Cara Review Code dengan ChatGPT

Code review manual = bottleneck development (rata-rata 2-4 jam per PR). Tapi ChatGPT bisa review kode dalam detik dengan akurasi 85-90% untuk common issues.

Bayangkan: bukan lagi tunggu senior dev untuk review code. ChatGPT bisa catch bugs, enforce coding standards, detect security vulnerabilities, dan suggest performance improvements otomatis. Waktu review berkurang drastis, kualitas kode meningkat.

Manfaat Code Review dengan ChatGPT

✅ Catch bugs sebelum merge ke main branch

✅ Enforce coding standards (PEP8, ESLint, etc)

✅ Security vulnerability detection (OWASP Top 10)

✅ Performance bottleneck identification

✅ Training tool untuk junior developers

✅ Consistent review standards across team

Akurasi ChatGPT:

• Syntax/style issues: 95%
• Logic bugs: 85%
• Security vulnerabilities: 75%
• Architecture suggestions: 65%

Setup Optimal (5 Menit)

1. Pilih Model yang Tepat

GPT-4o (ChatGPT Plus $20/bulan): Best accuracy untuk comprehensive reviews

GPT-4o mini (Free tier): Good enough untuk small files dan quick scans

2. Setup Custom Instructions

Di ChatGPT settings, tambah custom instruction ini:

“Anda senior [Python/JavaScript/Java] engineer dengan 10 tahun experience.

Saat review code, gunakan checklist ini:

 

1. Bugs & Logic Errors – Apakah kode berjalan sesuai intent?
2. Security Vulnerabilities – OWASP Top 10 check
3. Performance Bottlenecks – Time/space complexity analysis
4. Code Style – PEP8/ESLint compliance
5. Error Handling – Exception handling yang proper?
6. Testability – Mudah di-test?
7. Architecture – SOLID principles applied?

 

Format output: [Severity: Critical/High/Medium/Low] Issue + Recommended Fix”

 

3. Persiapkan File dengan Baik

• Max 128k tokens (~10,000 lines kode)
• Include requirements.txt atau package.json
• Atau share PR diff langsung

25 Prompt Code Review Terbaik (Copy-Paste Ready)

A. General Code Review (5 Prompts)

1. Basic Code Review

“Review kode [Python/JavaScript/Java] ini sebagai senior developer:

 

[paste kode]

 

Checklist:

– Bugs & logic errors

– Coding style compliance

– Performance issues

– Security concerns

 

Format: Issue → Severity → Recommended Fix”

 

2. Comprehensive Production Code Review

“Sebagai Tech Lead, review production code ini comprehensively:

 

[paste kode]

 

Include:

– OWASP Top 10 security check

– SOLID principles compliance

– Test coverage gaps

– Scalability concerns

– Alternative approaches (3 options)

 

Rating: 1-10 dengan actionable improvements”

 

3. Beginner-Friendly Explanation

“Explain issues di kode ini seperti menjelaskan ke junior developer:

– Most critical fixes first

– Simple language

– Learning opportunity

 

[paste kode]”

 

4. Quick Bug Scan

“Scan kode ini untuk critical bugs & security issues ONLY:

 

[paste kode]

 

Prioritas: Critical → High → Medium”

 

5. Style & Consistency

“Review kode untuk [PEP8/ESLint/Prettier] compliance:

 

[paste kode]

 

Suggest: exact formatting fixes + tool recommendations”

 

B. Language-Specific Reviews (8 Prompts)

6. Python PEP8 & Performance

“Review Python code:

– PEP8 compliance

– Performance optimization

– Pythonic patterns

– Type hints suggestions

 

[paste kode]”

 

7. JavaScript/ES6 Modern Practices

“Modern JavaScript review:

– ES6+ patterns (const/let, arrow functions, destructuring)

– Async/await vs callbacks

– Error handling

 

[paste kode]”

 

8. React Component Review

“React component review:

– Hooks rules compliance

– Re-render optimization

– Memoization needs

– Accessibility (a11y)

– Props drilling issues

 

[paste kode]”

 

9. SQL Query Optimization

“SQL query review:

– N+1 problem detection

– Index recommendations

– Injection prevention

– Query performance

 

