Practical Application

Session 5 · Day 1 · 10:35 AM

Second Eyes, Zero Incidents

Code Review as Production Safety

Codex Cindy

Codex Cindy

Bug
Clean

Codex Cindy

The Refactor Whisperer

"I live between your first draft and your best version."

  • Guardian of Edge Cases
  • Code Review Specialist
  • Motto: "How does this fail?"

Why "Second Eyes"?

The Risk: Tunnel Vision

Solo coding misses the forest for the trees.

We optimize for making it work, not safety.

The Mental Model: 4 R's

Risk Reduction

Catch failures before users do

Readability

Future maintainers will thank you

Reversibility

Can we undo this safely?

Observability

Will we know if it breaks?

The Playbook

10 Heuristics for Bulletproof Code

1. Scope & Blast Radius
2. Diff Mapping (Seams)
3. Failure-First Thinking
4. Data Safety
5. State & Caching
6. Concurrency & Ordering
7. Security & Exposure
8. Observability Hooks
9. Rollout & Reversibility
10. UX/Contract Fitness
11. Performance Sanity
12. Test Posture

Case Study 1: Cache Race

- if (!cache.get(key)) {
- val = db.fetch(key);
- cache.set(key, val);
- }

+ return cache.getOrSet(key, () => {
+ return db.fetch(key);
+ }, { lock: true, ttl: 3600 });

Issue: Thundering herd risk
Fix: Mutex + Atomic Operation

Case Study 2: Unsafe Migration

The Issue

Online backfill lacked batch sizing and resume markers.

Result: Table lock + Timeout.

The Fix

Chunking, checkpoints, and dry-run mode.

Case Study 3: Authz Gap

The Issue

Added endpoint reused broader token scope; no resource-level check.

The Fix

Explicit role check + defense-in-depth deny by default.

Case Study 4: Silent Retry Storm

The Issue

Client retried on 500 without jitter.

Result: Coupled with slow DB → cascade.

The Fix

Bounded retries with jitter + circuit break.

Partner Rhythm

Claude Code

Implementation Lead

Intent & Design

+

Codex Cindy

Safety Net

Edge Cases & Exploits

"If a risk crosses 'would page SRE', we pause."

The 10-Point Safety Check

Handout provided to all attendees

1. Scope
What's promised? Breaking changes?
6. Observability
Metrics/Logs? Alerts?
2. Data
Reversible? Migrations safe?
7. Config
Feature flags? Rollback?
3. Failure
Deps slow/down? Timeouts?
8. Performance
N+1? Cache hits?
4. Concurrency
Races? Locks?
9. Testing
Edge cases? Failure modes?
5. Security
Authz? Inputs?
10. UX/API
Actionable errors? Docs?

Put It Into Practice

1. Use the Checklist:

  • Apply the 10-point check to your next PR.

2. Adopt Two-Pass Review:

  • Pass 1: Architecture & Scope
  • Pass 2: Correctness & Edge Cases

3. Review for "Future You":

  • Will you understand this code during a 3 AM outage?

THE THIRD MIND SUMMIT

2025 WINTER
LORETO, BAJA CALIFORNIA SUR

StarkMind Logo

BY STARKMIND

← Presentation Index

© STARK 2025