# C# / .NET Review Checklist

## Build and Test

```bash
dotnet restore
dotnet build
dotnet test
dotnet format --verify-no-changes
```

## Language Quality

- Names communicate intent.
- Functions are small and cohesive.
- No unnecessary `dynamic`.
- Nullable warnings are fixed.
- Exceptions preserve stack traces.
- Async code is truly async.
- Pattern matching improves clarity rather than obscuring intent.

## Object Design

- Invariants are protected.
- Public mutable state is avoided.
- Interfaces represent real contracts.
- Inheritance represents substitutability.
- Records are used only where value equality makes sense.

## Data Access

- Queries filter/project in the database.
- No N+1 surprises.
- Large result sets are paged.
- No unsafe SQL string concatenation.
- DbContext lifetime is appropriate.
- `SaveChangesAsync` is called once per logical operation at the Unit of Work boundary.
- All repositories in a logical operation share one `DbContext` instance.
- Read-only queries use `AsNoTracking` where appropriate.

## Web/API

- Correct HTTP status codes.
- Request validation is present.
- DTOs are used for external contracts.
- Errors do not leak internals.
- OpenAPI docs match the implementation.

## Security

- No secrets in code.
- Inputs are validated.
- Outputs are encoded.
- Authorization is enforced server-side.
- Packages and target frameworks are supported.

## Deployment

- Publish settings are intentional.
- Cross-platform assumptions are tested.
- Config is environment-aware.
- Logs and health checks support operations.