Phoenix Code Review

Quick Reference

Issue Type	Reference
Bounded contexts, Ecto integration	references/contexts.md
Actions, params, error handling	references/controllers.md
Pipelines, scopes, verified routes	references/routing.md
Custom plugs, authentication	references/plugs.md

Review Checklist

Controllers

• Business logic in contexts, not controllers
• Controllers return proper HTTP status codes
• Action clauses handle all expected patterns
• Fallback controllers handle errors consistently

Contexts

• Contexts are bounded by domain, not technical layer
• Public functions have clear, domain-focused names
• Changesets validate all user input
• No Ecto queries in controllers

Routing

• Verified routes (~p sigil) used, not string paths
• Pipelines group related plugs
• Resources use only needed actions
• Scopes group related routes

Plugs

• Authentication/authorization via plugs
• Plugs are composable and single-purpose
• Halt called after sending response in plugs

JSON APIs

• Proper content negotiation
• Consistent error response format
• Pagination for list endpoints

Valid Patterns (Do NOT Flag)

• Controller calling multiple contexts - Valid for orchestration
• Inline Ecto query in context - Context owns its data access
• Using action_fallback - Centralized error handling pattern
• Multiple pipelines per route - Composition is intentional
• Plug.Conn.halt/1 without send - May be handled by fallback

Context-Sensitive Rules

Issue	Flag ONLY IF
Missing changeset validation	Field accepts user input AND no validation exists
Controller too large	More than 7 actions OR actions > 20 lines
Missing authorization	Route is not public AND no auth plug in pipeline

Before Submitting Findings

Load and follow review-verification-protocol before reporting any issue.