What's an architect-level Apex code review checklist?

Code review at architect level looks beyond syntax. Key checks:

Bulkification:

• No SOQL or DML in loops.
• Methods accept Lists, not single records.
• Maps for O(1) lookups; not List.contains.

Governor limits:

• Selective queries.
• Stay well under SOQL/DML/CPU/heap thresholds.
• Async for heavy work.

Test coverage:

• 75% minimum (production gate).
• 85%+ targeted; meaningful tests.
• @TestSetup data factories.
• Negative test cases.
• Bulk tests (200 records).
• System.runAs for permission paths.
• Mocks for external dependencies.

Sharing:

• Explicit with sharing / without sharing / inherited sharing.
• Default class declaration explicit, not implicit.

Error handling:

• try/catch where appropriate.
• Custom exceptions for business errors.
• Errors logged to custom log object.
• Meaningful error messages.

Security:

• SOQL injection protection (bind variables).
• FLS / CRUD checks via Security.stripInaccessible or explicit.
• No hardcoded user IDs.
• No hardcoded passwords / API keys.

Performance:

• No N+1 query patterns.
• Cache reused queries.
• Async for slow ops.
• Wired Apex methods marked cacheable=true where possible.

Maintainability:

• One responsibility per class.
• Clear naming.
• Limited side effects.
• Comments for non-obvious decisions.

Style:

• Follows project conventions.
• PMD-clean.
• ESLint-clean for LWC.

Custom code justification:

• Could this be declarative instead?
• Why custom?

Architect role: codify checklist into PMD rules + ARB checklist. Automation enforces consistency.