Code Review Beyond Correctness

“It compiles and the tests pass” is the floor, not the bar. What else are you reading a diff for?

This is the opening question of any code-review screen for a senior engineer, and it separates the people who treat review as a pass/fail gate from the people who treat it as the highest-leverage quality and mentorship tool a team has. The interviewer wants to hear that when you open a diff, “does it work” is the first thing you check and the least interesting. Everything that determines whether this code is still a good decision in two years — the design, the readability, the tests, whether anyone but the author understands it, the security and privacy exposure, whether it can be operated at 2 AM — is what an experienced reviewer actually spends attention on. Get this answer right and you set the frame for the whole loop.

Flow of what to look for in review beyond correctness: correctness, design, readability, tests, shared context, security/privacy, operability, automate style
The spine of the answer: correctness is step one, then design, readability, tests, shared context, security/privacy, and operability — while style gets automated away rather than argued line by line.

What this question is really testing

Whether you have a layered mental model of review and the judgment to spend your (and the author's) limited attention on what matters. Junior engineers review line by line for bugs and style. Senior engineers review the change against its intent, the system it lands in, and the humans who will maintain it. The tell is whether you name the axes beyond correctness and the discipline to push the mechanical ones into tooling so humans review substance.

How to answer What the interviewer is looking for
Concrete example — the diff that “worked.” An engineer sends a diff that adds a new enrichment step to an ad-event ingestion path. It's correct, it has a unit test, CI is green. A line-by-line reviewer approves it. A senior reviewer asks four different questions: Design — why a synchronous call to the enrichment service on the hot path instead of joining against the already-loaded dimension table? Tests — there's a happy-path test, but what happens when enrichment times out; is the event dropped, retried, or emitted un-enriched? Operability — there's no metric or log for the new failure mode, so an on-call would be blind. Privacy — the enrichment payload now carries a user identifier into a log line at DEBUG. Same diff; the difference is entirely in what the reviewer chose to look at.

Common follow-ups

How do you decide how deep to go on a given diff?

How to answer

Isn't a lot of this the author's job, not the reviewer's?

How to answer

What do you deliberately not comment on?

How to answer

How does AI-assisted review change this?

How to answer
Where to get your data (Meta)