / (d + e), which represents a weighted sum
    divided by a normalized factor.

    Args:
        a: The primary value
        b: The weight multiplier for the primary value
        c: An additive offset to the numerator
        d: First term in the denominator
        e: Second term in the denominator

    Returns:
        The calculated result

    Raises:
        ZeroDivisionError: If (d + e) equals zero

    Example:
        >>> complex_calculation(10, 2, 5, 1, 1)
        25.0
    """
    return (a * b + c) / (d + e)

How to Request Code Review

Method 1: Review Entire File

1. Open the file you want to review
2. Right-click → "Review with MyDeskBot"
3. MyDeskBot analyzes the entire file

Method 2: Review Selection

1. Select the code you want to review
2. Right-click → "Review Selection"
3. MyDeskBot analyzes only the selected code

Method 3: Review Changes (Git)

1. Review a PR or commit
2. Select "Review Changes"
3. MyDeskBot compares and analyzes the diff

Method 4: Inline Request

1. Select code
2. Press Ctrl+Shift+R (Review)
3. Ask for specific review:

   Review this for security issues

Review Categories

MyDeskBot can review for specific categories:

Review this code for:

- Bugs
- Security vulnerabilities
- Performance issues
- Code style violations
- Best practices
- Documentation

Review Report Format

MyDeskBot provides a structured review report:

📋 Code Review Report

🔴 Critical Issues (Must Fix)
  1. Line 45: SQL injection vulnerability
     Risk: HIGH
     Fix: Use parameterized queries

🟡 Warnings (Should Fix)
  1. Line 23: Unhandled exception
     Risk: MEDIUM
     Fix: Add try-catch block

  2. Line 67: Potential memory leak
     Risk: MEDIUM
     Fix: Close resources in finally block

🔵 Suggestions (Nice to Have)
  1. Lines 10-15: Can be extracted to function
  2. Line 34: Use more descriptive variable name
  3. Missing type hints

✅ Good Practices
  1. Proper use of constants
  2. Good error messages
  3. Clear function structure

Configuration

Review Rules

{
  "mydeskbot.review": {
    "categories": ["bugs", "security", "performance", "style", "documentation"],
    "severity": ["critical", "warning", "suggestion"],
    "ignorePatterns": ["node_modules/**", "*.min.js", "generated/**"]
  }
}

Custom Rules

Define custom review rules:

{
  "mydeskbot.review.rules": {
    "noConsole": {
      "severity": "warning",
      "message": "Remove console.log before committing",
      "patterns": ["console\\.log"]
    },
    "requireDocstrings": {
      "severity": "error",
      "message": "All public functions must have docstrings",
      "filePatterns": ["*.py"]
    }
  }
}

Language-Specific Rules

{
  "mydeskbot.review.javascript": {
    "preferConst": true,
    "noVar": true,
    "requireTypes": "suggestion"
  },
  "mydeskbot.review.python": {
    "pep8": true,
    "typeHints": "suggestion",
    "docstrings": "warning"
  }
}

Best Practices

1. Review Early and Often

Don't wait until PR review:

# Ask MyDeskBot to review as you code
# Get immediate feedback
# Fix issues before committing

2. Use Specific Requests

Ask for specific types of review:

Review for performance issues only

Review for security vulnerabilities

Review for best practices violations

3. Iterate

Address issues and re-review:

Review again after fixing the SQL injection issues

4. Learn from Suggestions

Ask MyDeskBot to explain:

Why is this a security issue?

What's the best practice for handling this error?

Integration with PR Reviews

GitHub Integration

MyDeskBot can review PRs:

1. Open a PR in GitHub
2. MyDeskBot automatically reviews the changes
3. Comments appear on the PR
4. Suggestions inline in the diff

GitLab Integration

Similar to GitHub, MyDeskBot can review GitLab MRs.

Bitbucket Integration

MyDeskBot can review Bitbucket PRs.

Team Workflow

Pre-Commit Review

Automatically review before committing:

{
  "mydeskbot.review.hooks": {
    "preCommit": true,
    "failOnCritical": true,
    "warnOnWarning": true
  }
}

PR Review Workflow

1. Developer creates PR
2. MyDeskBot auto-reviews
3. Developer addresses critical issues
4. Team reviews
5. Merge

Pair Programming

Use MyDeskBot as a pair programming partner:

1. Write code together
2. Ask MyDeskBot to review in real-time
3. Address issues immediately
4. Learn best practices

Examples

Example 1: Security Review

// Code to review:
const password = document.getElementById('password').value;
const query = `SELECT * FROM users WHERE password = '${password}'`;

// MyDeskBot review:
🔴 CRITICAL: SQL Injection Vulnerability
  Line: 2
  Risk: HIGH
  The code constructs SQL queries using string concatenation,
  allowing potential SQL injection attacks.

  Fix: Use parameterized queries
  const query = 'SELECT * FROM users WHERE password = ?';
  db.execute(query, [password]);

Example 2: Performance Review

# Code to review:
def get_user_posts(user_id):
    posts = []
    for post in Post.objects.all():
        if post.user_id == user_id:
            posts.append(post)
    return posts

# MyDeskBot review:
🟡 WARNING: Performance Issue
  Line: 3-5
  Risk: MEDIUM
  Iterating through all posts is inefficient.
  Use database filtering instead.

  Fix: Use database query
  return list(Post.objects.filter(user_id=user_id))

Example 3: Best Practices Review

// Code to review:
public void processData(String data) {
    if (data != null) {
        if (!data.isEmpty()) {
            if (data.startsWith("header")) {
                // Process data
            }
        }
    }
}

// MyDeskBot review:
🔵 SUGGESTION: Reduce Nesting
  Line: 2-6
  Risk: LOW
  Deep nesting makes code harder to read.
  Consider using guard clauses.

  Fix: Use early returns
  public void processData(String data) {
      if (data == null || data.isEmpty()) {
          return;
      }
      if (!data.startsWith("header")) {
          return;
      }
      // Process data
  }

See Also

• Code Completion
• Code Refactoring
• Instinct