[paste SQL]”

 

10. Node.js/Express API

“Express.js API endpoint review:

– Authentication/authorization

– Input validation

– Error handling

– Rate limiting

 

[paste kode]”

 

11. Docker Configuration

“Dockerfile review:

– Security best practices

– Image size optimization

– Multi-stage build efficiency

– .dockerignore completeness

 

[paste Dockerfile]”

 

12. CSS/Tailwind Code

“CSS/Tailwind review:

– Responsive design

– Performance (unused CSS)

– Accessibility

– Naming conventions

 

[paste code]”

 

13. Go/Rust Performance

“[Go/Rust] code review:

– Memory management

– Concurrency patterns

– Error handling

– Performance optimization

 

[paste kode]”

 

C. Security-Focused Reviews (4 Prompts)

14. OWASP Top 10 Security Audit

“Security audit untuk OWASP Top 10:

– SQL Injection prevention

– XSS protection

– CSRF tokens

– Broken authentication

– Sensitive data exposure

 

[paste kode]

 

Critical issues only dengan fixes”

 

15. Hardcoded Secrets Detection

“Check kode ini untuk hardcoded secrets/credentials:

– API keys

– Database passwords

– Private keys

– Sensitive configs

 

[paste kode]

 

Action: How to fix + recommendation”

 

16. Input Validation Review

“Review input handling:

– User input sanitization

– Length/type validation

– SQL injection prevention

– XSS protection

 

[paste kode]”

 

17. Authentication/Authorization

“Auth implementation review:

– Token generation security

– Password hashing (bcrypt/argon2)

– Session management

– Role-based access control

 

[paste kode]”

 

D. Performance Reviews (3 Prompts)

18. Time/Space Complexity Analysis

“Big O analysis untuk kode ini:

 

[paste kode]

 

Analyze: time complexity, space complexity

Optimize: suggest 3 approaches dengan trade-offs

Benchmark: improvement estimation”

 

19. Memory Leak Detection (JavaScript)

“Memory leak detection di React/Node.js:

– Event listener cleanup

– Timer/interval clearance

– Closure memory issues

– useEffect dependencies

 

[paste kode]”

 

20. Database Query Performance

“Query performance review:

– Missing indexes

– N+1 queries

– Query optimization

– Caching opportunities

 

[paste code + query logs]”

 

E. Advanced Technical Reviews (5 Prompts)

21. Architecture & Design Patterns

“High-level architecture review:

– SOLID principles applied?

– Design patterns used?

– Separation of concerns

– Testability

 

[paste code atau architecture doc]

 

Recommendation untuk improvement”

 

22. Framework Migration

“Review kode untuk migration dari [old] ke [new framework]:

 

[paste current code]

 

Compatibility issues, breaking changes, migration strategy”

 

23. WCAG 2.1 Accessibility Compliance

“Accessibility (a11y) review untuk AA compliance:

– Semantic HTML

– ARIA labels

– Keyboard navigation

– Screen reader support

– Color contrast

 

[paste frontend code]”

 

24. API Design Review

“REST API design review:

– Endpoint structure consistency

– HTTP methods appropriate?

– Error responses format

– Versioning strategy

– Documentation completeness

 

[paste API code]”

 

25. Testing Strategy Review

“Test coverage & strategy review:

– Unit test adequacy

– Edge cases coverage

– Mock/stub usage

– Integration tests

– E2E test gaps

 

[paste test code atau describe coverage]”

 

Workflow Code Review: 5 Langkah Sistematis

Langkah 1: Initial Scan (1-2 menit)

Prompt: “Quick scan untuk CRITICAL bugs & security issues ONLY.

Ignore style/formatting sekarang.”

 

Output: Critical issues yang perlu immediate fix

Langkah 2: Comprehensive Checklist (3-5 menit)

Gunakan comprehensive review prompt dari list.

Full checklist dengan severity ratings.

 

Output: Complete review dengan priority

Langkah 3: Verify Suggested Fixes (5 menit)

“Apply suggested fixes ke kode. Review kode yang sudah di-fix.

Ada regressions atau new issues?”

