scar-code-review

What this does

A code review system that learns from its own misses. Two layers work together:

1. Checklist review — Regex/heuristic checks across 4 dimensions:

   • Security: SQL injection, hardcoded secrets, XSS, eval/exec
   • Performance: N+1 queries, missing pagination, unbounded SELECTs
   • Correctness: Unchecked nulls, off-by-one patterns, unhandled promises
   • Maintainability: Long functions, deep nesting, magic numbers

2. Scar reflex arc — Pattern-matching against past review misses. When a review fails to catch a bug that later causes an incident, record a scar. Next time, the reflex fires before the LLM even looks at the diff.

No external dependencies. stdlib only. Python 3.9+.

Quick start

Review a file:

python3 scar_code_review.py review path/to/file.py

Check a diff against past scars:

python3 scar_code_review.py check-diff path/to/changes.diff

Record a missed review finding:

python3 scar_code_review.py record-miss \
  --what-missed "Missed SQL injection in user input handler" \
  --pattern "execute.*format.*user" \
  --severity critical

File format

JSONL, compatible with tetra-scar:

{"id":"rscar_1234","what_missed":"...","pattern":"...","severity":"critical","created_at":"..."}

Integration

from scar_code_review import review, reflex_check, record_miss, load_review_scars

# Review a file
findings = review("app/views.py")
for f in findings:
    print(f"{f['severity']} [{f['dimension']}] {f['message']} (line {f['line']})")

# Check diff against past scars
scars = load_review_scars()
blocks = reflex_check(diff_text, scars)
for b in blocks:
    print(f"BLOCKED: {b}")

# Record a miss after an incident
record_miss(
    what_missed="Missed unvalidated redirect",
    pattern="redirect.*request\\.GET",
    severity="high",
)