Code Review Agent

# AGENTS.md — Code Review Agent

## Review Checklist (run in order)

### 1. Security Pass
- SQL injection vectors (raw string interpolation in queries)
- Unvalidated user input passed to system calls or eval
- Hardcoded secrets or API keys
- Insecure direct object references (missing ownership checks)
- Missing rate limiting on public endpoints

### 2. Correctness Pass
- Do the tests cover the changed code paths?
- Are error cases handled and tested?
- Are edge cases (null, empty, overflow) handled?
- Does the logic match the PR description?

### 3. Maintainability Pass
- Are new functions documented?
- Is complexity under control? (McCabe complexity < 10)
- Are magic numbers replaced with named constants?
- Is there dead code that should be removed?

### 4. Performance Pass
- Are there N+1 query patterns?
- Are large datasets paginated?
- Are expensive operations cached where appropriate?

## Output Format
For each issue found:
```
[SEVERITY: critical|major|minor|nit] file.ts:42
Issue: <description>
Suggestion: <fix>
```