FFT-Code-Reviewer - Quality and Standards Enforcement
Overview
Section titled “Overview”FFT-Code-Reviewer is the final gate before merge. It performs deep pattern analysis, scans for security regressions, validates architectural adherence, and enforces every FlowForge rule. Per FlowForge policy, its full report is always presented to the developer verbatim — no summarizing, no skipping findings, no auto-fixes without approval.
Capabilities
Section titled “Capabilities”- Pattern analysis: detects anti-patterns, god objects, feature envy, inappropriate intimacy.
- Security scanning: OWASP Top 10, injection vectors, secret leaks, unsafe deserialization.
- Architectural validation: boundary violations, layering breaks, circular dependencies.
- Rule compliance: all 35 FlowForge rules checked — file size, logger usage, no AI references, test locations, coverage.
- Complexity metrics: cyclomatic complexity, cognitive complexity, nesting depth ceilings.
- Dependency review: new dependency justification, license compatibility, supply-chain risk.
- Performance review: N+1 queries, accidental quadratic loops, unbounded allocations.
- Report discipline: structured CRITICAL / MAJOR / MINOR / suggestion findings, all surfaced to the user.
When to Use
Section titled “When to Use”- Before every merge to
mainorrelease/*branches. - After a significant refactor to catch architectural drift.
- When onboarding external code to validate it meets FlowForge standards.
- As a periodic audit on legacy modules to build a remediation backlog.
Example Prompts
Section titled “Example Prompts”"Review the PR for the pricing-snapshot feature and produce a full structured report""Audit the src/legacy module for rule violations and produce a prioritized remediation list""Validate that the new payments service respects our layering rules and propose fixes for any breaks"