PR Review

Backend Review Guidelines (Django)

Backend-specific code review rules for Django/Python development

👤 Ritu Kataria📅 Updated: Jan 23, 2026📁 Development Guidelines🏷️ backend🏷️ code-review🏷️ python🏷️ django

Code Review Guidelines - Backend (Django)

This document contains backend-specific code review rules for Django/Python development.

Refer to General Guidelines for general review process, SLAs, and reviewer assignment rules.

Part 1: Developer Self-Review (Before Creating PR)

Step 1: Run Pre-commit Hooks on Changed Files

# Run on staged files only
pre-commit run

# Or run on specific changed files
pre-commit run --files $(git diff --name-only HEAD)

# Or run on files changed vs main/develop branch
pre-commit run --files $(git diff --name-only origin/develop)

Step 2: AI-Assisted Self-Review

In VS Code/Cursor, select your changed files and use one of these prompts:

Quick Review Prompt:

Review this code against our backend_development.mdc standards. 
Check for: BaseModel inheritance, ValidationError usage, mapper patterns, 
QuerySet optimization, naming conventions, and response format compliance.
Flag any violations as CRITICAL, MAJOR, or MINOR.

Comprehensive Review Prompt:

Perform a thorough code review of my changes using @backend_development.mdc rules.

Check these categories:
1. CODE QUALITY: snake_case naming, no nested ternaries, f-strings, blank line before return
2. ARCHITECTURE: BaseModel/GenericView inheritance, prepare_urls usage, serializer location
3. SECURITY: @allow_guest usage, permission checks, no hardcoded secrets
4. PERFORMANCE: select_related/prefetch_related, no N+1, cache-aware methods
5. PATTERNS: Model.get() not objects.get(), mapper dicts not if/else, ValidationError raised

For each issue found, provide:
- Severity (CRITICAL/MAJOR/MINOR)
- Line reference
- What's wrong
- How to fix it

Step 3: Fix All Issues Before PR

AI SeverityAction Required
CRITICALMust fix - PR will be rejected
MAJORMust fix - Blocks approval
MINORShould fix - Reviewer will request

Part 2: Backend Pre-Submission Checklist

#CheckVerification
1Pre-commit hooks passRun pre-commit run - must show all green
2Self-review completedAI review + manual diff review
3No debug codeRemove print(), breakpoint(), commented code
4Migrations reviewedCheck generated migration matches intent, no data migrations
5Documentation updatedDocstrings for new classes/complex methods
6Fixtures updatedUpdate fixture files if adding new master data (see below)

Fixture File Updates (Mandatory)

If your changes involve adding new entries to tables with fixtures, you MUST update the corresponding fixture file in fixtures/ directory:

Change TypeFixture File to Update
New activity log master categorymaster_log_category.json
New activity log sub-categorysub_log_category.json
New communication triggercommunication_triggers.json
New communication variablecommunication_variable.json
New center featurecenter_feature_list.json
New assistant promptassistant_prompt.json

⚠️ Failure to update fixtures will cause issues in fresh deployments and new environments.

Part 3: Reviewer Checklist - Code Quality (Blocking)

CheckStandard Reference
✅ Follows snake_case for variables/functions, PascalCase for classesNaming Conventions
✅ No nested ternariesCore Principles
✅ Uses Model.get() instead of objects.get()BaseModel Pattern
✅ Uses mapper dictionaries instead of if/else chainsConfiguration Mappers
ValidationError raised (not returned) with proper status codesError Handling
JsonResponse with consistent structure (status, message, data)Response Format
✅ F-strings used for string formattingCode Style
✅ Blank line before return statementsFormatting Rules

Part 4: Reviewer Checklist - Architecture Compliance (Blocking)

CheckStandard Reference
✅ Models inherit from core.models.BaseModelBaseModel Pattern
✅ Views inherit from core.view.GenericViewView Structure
✅ Serializers inherit from DynamicFieldsModelSerializerSerializers
✅ URL patterns use prepare_urls() utilityURL Patterns
✅ Proxy models in {app}/proxies/ directoryProxy Models
✅ Serializers in {app}/serializers/ directoryFolder Structure
✅ No custom managers unless explicitly requiredCustom Managers

