Pull Request Review Checklist

Use this before merging any meaningful change.

• What behavior changed?
• Is the change scoped to the requirement?
• Are edge cases handled?
• Are errors useful?

• Is input validated at the boundary?
• Are database constraints needed?
• Is sensitive data protected?
• Is migration order safe?

• Did request or response shape change?
• Are status codes correct?
• Are auth and authorization checked?
• Is idempotency needed?

• Is the happy path tested?
• Are important failure paths tested?
• Would the test fail without the fix?
• Are tests deterministic?

• Does config change?
• Are secrets involved?
• Is logging sufficient?
• Is rollback safe?
• Does documentation need updating?

• Did an agent contribute?
• Was the diff reviewed by a human?
• Which agent suggestions were rejected?
• What verification was run?