Docs/cookbook/redis/checklists/code review

Redis Code Review Checklist

Version: 1.1.0 | Updated: 2026-07-16

Purpose

Gate correctness, security, operability, and maintainability of a Redis keyspace, cache, session store, rate limiter, stream consumer, or Redis topology.

Why

Redis correctness depends on source plus INFO server, INFO memory, INFO persistence, INFO replication, and INFO cluster; CONFIG GET for maxmemory/policy, persistence, timeout, and output-buffer settings under approved access; SLOWLOG GET, LATENCY DOCTOR, commandstats, keyspace stats, and sampled MEMORY USAGE. Diff-only review is insufficient.

How

Review the change with its target/version fingerprint, then execute applicable native commands: redis-cli -u <redacted-uri> INFO server; redis-cli -u <redacted-uri> INFO memory; redis-cli -u <redacted-uri> SLOWLOG GET 20; redis-cli -u <redacted-uri> LATENCY DOCTOR; redis-cli -u <redacted-uri> --latency from the application network. Findings must identify the violated Redis invariant.

Version-aware caution

Capture redis_version, mode, persistence, replication/cluster state, client library, and managed-service restrictions. Commands, ACLs, functions, eviction, and cluster behavior depend on server and client versions.

Tradeoffs

Review must prove "key format includes bounded namespace, tenant scope, schema version, and collision-safe identifier" using INFO server, INFO memory, INFO persistence, INFO replication, and INFO cluster. That Redis evidence costs more than diff inspection but exposes maxmemory/OOM or unsafe eviction before merge.

Anti-patterns

  • Using unbounded values or KEYS on a shared production instance blocks Redis's command execution path and destabilizes unrelated tenants.
  • Do not remove a native warning, validator, policy, or safety limit merely to make generated output pass.
  • Do not claim a successful result without preserving the command, target, artifact/revision, and observed output.

Enterprise considerations

Redis governance allocates key prefixes, memory budgets, ACL patterns, persistence tiers, and noisy-neighbor controls; destructive commands require break-glass access.

Official sources

Checklist

  • key format includes bounded namespace, tenant scope, schema version, and collision-safe identifier.
  • data type and maximum cardinality are chosen from access pattern, not convenience.
  • TTL and jitter prevent immortal cache data and synchronized expiry.
  • Lua/function/MULTI or single-command atomicity protects concurrent invariants.
  • cache stampede control is bounded and does not convert misses into source overload.
  • client uses topology-aware discovery, deadlines, bounded pool/queue, and idempotent retries.
  • maxmemory policy matches whether data is disposable, session-critical, or durable.
  • SCAN replaces KEYS; large values and O(N) commands are excluded from request paths.
  • Disable writes to the new versioned key prefix and revert clients; let disposable keys expire or delete them with bounded SCAN/UNLINK jobs—never use FLUSHDB on a shared instance.
  • Evidence identifies version, target, artifact/revision, command or manual method, UTC time, and result.

Changelog

  • 1.1.0 (2026-07-16): Replaced generic gates with native Redis evidence and failure controls.
  • 1.0.0 (2026-07-16): Added initial checklist.