After this lesson, you will be able to: Use Claude (or Claude Code, or Cursor's chat) to review your own diff for bugs and security issues BEFORE you push to GitHub, and know which findings to act on, which to discuss, and which to ignore.
Every senior engineer reviews their own diff before posting a PR. AI gives juniors the same superpower. This lesson takes you from never having asked an AI to review your code to a repeatable workflow that catches the bugs a human reviewer would catch on the first read, and saves you the embarrassment of pushing them.
Code you wrote 20 minutes ago looks fine because your brain is still in the context that produced it. Read it tomorrow and the bugs are obvious. AI gives you the 'read it tomorrow' perspective right now. Self-review with AI catches: typos that compile, missing null checks, off-by-one errors, missing edge cases, inconsistent naming, missing test cases, missing error handling, and obvious security issues (SQL string concat, missing input validation, leaked tokens). It does NOT catch: subtle architectural problems, performance issues that only appear at scale, requirements bugs (you built the wrong thing). Use it for what it's good at.
Paste your diff (from `git diff` or your editor's source-control panel) and ask for review. Below is the prompt you can copy verbatim.
# Use the actual `git diff` output, or the file content if your changes are larger.Review this diff for:- Bugs (logic errors, missing edge cases, off-by-one)- Security issues (auth, input validation, secrets in client code)- Missing error handling- Code that violates the project's existing conventionsDo NOT comment on style or formatting, my linter handles that.For each issue, give:- File and line- What's wrong- Why it matters- Suggested fix (one line if possible)If you don't see any issues in a category, say "no issues found", don't invent.```diff<paste git diff here>```
If you use Claude Code in the terminal, you don't need to copy/paste the diff at all. Run `git diff` in the same project and ask Claude to review your uncommitted changes, Claude Code reads the diff directly. Same idea with Cursor's chat: open the file, click 'Add to chat,' and ask 'review my changes for bugs.' The editor sends the relevant context for you.
Below is the kind of code juniors push to PR all the time. Run it through the self-review prompt and AI will flag at least three issues. Try it in your own AI tool of choice, see what shows up.
// src/app/api/posts/route.tsimport { prisma } from "@/lib/prisma";export async function POST(request: Request) {const body = await request.json();const post = await prisma.post.create({data: {title: body.title,body: body.body,userId: body.userId, // ← trusting client input for ownership},});return Response.json(post);}// Things AI review will (correctly) flag:// 1. No input validation, body could be anything, breaks at runtime// or stores garbage in the DB. Suggested fix: Zod schema.// 2. userId comes from the request body, anyone can create posts AS// other users by changing the JSON. Use the authenticated session// user instead, not body.userId.// 3. No error handling, if the DB call throws, the request 500s with// no useful response. Wrap in try/catch and return a clean error.// 4. Returns 200 by default for a POST that created a resource;// should be 201.
AI review can be noisy. Apply this filter to every finding: **Always act on:** security issues (auth, validation, leaks), real bugs (missing null check, wrong condition), missing error handling on operations that can fail. **Discuss before acting on:** convention violations (maybe it's intentional), 'consider also' suggestions (extra features that weren't asked for), performance optimizations without measurement. **Skip:** style/formatting comments (your linter handles those, don't waste prompt budget asking), advice to add tests you've already written elsewhere, suggestions that contradict your codebase's existing pattern.
Draft a reusable self-review prompt that you can paste before any diff. Required patterns check for: explicit review categories (security and bugs at minimum), an instruction to NOT comment on formatting/style, and a request for file+line+fix output format.
Sign in and purchase access to unlock this lesson.