Part 5: Reviewer Checklist - Security (Blocking)

CheckVerification
@allow_guest() only on public endpointsNo accidental exposure
@validate_feature() for feature-gated endpointsFeature validation
✅ Permission checks before sensitive operationsAuthorization
✅ No hardcoded secrets/credentialsSecurity
✅ User input validated before useInput validation
✅ SQL injection prevention (ORM usage, no raw SQL)Database security

Part 6: Reviewer Checklist - Performance (Blocking for High-Impact)

CheckStandard Reference
select_related() for ForeignKey traversalQuerySet Optimization
prefetch_related() for reverse FK/M2MQuerySet Optimization
.values() / .values_list() when full objects not neededQuerySet Optimization
✅ No N+1 query patternsQuerySet Optimization
✅ Cache-aware methods used for cached models (LabFeature.get_features())Cached Model Retrieval
@transaction.atomic for multi-step DB operationsDefensive Programming

Part 7: Reviewer Checklist - Documentation (Non-Blocking)

CheckVerification
✅ Docstrings for classes and complex methodsDocumentation
category_id_mapper defined for activity loggingActivity Logging
✅ Complex logic explained (why, not how)Documentation

Part 8: Module Owners (Backend)

Developers MUST add the relevant module owner to their PR (Some of the module owners are):

Module/AreaModule OwnerWhen to Add
AI/AssistantSai TharunAny changes in assistant/, AI prompts, LLM integrations
Payments/FinanceRahul BhangaleChanges in payments/, finance/
InterfacingSumit RajenimbalkarChanges in interfacing/, devices, reports
IntegrationsAbhijeet ManeChanges in integration/
CommunicationSai TharunChanges in communication/, SMS, email
Lab ReportsSumit Rajenimbalkar / Rahul Bhangale / Sai TharunChanges in lab_reports/
AccessionRahul BhangaleChanges in accession/
BillingSai TharunChanges in billing/
InsuranceMilind Naik / Sidhharth ChakrabortyChanges in insurance/
Bulk RegistrationSidhharth ChakrabortyChanges in patient/
InventorySubham Kumar MalChanges in inventory/
CRMSai Tharun / Akshay Goregankar / Ritu KatariaChanges in crm/
Lab FormsRitu KatariaChanges in lab_forms/

Important

Adding the module owner is the developer's sole responsibility.

Part 9: Backend-Specific Severity Examples

SeverityBackend Examples
🔴 CriticalMissing @allow_guest on auth endpoint, raw SQL with user input, exposed secrets in settings
🟠 MajorMissing BaseModel inheritance, N+1 queries in loops, no tests for new feature, objects.get() instead of Model.get()
🟡 MinorMissing docstring, camelCase variable name, hardcoded string instead of constant
🔵 SuggestionCould use values_list() instead of full objects, consider extracting to utility function

General Code Review Guidelines

General code review rules applicable across all teams and tech stacks

Frontend Review Guidelines

End-to-end frontend code review process and guidelines

On this page

Code Review Guidelines - Backend (Django)Part 1: Developer Self-Review (Before Creating PR)Step 1: Run Pre-commit Hooks on Changed FilesStep 2: AI-Assisted Self-ReviewStep 3: Fix All Issues Before PRPart 2: Backend Pre-Submission ChecklistFixture File Updates (Mandatory)Part 3: Reviewer Checklist - Code Quality (Blocking)Part 4: Reviewer Checklist - Architecture Compliance (Blocking)Part 5: Reviewer Checklist - Security (Blocking)Part 6: Reviewer Checklist - Performance (Blocking for High-Impact)Part 7: Reviewer Checklist - Documentation (Non-Blocking)Part 8: Module Owners (Backend)Part 9: Backend-Specific Severity Examples