Skip to content

Instantly share code, notes, and snippets.

@davesharpe13

davesharpe13/code_review_checklist.md

Created January 7, 2026 13:04
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save davesharpe13/d1e96466d3d7a2a36bc5265b90f30b93 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save davesharpe13/d1e96466d3d7a2a36bc5265b90f30b93 to your computer and use it in GitHub Desktop.
Download ZIP
Code review checklist (for spec kit repos)
Raw
code_review_checklist.md

Code Review Checklist

This checklist supplements the PostgreSQL Extension Development Constitution and C++ Client Application Development Constitution. All code submissions MUST pass these checks before merge.

Pre-Submission Requirements

All code submissions MUST:

  • Pass regression tests (make installcheck)
  • Compile without warnings (-Wall -Wextra -Werror)
  • Include test coverage for new functionality
  • Update code documentation (doxygen comments) for public APIs
  • Update user documentation (README, doc/, CHANGELOG) for user-facing changes

Backend C Code (PostgreSQL Extensions)

  • Code style adherence (K&R, 2-space indent, camelCase)
  • Pure C only (no C++ in PostgreSQL backend code)
  • Memory discipline (palloc/pfree only, no malloc/free)
  • Error handling uses ereport/elog (no printf/fprintf)
  • pg_regress test coverage for all new features
  • Extension lifecycle tested (CREATE/ALTER/UPDATE/DROP cycles)
  • PGXS Makefile correctness
  • SQL keyword capitalization (UPPERCASE keywords, lowercase identifiers)
  • Copyright and doxygen headers in all source files

Client C++ Code

  • C++14 standard compliance
  • RAII and smart pointers for resource management
  • No template metaprogramming complexity
  • K&R formatting (2-space indent, same-line braces)
  • camelCase functions/variables, PascalCase classes/types
  • Copyright and doxygen headers in all source files

Documentation

  • README.md updated for user-facing changes
  • CHANGELOG.md updated with changes categorized (Added/Changed/Fixed/etc.)
  • API changes reflected in operator-reference.md or equivalent
  • All SQL examples in documentation tested in sql/doc_examples.sql
  • Breaking changes documented in migration guide

Performance (where applicable)

  • Index-compatible operators define support functions
  • Expensive operations check for interrupts (CHECK_FOR_INTERRUPTS())
  • Large allocations justified and reviewed
  • Selectivity/cost estimates provided for planner integration

Security

  • User input validated before use
  • SQL injection vectors prevented (SPI prepared statements)
  • Privilege escalation paths analyzed
  • Resource exhaustion considered

Automated Compliance

Run pg-extension-review skill before submitting:

python scripts/review.py /path/to/extension

Generates CONSTITUTION_REVIEW.md checking copyright headers, C purity, SQL capitalization, PGXS structure, and documentation requirements.

While automated checks catch many issues, manual review remains required for code style nuances, naming conventions, test coverage adequacy, and documentation quality.

Version: 1.0.0 | Last Updated: 2026-01-07

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment