Review [FILENAME] for:

1. **Function logic issues**
   - Control flow problems (unreachable code, infinite loops, early returns)
   - Functions that are too long or do too many things
   - Missing error handling or edge cases
   - Race conditions in async code

2. **Variable misuse**
   - Variables modified in multiple unrelated places
   - Mutable state that should be immutable
   - Scope issues (closures capturing wrong values, shadowing)
   - Unused or redundant variables
   - Variables used before initialization

3. **Code duplication**
   - Similar code blocks that should be extracted into subroutines
   - Magic strings/numbers that should be constants
   - Repeated patterns that could use a helper function

4. **Security issues**
   - XSS vulnerabilities (innerHTML, document.write, eval)
   - SQL/command injection risks
   - Unsafe deserialization
   - Missing input validation/sanitization
   - Hardcoded secrets or credentials
   - Insecure API calls (missing auth, HTTPS)

5. **Performance concerns**
   - Unnecessary re-renders or recomputation
   - Missing memoization opportunities
   - N+1 query patterns
   - Memory leaks (event listeners, timers not cleaned up)

6. **Code style and maintainability**
   - Inconsistent naming conventions
   - Missing or outdated comments
   - Complex nested conditionals that could be simplified
   - Missing type annotations (for TypeScript)

Provide specific line numbers and code examples for each issue found.
Categorize fixes as HIGH/MEDIUM/LOW priority.
Include positive observations about well-written code.

Review the [PROJECT_NAME] codebase in [DIRECTORY] for:

1. **Architecture and structure**
   - Are files organized logically?
   - Is there clear separation of concerns?
   - Are dependencies between modules reasonable?
   - Is there a consistent pattern (MVC, services, etc.)?

2. **Cross-file issues**
   - Duplicated logic across files that should be shared
   - Circular dependencies
   - Inconsistent error handling patterns
   - Inconsistent naming conventions across files
   - Missing or inconsistent exports/imports

3. **API design**
   - Are function signatures consistent?
   - Are return types predictable?
   - Is error handling consistent?
   - Are public vs private interfaces clear?

4. **Data flow**
   - Is state management clear and traceable?
   - Are there race conditions between modules?
   - Is data validation happening at the right boundaries?

5. **Testing gaps**
   - Which functions lack test coverage?
   - Are edge cases tested?
   - Are error paths tested?

6. **Security audit**
   - Input validation at entry points
   - Output encoding before display
   - Authentication/authorization checks
   - Sensitive data handling

7. **Documentation**
   - Are public APIs documented?
   - Is there a README with setup instructions?
   - Are complex algorithms explained?

Start by listing all files in the project, then analyze each file and cross-file relationships.
Create a summary document with prioritized recommendations.

Quick review of [FILENAME]:
- Top 3 bugs or logic errors
- Top 3 security concerns
- Top 3 refactoring opportunities
Keep it brief - just the most important issues.

Review these changes before commit:
[PASTE DIFF OR DESCRIBE CHANGES]

Check for:
- Breaking changes to existing functionality
- Missing null checks or error handling
- Security implications of the changes
- Whether tests need to be updated
- Whether documentation needs to be updated

Also check for:
- Proper async/await usage (missing await, unhandled promises)
- Correct use of === vs ==
- Proper this binding in callbacks
- Memory leaks from closures or event listeners
- Missing TypeScript types or use of 'any'

Also check for:
- SQL injection (use prepared statements)
- XSS (use esc_html, esc_attr, wp_kses)
- CSRF protection (nonces in WordPress)
- Proper sanitization of $_GET, $_POST, $_REQUEST
- Type declarations and return types

Also check for:
- Mutable default arguments
- Proper exception handling (not bare except:)
- Resource cleanup (use context managers)
- Type hints consistency
- PEP 8 compliance

Also check for:
- Missing key props in lists
- Stale closures in useEffect
- Missing dependency arrays
- Unnecessary re-renders
- Proper cleanup in useEffect

Review this WordPress [theme/plugin] code for:

1. **WordPress coding standards**
   - Proper escaping (esc_html, esc_attr, esc_url, wp_kses)
   - Proper sanitization (sanitize_text_field, absint, etc.)
   - Nonce verification for forms and AJAX
   - Capability checks before actions
   - Proper use of hooks (actions/filters)

2. **Security**
   - SQL injection (use $wpdb->prepare)
   - XSS vulnerabilities
   - CSRF protection
   - File upload validation
   - Direct file access prevention

3. **Performance**
   - Database query optimization
   - Proper use of transients/caching
   - Asset enqueueing (not inline)
   - Conditional loading

4. **Compatibility**
   - PHP version compatibility
   - WordPress version compatibility
   - Multisite compatibility
   - Translation readiness (i18n)

5. **Theme.json / Block Editor**
   - Valid JSON schema
   - Proper preset definitions
   - CSS variable usage
   - Block support declarations

Review assets/app.js for:
1. Function logic issues
2. Variable misuse (especially array indexes getting updated in multiple places)
3. Similar code that should be subroutines
4. Security issues

Also check for JavaScript-specific issues like async/await problems and memory leaks.

docs/code-review-[filename]-[date].md
docs/code-review-[module]-[date].md
docs/security-audit-[date].md