Sync Gateway Code Review

This skill provides comprehensive code review guidelines for Couchbase Sync Gateway, which manages access and synchronization between Couchbase Lite and Couchbase Server.

What This Skill Does

Performs systematic code reviews following Sync Gateway project standards, focusing on API documentation, logging practices, security, performance, and code quality.

Instructions

When performing a code review for Sync Gateway, follow these steps in order:

1. REST API Documentation Check

If the changes include any modifications to REST APIs:

Check for changes to REST handler code

Look for modifications to query parameters

Identify changes to structs returned via handler functions

**Verify that OpenAPI specifications in the `docs/api` directory are updated accordingly**

Ensure API changes are documented with proper schemas, parameters, and response types

2. Logging Standards Review

Scan for inappropriate dev-time logging:

Search for `log.Printf` usage

Search for `fmt.Printf` usage

Search for similar standard library logging functions

**Ensure these are removed or replaced with appropriate Sync Gateway logging functions:**

- `base.Infof` for informational messages

- `base.Warnf` for warnings

- `base.Debugf` for debug-level messages

- `base.Errorf` for errors

3. PII and User Data Redaction

Review log messages for User Data exposure:

Identify log statements containing:

- Document IDs

- JSON document contents (keys and values)

- Usernames

- Email addresses

- Other personally identifiable information (PII)

**Ensure all User Data is wrapped with the `base.UD()` helper function** to enable redaction

Example: `base.Infof("Processing document: %s", base.UD(docID))`

4. Performance and Concurrency Analysis

Examine code for performance implications:

**Check for mutex contention issues:**

- Look for locks held for extended periods

- Identify potential deadlock scenarios

- Ensure proper lock ordering

**Review for race conditions:**

- Check shared state access

- Verify proper synchronization mechanisms

- Look for data races in concurrent operations

**Assess other concurrency-related issues:**

- Channel usage patterns

- Goroutine lifecycle management

- Resource cleanup in concurrent code

5. Code Comment Quality

Evaluate comments for clarity and value:

**Ensure comments explain *intent* or *reasoning*, not just what the code does**

Look for comments that add context about:

- Why a particular approach was chosen

- What problem the code is solving

- Edge cases or gotchas

- Business logic rationale

Flag comments that simply restate the code

6. Loop Safety Review

Inspect all `for` loops for proper termination:

**Verify loops have sufficient exit conditions**

**Prefer expressing exit conditions in the loop declaration itself**

Minimize reliance on `break` statements within the loop body

Check for potential infinite loop scenarios:

- Loops that depend on external state changes

- Loops without clear termination conditions

- Network or I/O loops without timeouts

Review Checklist Summary

For each pull request, confirm:

[ ] REST API changes have corresponding OpenAPI spec updates in `docs/api`

[ ] No dev-time logging (`log.Printf`, `fmt.Printf`) remains; replaced with Sync Gateway logging

[ ] All User Data in logs is wrapped with `base.UD()` for redaction

[ ] No mutex contention, race conditions, or concurrency issues introduced

[ ] Comments explain intent/reasoning, not just code mechanics

[ ] All loops have clear exit conditions defined in declaration

Example Usage

**Reviewing a REST API change:**

```

I'll review this PR against Sync Gateway standards:

1. REST API Changes: The new endpoint `/db/_user/{name}` was added

- ❌ OpenAPI spec in docs/api/admin.yaml needs updating with this endpoint

2. Logging: Found `fmt.Printf("User: %s", username)` in handlers/user.go:45

- ❌ Should use `base.Infof("User: %s", base.UD(username))`

- Also wrapping username with base.UD() for PII redaction

3. Concurrency: The userCache mutex is held while making a network call

- ❌ This could cause contention; consider releasing lock before network I/O

4. Loop Safety: Line 120 has `for { ... if condition { break } }`

- ❌ Prefer `for !condition { ... }` to express exit condition clearly

```

Important Notes

This skill is specifically tailored for Couchbase Sync Gateway project conventions

User Data redaction is critical for compliance and privacy requirements

Performance issues in synchronization code can have cascading effects across the system

OpenAPI documentation is the source of truth for API contracts

Sync Gateway Code Review

Sync Gateway Code Review

What This Skill Does

Instructions

1. REST API Documentation Check

2. Logging Standards Review

3. PII and User Data Redaction

4. Performance and Concurrency Analysis

5. Code Comment Quality

6. Loop Safety Review

Review Checklist Summary

Example Usage

Important Notes

Reviews (0)