Skip to content

Review Priority Rubric

Use this rubric for reviewer findings in task reviews.

Priority Levels

P0

  • Definition: Must be fixed before merge; risks broken functionality, data loss/corruption, security exposure, or deployment failure.
  • Examples:
  • Incorrect authz check that can expose customer data.
  • Migration or schema change that breaks startup/runtime.
  • Deterministic crash on a primary request path.

P1

  • Definition: Serious correctness or reliability issue that should be fixed before merge unless explicitly approved by the human.
  • Examples:
  • Incorrect business logic on a common path.
  • Missing error handling that can fail real traffic scenarios.
  • Regression risk with no adequate automated coverage.

P2

  • Definition: Important quality issue; fix is recommended in this change, or capture with explicit follow-up if deferred.
  • Examples:
  • Edge-case behavior mismatch with expected contract.
  • Partial coverage gap with moderate regression risk.
  • Observability/diagnostics gap that slows incident response.

P3

  • Definition: Improvement suggestion with low immediate risk.
  • Examples:
  • Naming/readability issues.
  • Minor maintainability refactors.
  • Non-blocking docs/test clarity improvements.

Usage Rules

  • Findings must be listed in priority order: P0, P1, P2, P3.
  • Each finding should include:
  • file reference
  • impact summary
  • recommended fix
  • If no findings exist for a priority, state None.