Why is single-perspective code review insufficient?

Pure developer view easily misses four risk classes: (1) business value and strategic alignment (PM lens); (2) edge cases and regression risk (QA lens); (3) input validation and sensitive data protection (Security lens); (4) CI/CD compatibility, rollback, monitoring (DevOps lens). Multi-role review is not bureaucratic overhead — it is the mechanism that surfaces those latent risks explicitly.

Why is "we'll fix it later" the most dangerous review reply?

The chapter's Key Principle states it bluntly: improvements scheduled for "later" must be addressed NOW. "Later" is a synonym for tech debt — once the PR merges without the fix, the fix essentially never happens. Requesting changes on the spot is an order of magnitude more effective than filing a new issue: issues live for weeks or months on average, while feedback inside a PR closes within 24 hours.

How do I prompt AI to review a PR from multiple roles?

The chapter gives the prompt directly: "Review this PR from these roles: 1. Product Manager — focus on business value; 2. Security Engineer — focus on security risks; 3. QA Engineer — focus on test coverage", then paste the diff or link. Pick the 2-3 most relevant roles per round rather than all six — more roles produce generic output, while 2-3 targeted ones yield concrete, actionable feedback.

How long should a PR review checklist template be?

The chapter template gives 3 checkboxes per role, 18 in total across six roles. The point is not the count but that every item is genuinely checkable — "Test coverage adequate" is, "Code is good" is not. Past 20 items nobody reads carefully, so every line must map to a concrete behaviour: CI/CD compatible, Input properly validated, Responsive on mobile; delete vague entries like "Quality is high".

PR Review Methodology

Q: What review roles does the chapter define and what does each look at?

Six: (1) PM — Business Value / UX / Strategic Alignment; (2) Developer — Code Quality / Standards / Performance / Refactoring; (3) QA — Test Coverage / Edge Cases / Regression Risk; (4) Security — Vulnerabilities / Auth / Input Validation / Compliance; (5) DevOps — CI/CD / Config / Monitoring / Rollback; (6) UI/UX Designer — Visual Consistency / Usability / Accessibility / Responsive.

⏱️ 20 min

Multi-Role PR Review Methodology

Why Multi-Role Review?

Single-perspective code reviews miss things. By simulating multiple roles during review, you get a much more complete assessment of the change's quality and impact.

Review Roles

1. Product Manager Review

Look at the change from a product angle:

Business Value: Does this deliver promised value?
User Experience: Will users benefit from this change?
Strategic Alignment: Does it align with product goals?
Feature Completeness: Are all requirements met?
Action: Provide directives for maximum impact

2. Developer Review

Look at code quality from an engineer's perspective:

Code Quality: Is code clean and maintainable?
Standards: Does it follow coding conventions?
Performance: Are there efficiency concerns?
Scalability: Will it handle growth?
Refactoring: Any code that needs improvement?
Action: Suggest specific code improvements

3. Quality Engineer Review

Look at quality assurance from a testing angle:

Test Coverage: Are all paths tested?
Edge Cases: Are boundary conditions handled?
Regression Risk: Could this break existing features?
Test Quality: Are tests comprehensive and clear?
Action: Identify missing tests and scenarios

4. Security Engineer Review

Look at potential risks from a security angle:

Vulnerabilities: Any security risks?
Data Handling: Is sensitive data protected?
Authentication: Are auth checks proper?
Input Validation: Is user input sanitized?
Compliance: Does it meet security standards?
Action: Flag security concerns immediately

5. DevOps Review

Look at deployment and monitoring from an ops angle:

CI/CD Integration: Will builds succeed?
Configuration: Are configs properly managed?
Infrastructure: Any deployment concerns?
Monitoring: Are metrics and logs adequate?
Rollback: Can changes be safely reverted?
Action: Ensure smooth deployment

6. UI/UX Designer Review

Look at the interface from a user experience angle:

Visual Consistency: Does it match design system?
Usability: Is it intuitive to use?
Accessibility: Is it accessible to all users?
Responsive: Does it work on all devices?
Polish: Any rough edges to smooth?
Action: Ensure delightful user experience

Review Process

Standardized review workflow:

Read PR description and linked issues
- Understand the context and purpose of the change
Review code changes systematically
- Go file by file, pay attention to context
Test functionality locally if applicable
- Actually run it and verify
Consider each perspective above
- Walk through each role's lens
Leave constructive feedback
- Provide specific, actionable suggestions
Approve or request changes
- Make a clear approval decision

Key Principle

Improvements scheduled for "later" must be addressed NOW!

