Reading Code Review Comments
5 exercises — read a realistic code review thread with nit comments, blocking issues, conditional approvals, and follow-up tickets. Identify the tone and intent of each comment type.
Reading reviewer intent from language signals
- nit: → minor optional suggestion; "Non-blocking" confirms it
- MUST / before we can merge → hard blocker — required change
- Could be addressed in a follow-up → deferrable improvement
- LGTM / Approving → reviewer is satisfied and approves the PR
- Conditional approval → approved but a lightweight follow-up condition applies
0 / 5 completed
1 / 5
Code Review Thread — PR #1031
Pull Request #1031 — Add rate limiting to public API endpoints
File: src/middleware/RateLimiter.ts
---
[Comment 1] — omar_sec (reviewer)
nit: The variable name `cnt` on line 12 should be `requestCount` — abbreviations
make this harder to understand at a glance. Non-blocking.
---
[Comment 2] — omar_sec (reviewer)
This implementation stores rate-limit counters in process memory. If the app
runs behind a load balancer with multiple instances, each instance will have
its own counter — so a single client could make N * limit requests before
being blocked. This MUST use a shared store (Redis) before we can merge.
---
[Comment 3] — fatima_dev (reviewer)
The error response on line 34 returns a plain string "Too many requests". We
should return a proper JSON body with an `error` key and include the
`Retry-After` header so clients know when to retry. See RFC 6585 §4.
Could be addressed in a follow-up PR if you want to keep this one focused.
---
[Comment 4] — leo_backend (author)
Good point on the shared store — I will refactor to use Redis before requesting
re-review. For the Retry-After header, I'll open a follow-up ticket since the
RFC compliance can be tracked separately.
---
[Comment 5] — omar_sec (reviewer)
Reviewed the Redis refactor commit. The implementation looks correct and the
integration tests confirm counters are shared across simulated instances.
One last nit: the Redis key prefix `rl:` is hardcoded — consider making it
configurable via env var for multi-tenant deployments. Up to you. LGTM otherwise,
approving conditional on the Redis key prefix being tracked in a ticket. Comment 1 from omar_sec starts with "nit:" and ends with "Non-blocking." What does this tell you about the type of change requested?
"nit: ... Non-blocking" = an optional stylistic suggestion that will not prevent approval:
Two signals together make this clear:
Two signals together make this clear:
- "nit:" (short for "nitpick") → reviewer is flagging something minor they noticed but feel lightly about
- "Non-blocking" → explicit statement that this will not hold up the merge
- nit: → minor optional suggestion (naming, formatting, style)
- Non-blocking → reviewer will approve regardless of whether this is addressed
- Blocking / Must-fix / Required → reviewer will not approve until addressed
- Consider: → suggestion without strong opinion ("you might want to...")
- Question: → seeking clarification, not necessarily requesting a change
cnt vs requestCount have real readability impact. The reviewer is correct to flag it — they just don't feel strongly enough to block the PR. Authors should still fix nits when practical.