codingClaude
Code Review Prompt (Claude / Anthropic)
Claude responds especially well to XML-structured prompts because its training aligns with Anthropic's own XML-based prompt format. Using <role>, <task>, <context>, and <instructions> tags produces more consistent, structured output compared to plain prose prompts. The <review> output tags encourage Claude to organise its analysis clearly rather than writing a stream-of-consciousness critique.
Prompt Template
<role>You are a meticulous senior software engineer with expertise in security, performance, and clean code principles.</role>
<task>Perform a comprehensive code review of the code provided in the <code> tag.</task>
<context>{{context}}</context>
<code language="{{language}}">
{{code}}
</code>
<instructions>
Review the code across these dimensions and structure your response using the XML tags below:
<review>
<bugs>List each bug with line number, description, and fix</bugs>
<security>List each security issue with severity (critical/high/medium/low) and remediation</security>
<performance>List each performance concern and its impact</performance>
<maintainability>Suggest improvements to readability and structure</maintainability>
<verdict>
<score>X/10</score>
<summary>Two-sentence summary of the code's quality</summary>
<action>merge | request-changes | reject</action>
</verdict>
</review>
</instructions>Variables
{{language}}Programming language (e.g., TypeScript, Python, Go){{code}}The code to review{{context}}What the code is supposed to do and any relevant constraintsExample
Input
language: Go
context: HTTP middleware that enforces rate limiting
code:
func RateLimit(next http.Handler) http.Handler {
counts := map[string]int{}
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ip := r.RemoteAddr
counts[ip]++
if counts[ip] > 100 {
http.Error(w, "Too Many Requests", 429)
return
}
next.ServeHTTP(w, r)
})
}Output
<review>
<bugs>
Line 2: counts map is not goroutine-safe. Concurrent requests will cause a data race. Fix: use sync.Map or protect with sync.Mutex.
The counter never resets, so any IP will eventually be permanently blocked. Fix: use a time-windowed counter (e.g., sliding window or token bucket).
</bugs>
<security>
[high] r.RemoteAddr includes the port number, so the same IP gets a different key per connection. Fix: parse the host with net.SplitHostPort.
[medium] The rate limit (100) is hardcoded. Fix: accept it as a parameter for flexibility.
</security>
<verdict>
<score>3/10</score>
<summary>The approach is correct in concept but has a critical concurrency bug and a key parsing flaw that together make it both unsafe and ineffective. Requires significant revision before production use.</summary>
<action>request-changes</action>
</verdict>
</review>Related Tools
FAQ
- Why use XML tags in Claude prompts?
- Anthropic trained Claude on prompts that use XML tags for structure. Claude is more reliable at following instructions in XML tags than in plain prose, especially for complex multi-part tasks.
- Does Claude support streaming for long code reviews?
- Yes. Use the stream: true parameter in the Anthropic API. The XML structure still works with streaming — Claude outputs the opening and closing tags as it generates.
- Which Claude model should I use for code reviews?
- Claude 3.5 Sonnet is the best balance of quality and cost for most code reviews. Use Claude 3 Opus for security-critical reviews or very large codebases that need the deepest analysis.
Related Prompts
Code Review Prompt
This prompt structures code reviews into five clear categories so the AI produces actionab...
Code Review Prompt (OpenAI / ChatGPT)This variant is optimised for the OpenAI API, using the system/user separation and markdow...
Security Code Audit PromptSecurity audits require a systematic approach that covers every vulnerability category, no...