Don't let "we'll fix it later" become a tech debt excuse.

Practical Tips

Review Checklist Template

## PR Review: [PR Title]

### Product Perspective

-   [ ] Business value delivered
-   [ ] Requirements met
-   [ ] User experience considered

### Developer Perspective

-   [ ] Code is clean and readable
-   [ ] Follows coding standards
-   [ ] No obvious performance issues

### QA Perspective

-   [ ] Test coverage adequate
-   [ ] Edge cases handled
-   [ ] No regression risks

### Security Perspective

-   [ ] No security vulnerabilities
-   [ ] Input properly validated
-   [ ] Sensitive data protected

### DevOps Perspective

-   [ ] CI/CD compatible
-   [ ] Monitoring in place
-   [ ] Rollback possible

### UX Perspective

-   [ ] Consistent with design system
-   [ ] Accessible
-   [ ] Responsive

Using AI to Help Review

You can have AI review code from different role perspectives:

Review this PR from the following roles:
1. Product Manager - focus on business value
2. Security Engineer - focus on security risks
3. QA Engineer - focus on test coverage

[Paste PR code or link]

Next Steps

Check out Code Analysis Options to learn more code quality analysis techniques.

📚 相关资源

❓ 常见问题

关于本章主题最常被搜索的问题，点击展开答案

为什么单一视角的代码审查不够？

纯 developer 视角容易漏 4 类问题：(1) 业务价值与产品目标对齐（PM 视角）；(2) 边界与回归风险（QA 视角）；(3) 输入校验与敏感数据保护（Security 视角）；(4) CI/CD 兼容、回滚、监控（DevOps 视角）。多角色审查不是流程繁琐，是把这些隐性风险显式拉出来。

本章列了几种审查角色？分别看什么？

六个：(1) PM — Business Value / UX / Strategic Alignment；(2) Developer — Code Quality / Standards / Performance / Refactoring；(3) QA — Test Coverage / Edge Cases / Regression Risk；(4) Security — Vulnerabilities / Auth / Input Validation / Compliance；(5) DevOps — CI/CD / Config / Monitoring / Rollback；(6) UI/UX Designer — Visual Consistency / Usability / Accessibility / Responsive。

「以后再改」为什么是审查里最危险的回答？

本章 Key Principle 直接写：Improvements scheduled for "later" must be addressed NOW。"以后"是技术债务的代名词，PR 合进去那一刻不修就基本不会修。审查里看到要改的点立刻 request changes，比新开 issue 的修复率高一个量级 — issue 平均 lifetime 几周到几月，PR 内反馈是 24 小时。

怎么让 AI 帮我从多角色视角审 PR？

本章直接给了 prompt 模板："请从以下角色审查这个 PR：1. 产品经理 - 关注业务价值；2. 安全工程师 - 关注安全风险；3. 测试工程师 - 关注测试覆盖"，然后粘 PR diff 或链接。每次只挑 2-3 个最相关角色，不要 6 个全上 — 角色越多输出越泛，2-3 个针对性反馈反而具体可操作。

PR 审查清单模板该多长？

本章模板每个角色 3 项 checkbox，6 角色共 18 项。关键不是项数而是「每项可勾选」— Test coverage adequate 是可勾的，Code is good 不是。20 项以上的清单没人认真过，每条都要落到具体行为：CI/CD compatible、Input properly validated、Responsive on mobile，模糊的「Quality is high」一律删掉。