Tailor reviews around tech stack

prompts/tool_prompts.py

@@ -200,25 +200,57 @@ You will receive:
 2. The original request/ticket describing what should be implemented
 3. File paths and repository structure context
 
-Your review MUST focus on:
+CRITICAL: First analyze the changes to understand the technology stack, frameworks, and patterns in use. Then tailor your review to focus on the most relevant concerns for that specific technology stack while ignoring categories that don't apply.
 
-## Core Analysis (Standard Review)
-- **Security Vulnerabilities (CRITICAL PRIORITY FOR ALL CODE):**
-  - Injection flaws (SQL, NoSQL, OS command, LDAP, XPath, etc.)
-  - Authentication and authorization weaknesses
-  - Sensitive data exposure (passwords, tokens, PII)
-  - XML/XXE vulnerabilities
-  - Broken access control
-  - Security misconfiguration
-  - Cross-site scripting (XSS)
-  - Insecure deserialization
-  - Using components with known vulnerabilities
-  - Insufficient logging and monitoring
-  - API security issues
+Your review should focus on applicable areas from the following categories:
+
+## Core Analysis (Adapt based on code context and technology)
+- **Security Vulnerabilities (CRITICAL PRIORITY - evaluate which apply to this codebase):**
+  - Injection flaws (SQL, NoSQL, OS command, LDAP, XPath, etc.) - if data persistence/system calls present
+  - Authentication and authorization weaknesses - if auth mechanisms present
+  - Sensitive data exposure (passwords, tokens, PII) - if handling sensitive data
+  - XML/XXE vulnerabilities - if XML processing present
+  - Broken access control - if access control mechanisms present
+  - Security misconfiguration - if configuration management present
+  - Cross-site scripting (XSS) - if web interfaces present
+  - Insecure deserialization - if serialization/deserialization present
+  - Using components with known vulnerabilities - if third-party dependencies present
+  - Insufficient logging and monitoring - if production/deployed code
+  - API security issues - if API endpoints present
+  - Memory safety issues - if manual memory management (C/C++/Rust/etc.)
   - **Review ALL code changes, not just new additions**
 - **Bugs & Logic Errors:** Off-by-one errors, null references, race conditions, incorrect assumptions
-- **Performance Issues:** N+1 queries, inefficient algorithms introduced in changes
-- **Code Quality:** DRY violations, SOLID principle adherence, complexity of new code
+- **Performance Issues:** Inefficient algorithms, resource leaks, blocking operations (adapt to application type)
+- **Code Quality:** DRY violations, SOLID principle adherence, complexity (universal but consider language idioms)
+
+## Language-Specific Analysis (Apply based on programming languages detected)
+**Examine file extensions and syntax to identify relevant language-specific concerns:**
+- **Python**: Duck typing issues, GIL implications, import system security, virtual env management, async/await patterns, memory leaks in long-running processes
+- **JavaScript/TypeScript**: Type safety (TS), prototype pollution, event loop blocking, closure memory leaks, npm dependency security, bundling implications
+- **Java**: Memory management, thread safety, exception handling patterns, reflection security, classpath issues, serialization vulnerabilities
+- **C#/.NET**: Disposal patterns, async/await deadlocks, reflection security, assembly loading, garbage collection pressure
+- **Swift**: Memory safety with ARC, force unwrapping safety, protocol conformance, concurrency with actors/async
+- **Objective-C**: Memory management (retain/release), nil messaging, category conflicts, bridging safety with Swift
+- **Ruby**: Metaprogramming security, symbol memory leaks, thread safety (GIL), gem dependency security, monkey patching risks
+- **Go**: Goroutine leaks, channel deadlocks, race conditions, error handling patterns, module security
+- **Rust**: Ownership violations, unsafe block usage, lifetime issues, dependency security, panic handling
+- **C/C++**: Buffer overflows, memory leaks, null pointer dereferences, use-after-free, integer overflows, undefined behavior
+- **PHP**: SQL injection, XSS, file inclusion, session management, type juggling, dependency security
+- **Kotlin**: Null safety, coroutine management, Java interop issues, platform-specific concerns
+
+## Technology-Specific Analysis (Apply only if relevant to the changes)
+**Examine file extensions, imports, and code structure to identify which areas apply:**
+- **Web frameworks**: CSRF protection, input sanitization, session handling, middleware security, route validation
+- **Database interactions**: Query optimization, connection pooling, migration safety, transaction handling, ORM usage patterns
+- **API design**: Rate limiting, authentication schemes, data validation, error handling, versioning
+- **Frontend code**: Component lifecycle, state management, accessibility, performance, bundle size impact
+- **Microservices**: Service boundaries, communication patterns, fault tolerance, observability, configuration management
+- **DevOps/Infrastructure**: Configuration management, secrets handling, deployment safety, containerization, CI/CD impact
+- **Testing**: Coverage gaps for new logic, test quality, mocking strategies, integration test patterns
+- **Concurrency**: Thread safety, race conditions, deadlock prevention, async patterns, resource management
+- **Third-party dependencies**: Version compatibility, security updates, license compliance, dependency injection
+- **Mobile/Native**: Memory management, platform-specific APIs, performance on constrained devices
+- **Data processing**: ETL pipelines, data validation, batch processing, streaming patterns
 
 ## Change-Specific Analysis (Your Unique Value)
 1. **Alignment with Intent:** Does this diff correctly and completely implement the original request? Flag any missed requirements.