# Review

Review mode reads code  a recent diff, a specific file, or a set of files you point it at and produces a structured audit. It checks for logical correctness, security issues, consistency with the rest of the codebase, missing edge cases, and alignment with any rules or architectural decisions defined in the project.

<figure><img src="/files/09NgmcmF20btt22LP6jv" alt=""><figcaption></figcaption></figure>

***

### What Review checks

| Category     | Examples                                                                        |
| ------------ | ------------------------------------------------------------------------------- |
| Correctness  | Logic errors, incorrect assumptions about data shapes, off-by-one errors        |
| Security     | Missing auth checks, raw key storage, unsanitized inputs, tenant isolation gaps |
| Consistency  | Patterns that diverge from the rest of the codebase without reason              |
| Edge cases   | Unhandled nulls, missing error states, race conditions                          |
| Architecture | Changes that contradict decisions in the project's rules or plan documents      |

If you have rules files configured in `.cora/rules/`, Review mode enforces them  flagging any code that violates a defined constraint.

***

### Running a review

Point Review at a diff, a file, or describe what just changed:

```
Review the changes I just made to the ingestion pipeline and the
aggregator service. Focus on tenant isolation — make sure orgId
is scoped correctly at every database access point.
```

```
Review the new API key management endpoints for security issues,
particularly around key generation, hashing, and the revocation flow.
```

The output is a list of findings with severity levels, an explanation of each issue, and a suggested fix. You can ask Code mode to apply any of the fixes directly.

***

### When to run Review manually

Run a manual Review pass after:

* Any change to authentication or session handling
* Any change to API key generation, validation, or revocation
* Any change to multi-tenancy logic or tenant-scoped queries
* Any significant schema change
* Any new endpoint that handles user-supplied data

It's faster to catch issues immediately after a change than after several more features have been built on top of it.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.codemate.ai/cora/modes/review.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.