Pre-merge

Pre-merge code reviewchecklist

Merge is a contract with production. Combine automated first pass, human approval, and a explicit checklist so nothing slips through because the team was rushing a release.

branch protectionrequired checksseverity gateshuman sign-offaudit trail
How it works

Merge gate layers

Healthy teams stack lightweight automation with non-negotiable human rules.

  • Bots catch obvious defects and unsafe patterns on every update.
  • Reviewers validate product intent, naming, and cross-service impact.
  • Release managers confirm checklist completion on train branches.

Overview

When to block versus warn

Blocking automation on main is appropriate once false positive rates are measured. Feature branches can stay report-only so experimentation stays fast.

Document override policy: who may merge on red, when, and how incidents get tracked afterward.

Checklist

  • Automated first pass complete CI review job green or acknowledged with documented exceptions for known false positives.
  • Human reviewer for risky paths Payments, auth, and migrations touched means CODEOWNER approval, not only bot comments.
  • Tests cover behavior change New logic has failing-then-passing tests or a linked issue explaining manual QA.
  • Rollback story exists Feature flags, reversible migrations, or a revert PR plan noted in the description.
  • Security and privacy scanned No secrets in diff; user data paths reviewed when logging or analytics change.

FAQ

Common questions

It enforces the automated slice: findings and CI status. Human checklist items stay in PR templates and reviewer habit.

Make pre-merge review repeatable

Adopt the checklist on your next release branch and wire CodeCritic as the automated first step.

Integrations