---
title: Code Review Standards
impact: HIGH
impactDescription: Catches issues before they reach production
tags: quality, review, standards
---
## Паспорт документа

- Статус документа: living standard
- Актуально на: 28 марта 2026 года
- Владелец: backend/platform-команда
- Пересмотр: при изменении инженерной практики, CI/CD, архитектурных правил или локального workflow
- Область применения: внутренние rule/reference-card документы для инженерной команды
- Связанные документы:
  - [Индекс Agents](../README.md)
  - [Команды разработки](../commands.md)
  - [Инженерные принципы](../../governance/engineering-principles.md)

## Code Review Standards

**Impact: HIGH**

### What to check during review:

1. **Security**: No exposed secrets, proper input validation, authorization checks
2. **Performance**: No N+1 queries, proper use of `select`, caching where appropriate
3. **Server Components**: No unnecessary `"use client"` directives
4. **Data layer**: Prisma queries use `select`, read operations use replica
5. **Error handling**: Proper exceptions, descriptive messages
6. **Types**: No `as any`, proper `import type` usage
7. **Size**: PR is under 500 lines and focused on one change
8. **Tests**: New code has tests, existing tests still pass
9. **i18n**: All UI strings are in translation files

### Red flags to block PR:

- `as any` anywhere in the code
- `include: { relation: true }` in Prisma queries
- Direct database access from Next.js
- `"use client"` on a page that could be a Server Component
- Missing input validation
- Secrets or tokens in code
- Business logic in controllers