How to Read and Act on CodeHawk Feedback
Your first CodeHawk review just posted to your PR. You see three comments from an AI reviewer, and they're... specific. One mentions a potential null dereference, another flags a missing error handler, a third questions your use of == instead of ===.
If you're new to CodeHawk, you might wonder: How seriously should I take these? Are they mandatory fixes, suggestions, or style preferences? And how do I know if CodeHawk is actually right?
This guide walks you through interpreting CodeHawk feedback, deciding what to act on, and building better debugging intuition in the process.
The Severity Levels: What Each One Means
CodeHawk posts three types of comments. The label tells you how critical the issue is.
Error — Fix Before Merging
An Error means CodeHawk has detected a real bug that will likely cause a runtime failure or security vulnerability.
Examples:
- Null pointer dereference: accessing a property on something that might be undefined
- SQL injection risk: user input passed directly into a query
- Missing return statement: a code path leaves a promise unresolved
- Type mismatch: assigning a string to a variable that expects a number
Your move: Review the code, understand why CodeHawk flagged it, and fix it before merging. If you disagree with the flag, leave a comment explaining your reasoning for your team's review trail.
Most errors are real. If 95% of CodeHawk's error flags are legitimate in your codebase, trust the 5% you're unsure about enough to investigate.
Warning — Probably Worth Fixing
A Warning means CodeHawk detected a code pattern that often leads to bugs, but isn't guaranteed to fail in this specific case.
Examples:
- Unused variable (dead code or typo?)
- Exception thrown but not caught (intentional or oversight?)
- Function with no error handling (what if this call fails?)
- Boolean logic that might be inverted (did you mean
&&instead of||?)
Your move: Read the comment, think about whether it applies to your code's intent. If it does, fix it. If you have a legitimate reason to keep it, reply and say so. CodeHawk flags patterns; you judge intent.
Warnings are often style or safety preferences. In a well-reviewed codebase, most warnings are worth acting on. A few are false positives based on context CodeHawk couldn't see.
Info — Take It or Leave It
Info is CodeHawk being verbose about code quality, style, or readability.
Examples:
- Complex nested condition (could be simplified)
- Function is doing multiple things (consider breaking it up)
- Comment is outdated (this variable is now used here)
- Variable name is unclear (consider a more descriptive name)
Your move: Info is optional. Read it, and if it improves your code, great. If not, it won't break anything.
When to Ignore CodeHawk (And When Not To)
CodeHawk is not always right. Here are three scenarios where you might legitimately disagree.
Scenario 1: You Understand the Risk
CodeHawk flags a potential null pointer. You read the code and realize the null check happened three lines above, or the API contract guarantees a non-null return. You know what CodeHawk doesn't see.
What to do: Reply in the comment explaining why it's safe. This helps your team learn together and improves CodeHawk's understanding of your codebase patterns.
CodeHawk: "user might be null here"
You: "Good catch on the pattern, but we check !== null on line 8 — safe to dismiss here."
Scenario 2: It's a Deliberate Tradeoff
CodeHawk suggests breaking a function into two functions. You kept them together intentionally because they share state, or because you wanted one cohesive unit of logic.
What to do: Leave it. This is a design decision, not a bug.
Scenario 3: False Positive (Genuinely Wrong)
CodeHawk flags something that isn't possible given the code structure or your tech stack.
What to do: Reply, explain why it's wrong, and move on. These happen rarely; CodeHawk is usually right even when it feels wrong at first.
Three Questions to Ask Yourself
Before dismissing a CodeHawk comment, ask these three questions:
Do I understand what CodeHawk is flagging?
- If not, ask for clarification in the comment. CodeHawk will explain.
Is the risk real, even if unlikely?
- A null dereference might only happen in edge cases, but it's still a crash.
- A missing error handler might only fire if an external service fails, but it will fire.
Is the fix more expensive than the risk?
- Adding a null check (5 seconds) is cheap. Not adding it is expensive.
- Refactoring a function (20 minutes) might not be worth the style improvement unless it genuinely improves readability.
Common CodeHawk Flags Explained
Here are the patterns CodeHawk flags most often, and what they usually mean:
| Pattern | CodeHawk Flag | Usually Means | Action |
|---|---|---|---|
variable.property |
"variable might be null" | Real null-pointer risk | Fix: add null check |
try { } catch (e) { } with empty catch |
"Exception silently ignored" | You might hide bugs | Fix: log or handle the error |
| Unused variable | "Variable declared but never read" | Dead code or typo | Fix: remove or use it |
if (a == b) |
"Use === instead of ==" | Type coercion surprise waiting | Fix: switch to === |
| Function does A, B, and C | "Function has multiple responsibilities" | Harder to test and reason about | Optional: refactor |
db.query(userInput) |
"SQL injection risk" | Real security vulnerability | Fix: use parameterized query |
Building Intuition
The best way to understand CodeHawk is to engage with it. Over 10-20 PRs, you'll notice:
- Which CodeHawk warnings are relevant to your codebase
- Which patterns you care about vs. which are style
- How often CodeHawk catches something you would have missed
After that, CodeHawk becomes a trusted second opinion. Not a requirement, but a useful signal that something in your code might be worth a second look.
One Last Thing
CodeHawk will never flag a bug that only exists in your business logic. If you have a function that calculates a customer discount and it returns the wrong number, CodeHawk won't catch it—that's for your tests and your review. CodeHawk catches the mechanical bugs: the ones that crash, the ones that silently fail, the ones that create security holes.
Use CodeHawk for what it's good at. Use human review for everything else.
Then ship with confidence.