How I Use AI as a Senior Engineer for Code Reviews (25 Prompts That Actually Work)
Tags: #ai #codereview #productivity #webdev
I've been using AI for code reviews for over a year. In that time I've learned one uncomfortable truth:
Most developers are using AI wrong for code reviews.
They paste code and ask "is this good?" They get back a wall of generic feedback that could apply to literally any codebase. It feels useful for about 10 seconds, then you realize nothing actionable came out of it.
The problem isn't the AI. It's the prompt.
After hundreds of iterations, I've identified the patterns that separate a mediocre AI code review from one that actually finds bugs, catches security holes, and suggests fixes a senior engineer would be proud of.
Here's what I learned — and the exact prompts I now use daily.
Why Most AI Code Review Prompts Fail
When you ask AI a vague question, you get a vague answer. This is especially true for code review because the AI has no context about:
- What "good" means for your team
- What severity of issues matter to you
- What you already know vs. what you need explained
- What the code is supposed to do
A great code review prompt gives the AI a role, a framework, and a specific output format. When you do that, the results are night and day.
The Anatomy of a Prompt That Works
Every high-quality code review prompt has three parts:
1. A role — "You are a senior engineer with 15 years of experience..."
This primes the model to respond with depth and specificity, not generic advice.
2. A framework — tell it exactly what to look for and in what order.
Security issues? Performance? Readability? All three? Be explicit.
3. A structured output — "For each issue provide: severity, line reference, what's wrong, and a fix."
Without this, you get an essay. With it, you get an actionable list.
5 Prompts I Use Every Week
Here are five from my collection. These are copy-paste ready — just fill in the brackets.
1. The Senior Engineer Review
Use this as your default. It gives you a structured pull request review with severity levels and concrete fixes.
You are a senior software engineer with 15+ years of experience. Review the following code as if you were doing a thorough pull request review for a production system.
For each issue you find, provide:
1. Severity (Critical / Major / Minor / Nitpick)
2. Line or section reference
3. What's wrong and why it matters
4. A concrete fix with example code
After the issue list, give an overall score (1–10) and a 2-sentence summary of the code's strengths.
Code to review:
[PASTE CODE HERE]
Language/framework context: [e.g. Python 3.11, FastAPI]
2. Security Vulnerability Scanner
This one's saved me twice from shipping auth bugs to production.
Act as a security-focused code auditor. Analyze the following code specifically for security vulnerabilities.
Check for (but don't limit yourself to):
- Injection attacks (SQL, command, LDAP)
- Authentication/authorization flaws
- Sensitive data exposure
- Hardcoded secrets or credentials
- Input validation gaps
For each vulnerability found:
- Name the vulnerability type (use OWASP naming where applicable)
- Explain the attack vector
- Show the vulnerable code snippet
- Provide a secure replacement
End with a risk rating: Low / Medium / High / Critical.
Code:
[PASTE CODE HERE]
3. Performance Bottleneck Finder
Perfect for spotting N+1 queries and O(n²) nightmares before they hit prod.
You are a performance engineering expert. Analyze the following code for performance issues and optimization opportunities.
Focus on:
- Time complexity (provide Big-O analysis)
- Unnecessary loops or redundant operations
- Database query inefficiencies (N+1 problems, missing indexes)
- Caching opportunities
For each issue: explain the problem, estimate the performance impact (low/medium/high), and show an optimized version.
Code:
[PASTE CODE HERE]
Context: [expected data volume, latency requirements]
4. The Rubber Duck Debugger
When you're stuck on a bug and need a structured way out.
I'm going to describe a bug. Help me debug it systematically like a senior engineer who has seen everything.
Walk me through:
1. Likely root causes ranked by probability
2. Specific questions I should answer to isolate the issue
3. Diagnostic steps in order
4. Common gotchas in this area I might be overlooking
5. The most likely fix based on the symptoms
Bug description: [DESCRIBE THE BUG]
Relevant code: [PASTE CODE IF AVAILABLE]
Environment: [language, framework, recent changes]
5. The 5 Whys Root Cause Analyst
For bugs that keep coming back. Gets to the real issue, not just the symptom.
Apply the "5 Whys" technique to this bug to find the true root cause.
Walk through:
Why 1: Why did the bug happen? (immediate cause)
Why 2: Why did [Why 1] happen?
...and so on to Why 5.
Then provide:
- The systemic fix that prevents recurrence
- Process or tooling improvements to catch this class of bug earlier
Bug description: [DESCRIBE THE BUG IN DETAIL]
Tips for Getting Even Better Results
Provide context generously. The more the AI knows about your stack, team size, and constraints, the more relevant its feedback.
Ask for one thing at a time. Don't ask for a security review AND a performance review AND a readability audit in one prompt. Run them separately and compare.
Iterate on the output. If a suggestion doesn't fit your codebase, push back: "That fix won't work because we use X. What's an alternative?"
Use the feedback to learn. When AI flags something you didn't notice, understand why it's a problem. This is how your actual engineering instincts improve over time.
Want All 25 Prompts?
I've put together a full pack covering:
- Code review (readability, architecture, API design, tech debt, test coverage gaps)
- Debugging (error decoding, memory leaks, production incidents, flaky tests, log analysis)
All model-agnostic — works with Claude, ChatGPT, Gemini, or whatever you use.
Grab the full pack here: [MY LEMON SQUEEZY LINK]
If this was useful, drop a ❤️ or share it with your team. Happy shipping.
Top comments (0)