Skip to main content

Review Priority Rubric

Use this rubric for reviewer findings in task reviews.

Priority Levels

P0

  • Definition: Must be fixed before merge; risks broken functionality, data loss/corruption, security exposure, or deployment failure.
  • Examples:
    • Incorrect authz check that can expose customer data.
    • Migration or schema change that breaks startup/runtime.
    • Deterministic crash on a primary request path.

P1

  • Definition: Serious correctness or reliability issue that should be fixed before merge unless explicitly approved by the human.
  • Examples:
    • Incorrect business logic on a common path.
    • Missing error handling that can fail real traffic scenarios.
    • Regression risk with no adequate automated coverage.

P2

  • Definition: Important quality issue; fix is recommended in this change, or capture with explicit follow-up if deferred.
  • Examples:
    • Edge-case behavior mismatch with expected contract.
    • Partial coverage gap with moderate regression risk.
    • Observability/diagnostics gap that slows incident response.

P3

  • Definition: Improvement suggestion with low immediate risk.
  • Examples:
    • Naming/readability issues.
    • Minor maintainability refactors.
    • Non-blocking docs/test clarity improvements.

Usage Rules

  • Findings must be listed in priority order: P0, P1, P2, P3.
  • Each finding should include:
    • file reference
    • impact summary
    • recommended fix
  • If no findings exist for a priority, state None.