# Code Review Guide for AI Assistants

This document provides guidance for AI assistants to help with code review for the Fix Plugin Does Not Exist Notices plugin.

## Code Review Checklist

When reviewing code, check for the following:

### Functionality

- [ ] Does the code work as expected?
- [ ] Does it handle edge cases appropriately?
- [ ] Are there any logical errors?
- [ ] Is error handling implemented properly?

### Code Quality

- [ ] Does the code follow WordPress coding standards?
- [ ] Is the code well-organized and easy to understand?
- [ ] Are there any code smells (duplicate code, overly complex functions, etc.)?
- [ ] Are functions and variables named appropriately?
- [ ] Are there appropriate comments and documentation?

### Security

- [ ] Is user input properly validated and sanitized?
- [ ] Is output properly escaped?
- [ ] Are capability checks used for user actions?
- [ ] Are nonces used for form submissions?
- [ ] Are there any potential SQL injection vulnerabilities?
- [ ] Are there any potential XSS vulnerabilities?

### Performance

- [ ] Are there any performance bottlenecks?
- [ ] Are database queries optimized?
- [ ] Is caching used appropriately?
- [ ] Are assets (CSS, JS) properly enqueued?

### Compatibility

- [ ] Is the code compatible with the minimum supported WordPress version (5.0)?
- [ ] Is the code compatible with the minimum supported PHP version (7.0)?
- [ ] Are there any browser compatibility issues?
- [ ] Are there any conflicts with other plugins?

### Internationalization

- [ ] Are all user-facing strings translatable?
- [ ] Is the correct text domain used?
- [ ] Are translation functions used correctly?

### Accessibility

- [ ] Does the code follow accessibility best practices?
- [ ] Are ARIA attributes used appropriately?
- [ ] Is keyboard navigation supported?
- [ ] Is screen reader support implemented?

## Code Review Process

### 1. Understand the Context

Before reviewing code, understand:
- What problem is the code trying to solve?
- What are the requirements?
- What are the constraints?

### 2. Review the Code

Review the code with the checklist above in mind.

### 3. Provide Feedback

When providing feedback:
- Be specific and clear
- Explain why a change is needed
- Provide examples or suggestions when possible
- Prioritize feedback (critical issues vs. minor improvements)
- Be constructive and respectful

### 4. Follow Up

After the code has been updated:
- Review the changes
- Verify that issues have been addressed
- Provide additional feedback if necessary

## Common Issues to Look For

### PHP Issues

- Undefined variables or functions
- Incorrect function parameters
- Missing return statements
- Improper error handling
- Inefficient loops or conditionals
- Hardcoded values that should be configurable

### WordPress-Specific Issues

- Incorrect hook usage
- Missing or incorrect nonces
- Missing capability checks
- Direct database queries instead of using WordPress functions
- Improper enqueuing of scripts and styles
- Not using WordPress functions for common tasks

### JavaScript Issues

- Undefined variables or functions
- Event listener memory leaks
- jQuery conflicts
- Browser compatibility issues
- Missing error handling

### CSS Issues

- Browser compatibility issues
- Specificity issues
- Unused styles
- Overriding WordPress admin styles inappropriately

## Example Feedback

### Good Feedback Example

```
In function `handle_remove_reference()`:

1. The nonce check is missing, which could lead to CSRF vulnerabilities. 
   Consider adding:
   ```php
   if (!isset($_GET['_wpnonce']) || !wp_verify_nonce($_GET['_wpnonce'], 'fpden_remove_reference')) {
       wp_die(__('Security check failed.', 'fix-plugin-does-not-exist-notices'));
   }
   ```

2. The user capability check should be more specific. Instead of:
   ```php
   if (!current_user_can('manage_options')) {
   ```
   Consider using:
   ```php
   if (!current_user_can('activate_plugins')) {
   ```
   This is more appropriate for the action being performed.

3. The success message should be translatable:
   ```php
   // Change this:
   add_settings_error('fpden', 'fpden_removed', 'Plugin reference removed successfully.', 'updated');
   
   // To this:
   add_settings_error('fpden', 'fpden_removed', __('Plugin reference removed successfully.', 'fix-plugin-does-not-exist-notices'), 'updated');
   ```
```

### Poor Feedback Example

```
This code has security issues and doesn't follow best practices. Fix it.
```