 

Output: Confirmation fixes work

Langkah 4: Alternative Approaches (3 menit)

“Suggest 3 alternative approaches untuk issue X:

– Option 1: Simple solution

– Option 2: Optimal solution

– Option 3: Enterprise-grade solution

 

Trade-offs untuk masing-masing”

 

Output: Multiple solutions untuk discussion

Langkah 5: Documentation (2 menit)

“Generate PR description dengan review findings:

– What changed

– Why changed

– Testing done

– Potential issues to watch”

 

Output: Ready-to-paste PR description

Tabel: Akurasi ChatGPT Code Review

Issue Type	Akurasi	False Positives	Best For
Syntax Errors	98%	<1%	Beginners
Style/Formatting	95%	<2%	Quick scans
Logic Bugs	85%	5-10%	Complex logic
Security Issues	75%	10-15%	General scan
Performance	70%	15-20%	Optimization hints
Architecture	65%	20-25%	Discussion starter

Key insight: ChatGPT excellent untuk 90% cases, tapi tetap perlu human review untuk critical decisions.

Contoh Review Nyata

Kasus 1: Python Flask Bug

Kode Awal (Buggy):

@app.route(‘/user/<id>’)

def get_user(id):

    return users[int(id)]

 

ChatGPT Review Output:

CRITICAL (Security): No authentication check

– Any user bisa access siapa saja

– Fix: @login_required decorator

 

HIGH (Logic): IndexError risk jika ID invalid

– No bounds checking

– Fix: Add if 0 <= user_id < len(users)

 

MEDIUM (Performance): Linear search inefficient

– Consider hash map untuk lookup

– Fix: users[user_id] bukan users.get(user_id)

 

LOW (Style): Missing docstring

– Add function documentation

 

Fixed Code:

@app.route(‘/user/<int:user_id>’)

@login_required

def get_user(user_id):

    “””Get user profile by ID (requires auth).”””

    if not (0 <= user_id < len(users)):

        abort(404)

    return users[user_id]

 

Review Score: 4/10 → 8/10 after fixes

Kasus 2: React Component

Issue Found:

• Missing useEffect dependencies
• Inline object creation causing re-renders
• No alt text pada images
• No error boundary

ChatGPT Recommendation: Add dependencies, memoize objects, add accessibility attributes, wrap dengan ErrorBoundary

Score: 6/10 → 9/10

Limitations & Best Practices

Apa yang ChatGPT Tidak Bisa?

❌ Understand business logic nuances ❌ Know company-specific patterns ❌ Handle very large codebases (>128k tokens) ❌ Real-time static analysis ❌ Architectural decisions (context needed)

Mitigasi:

✅ Combine dengan linters (ESLint, black, Pylint) ✅ Always have human review untuk critical code ✅ Test all suggested fixes thoroughly ✅ Use version control sebelum apply changes ✅ Customize instructions per project/team

Best Practices:

1. Initial Scan dengan ChatGPT quick prompt
2. Run linters untuk auto-fixable issues
3. ChatGPT comprehensive review untuk logic/architecture
4. Human review dari senior dev
5. Automated testing untuk verification

Integrasi ke Workflow Tim

Setup di VS Code:

1. Install ChatGPT extension
2. Open sidebar
3. Paste code
4. Select review prompt
5. Copy review ke PR comments

GitHub Integration:

GitHub Actions bot + ChatGPT API

Auto-comment review findings di setiap PR

 

Custom GPT untuk Tim:

Buat custom GPT “Code Reviewer”

Share link ke tim

Semua bisa use dengan company-specific rules

 

Kesimpulan: ChatGPT = Code Review Co-Pilot

ChatGPT tidak replace human code review, tapi hemat 80% waktu sambil tingkatkan quality. Perfect untuk:

• Quick initial scan sebelum human review
• Junior developer training (learn dari suggestions)
• Consistency enforcement (standards)
• Bottleneck elimination (no waiting untuk review)

Action Plan:

1. Hari ini: Test 3 prompts pada kode kamu sekarang
2. Minggu depan: Setup Custom Instructions
3. Bulan depan: Integrasi ke PR workflow team
4. Ongoing: Combine dengan human review

Code review never been easier! ✅