In the AI era, you review
more code than you write

Development cycles are faster. PRs are bigger. The rarest skill on any engineering team right now isn't writing — it's the judgment to review anything, trust nothing blindly, and own what ships.

Start reviewing free See how it works
TS · Python · Go · Java · and more
app.codereview.academy/prs/activity-logging-middleware
Add user activity logging middleware
0/3
+48 −0
1
Medium
Submit review
src
middleware
activityLogger.ts
+38−4
index.ts
+6
types.ts
src/middleware/activityLogger.ts
1
+38−4
1
+
import { Request, Response, NextFunction } from 'express';
2
+
import { db } from '../db';
3
+
4
+
export const activityLogger = (req: Request, res: Response, next: NextFunction) => {
5
+
const entry = {
6
+
userId: req.user?.id,
7
+
method: req.method,
8
+
path: req.path,
9
+
body: req.body, // ← full payload, incl. passwords
Markdown supported
10
+
timestamp: new Date().toISOString(),
11
+
};
12
+
13
+
db.insert('activity_log', entry); // fire-and-forget
14
+
next();
15
+
};
17
-
const sensitiveFields = ['token'];
17
+
const sensitiveFields = ['token', 'password', 'card'];
18
 
export const sanitise = (obj: Record<string, unknown>) => {
19
 
const out = { ...obj };
20
 
sensitiveFields.forEach(k => { out[k] = '[REDACTED]'; });

AI Review Assessment

Medium

Issues found

1 /4

What you got right

Missed issues

3 missed · tap to learn why

Communication · 1 comment

Good instinct — but the comment could say what to do, not just flag the issue. Try: "req.body should be sanitised before logging — strip password, token, and card fields."

accurate good tone suggests fix
PR 1 of 3
Add concurrency handling
+154 lines
src/auth/oauth.ts +90
8
+
export async function handleGoogleCallback(
9
+
// Exchange code for tokens
23
+
// Decode JWT without verification
24
+
const payload = JSON.parse(
25
+
Buffer.from(idToken.split('.')[1], 'base64')
JWT signature should be verified — decoding without verification trusts attacker-controlled data.
28
+
let user = await db.query(
try it out
How it works

Three steps. Real improvement.

No theory. You learn by reviewing real pull requests and getting precise feedback on every decision — the exact skill that's now tested in engineering interviews.

01
Pick a PR

Choose a pull request to review

Browse PRs across difficulty levels — security, concurrency, performance. Each is a real-world scenario with real bugs.

02
Leave comments

Review it like you would in production

Read the diff, spot the issues, leave inline comments. No hints — your genuine eye for code quality is being trained.

03
Get feedback

See exactly what you missed and why

AI scores your review across correctness, security, code quality and communication. Every missed issue explained.

Features

Built for engineers who take craft seriously

Real-world PRs

50+ pull requests seeded with the kind of bugs that slip through real code reviews — concurrency, auth, data integrity, and API design.

AI assessment

Every review scored on correctness, security, and code quality. Feedback explains not just what you missed — but why it matters and what you should have said.

Communication scoring

Precision, tone, whether you explained the impact, whether you suggested a fix — all scored separately. Great reviewers write great comments.

Difficulty progression

Start Easy, work up to Hard PRs with subtle race conditions and security gaps that even senior engineers miss on their first pass.

Used in engineering interviews

PR-based code review exercises are now standard at companies like Shopify, Stripe, and Linear. When an interviewer hands you a diff — you want to have done this hundreds of times, not be doing it for the first time.

What engineers say

From junior to trusted reviewer

★★★★★

"I'd been writing review comments for two years but never knew if they were useful. The communication scoring changed how I think about feedback."

AK
Arjun Kumar
Mid-level · Fintech
★★★★★

"The concurrency PRs are genuinely hard. I missed race conditions I'd have let through in real life. Now I have a mental checklist I actually use."

SR
Sofia Reyes
Senior · E-commerce
★★★★★

"After 3 weeks, my team lead said my reviews had improved. I hadn't mentioned I was using this. That told me everything."

TL
Tom Liu
Junior · SaaS startup
Pricing

Simple, honest pricing

No seat fees, no annual lock-in.

Free
$0
forever
Enough to see if it works for you.
  • 5 PR reviews/month
  • Easy & Medium difficulty
  • Full AI assessment
  • Hard PRs
  • Progress tracking
Get started free
Most popular
Pro
$12
per month
For engineers serious about levelling up.
  • Unlimited PR reviews
  • All difficulty levels
  • Full AI assessment
  • Hard PRs
  • Progress tracking
Start Pro
Team
$49
per month · up to 10
For teams raising the bar together.
  • Everything in Pro
  • Team dashboard
  • Custom PR library
  • Priority support
  • Progress tracking
FAQ

Common questions

Yes — all PRs are based on realistic production code patterns. The bugs are the kinds of issues that actually slip through in real reviews: race conditions, missing auth checks, transaction problems.
Each PR has a set of known issues across categories. Your comments are matched against these. The communication score assesses whether your comments were precise, explained the why, suggested a fix, and maintained a constructive tone.
The patterns you practice here are universal. You're building a mental checklist. Most users report noticeable improvement in how they approach reviews within 2–3 weeks.
Yes, no lock-in. Cancel from settings at any time and you'll keep access until the end of your billing period.

Ready to become a better
code reviewer?

Start with 5 free reviews. No credit card required.

Start reviewing free