sf-agent-framework

# Code Review Checklist This comprehensive checklist ensures thorough code review for Salesforce development, covering Apex, Lightning, and declarative components. ## Apex Code Review ### Level 1: Basic Code Quality - [ ] Code compiles without errors - [ ] Naming conventions followed (CamelCase for classes, camelCase for variables) - [ ] Code is properly indented and formatted - [ ] No commented-out code blocks - [ ] Meaningful variable and method names used ### Level 2: Best Practices - [ ] Single responsibility principle followed - [ ] DRY (Don't Repeat Yourself) principle applied - [ ] Methods are focused and not too long (<50 lines) - [ ] Complex logic is well-commented - [ ] Magic numbers replaced with named constants ### Level 3: Bulkification - [ ] No SOQL queries inside loops - [ ] No DML operations inside loops - [ ] Collections used efficiently - [ ] Batch processing for large data sets - [ ] Trigger handler pattern implemented ### Level 4: Governor Limits - [ ] SOQL queries minimized (<100) - [ ] DML statements minimized (<150) - [ ] CPU time considered - [ ] Heap size managed efficiently - [ ] Describes cached appropriately ### Level 5: Error Handling - [ ] Try-catch blocks used appropriately - [ ] Specific exceptions caught (not generic Exception) - [ ] Error messages are meaningful - [ ] Errors logged appropriately - [ ] Database methods with allOrNone=false handled ## Security Review ### Level 1: Data Access Security - [ ] WITH SHARING keyword used (or justified exception) - [ ] CRUD permissions checked before DML - [ ] FLS (Field Level Security) enforced - [ ] stripInaccessible() used where appropriate - [ ] No bypass of security controls ### Level 2: Input Validation - [ ] SOQL injection prevention (escapeSingleQuotes or bind variables) - [ ] XSS prevention in Visualforce - [ ] Input sanitization implemented - [ ] Type casting done safely - [ ] Regex patterns validated ### Level 3: Sensitive Data - [ ] No hardcoded credentials or tokens - [ ] No sensitive data in debug logs - [ ] PII properly protected - [ ] Encryption used where required - [ ] No sensitive data in comments ## Lightning Component Review ### Level 1: Component Structure - [ ] Component files properly organized - [ ] Consistent naming conventions - [ ] Proper use of decorators (@api, @track, @wire) - [ ] Component does one thing well - [ ] Reusability considered ### Level 2: Performance - [ ] Efficient data binding - [ ] Minimal server calls - [ ] Proper use of cache - [ ] Lazy loading implemented where needed - [ ] No unnecessary re-renders ### Level 3: Best Practices - [ ] Lightning Data Service used when possible - [ ] Base Lightning Components utilized - [ ] Proper event handling - [ ] No DOM manipulation outside of renderedCallback - [ ] CSS scoped appropriately ### Level 4: Accessibility - [ ] ARIA labels provided - [ ] Keyboard navigation supported - [ ] Screen reader friendly - [ ] Color contrast compliant - [ ] Focus management implemented ### Level 5: Security - [ ] Lightning Locker Service compliant - [ ] No use of eval() or innerHTML - [ ] CSP (Content Security Policy) compliant - [ ] Secure server calls - [ ] Input validation on client side ## Test Coverage ### Level 1: Unit Test Basics - [ ] Test coverage ≥ 75% (org requirement) - [ ] Meaningful test coverage (not just lines) - [ ] Test methods use @isTest annotation - [ ] Test data created in tests (not relying on org data) - [ ] Assertions present and meaningful ### Level 2: Test Quality - [ ] Positive test cases covered - [ ] Negative test cases covered - [ ] Bulk operations tested - [ ] Governor limits tested - [ ] Different user contexts tested ### Level 3: Test Best Practices - [ ] Test.startTest() and Test.stopTest() used properly - [ ] @TestSetup method used for data creation - [ ] No SeeAllData=true (except justified) - [ ] Mock callouts implemented - [ ] Test methods are independent ### Level 4: Edge Cases - [ ] Null value handling tested - [ ] Empty collections tested - [ ] Boundary conditions tested - [ ] Exception scenarios tested - [ ] Permission-based scenarios tested ## Integration Patterns ### Level 1: API Usage - [ ] Named Credentials used for external callouts - [ ] Timeout values configured appropriately - [ ] Retry logic implemented - [ ] Error responses handled - [ ] Mock responses for testing ### Level 2: Asynchronous Processing - [ ] Appropriate async method chosen (Future, Queueable, Batch, Scheduled) - [ ] Chaining limited to avoid infinite loops - [ ] Error handling in async contexts - [ ] Governor limits considered for async - [ ] Monitoring/logging implemented ### Level 3: Platform Events - [ ] Event schemas well-defined - [ ] Publisher error handling - [ ] Subscriber error handling - [ ] Replay ID management - [ ] Event ordering considered ## Configuration Review ### Level 1: Declarative Components - [ ] Flows follow naming conventions - [ ] Process Builders consolidated where possible - [ ] Workflow rules migrated to Flow/Process Builder - [ ] Validation rules have meaningful error messages - [ ] Formula fields optimized ### Level 2: Data Model - [ ] Field names follow conventions - [ ] Field help text provided - [ ] Relationships properly defined - [ ] Required fields justified - [ ] Default values appropriate ### Level 3: Automation - [ ] Order of execution considered - [ ] Recursion prevention implemented - [ ] Bulk-safe operations - [ ] Error handling in automation - [ ] Performance impact assessed ## Documentation ### Level 1: Code Documentation - [ ] Class-level documentation present - [ ] Method-level documentation with parameters - [ ] Complex logic explained in comments - [ ] TODOs addressed or tracked - [ ] Change history maintained ### Level 2: Technical Documentation - [ ] Architecture decisions documented - [ ] Integration points documented - [ ] Data flow documented - [ ] Security considerations noted - [ ] Deployment instructions provided ### Level 3: User Documentation - [ ] Admin guide updated - [ ] User guide updated - [ ] Training materials considered - [ ] Release notes prepared - [ ] Known issues documented ## Performance Considerations ### Level 1: Query Optimization - [ ] Selective WHERE clauses used - [ ] Indexed fields utilized - [ ] Query results limited appropriately - [ ] Relationship queries optimized - [ ] Aggregate queries used where appropriate ### Level 2: Code Efficiency - [ ] Collections pre-allocated with size - [ ] Maps used for lookups instead of nested loops - [ ] Streaming API considered for large data - [ ] Batch size optimized - [ ] Caching implemented where beneficial ### Level 3: UI Performance - [ ] Page size limited - [ ] Pagination implemented - [ ] Lazy loading utilized - [ ] Progressive rendering considered - [ ] Asset optimization done ## Maintainability ### Level 1: Code Structure - [ ] Separation of concerns implemented - [ ] Service layer pattern used - [ ] Reusable components created - [ ] Configuration extracted from code - [ ] Dependencies minimized ### Level 2: Future Proofing - [ ] API versioning considered - [ ] Backward compatibility maintained - [ ] Feature flags implemented - [ ] Extensibility points provided - [ ] Technical debt documented ## Final Review ### Sign-off Criteria - [ ] All checklist items addressed - [ ] Code review feedback incorporated - [ ] Tests passing in CI/CD - [ ] No critical issues outstanding - [ ] Deployment plan reviewed ### Quality Gates - [ ] Static code analysis passed - [ ] Security scan completed - [ ] Performance benchmarks met - [ ] Accessibility standards met - [ ] Documentation complete