Start with the business change
A review should first answer whether the code implements the intended behaviour safely. Reviewers need the user story, edge cases and rollback plan, not only the pull request.
Bulk safety is non-negotiable
Apex must be reviewed against governor limits, data volume and mixed automation. One-record tests are not enough. We look for collection-based logic, selective queries, clear transaction boundaries and predictable error handling.
Tests should explain the rules
Good tests document business behaviour. They include positive paths, failure paths, permissions, data setup and edge cases that previously broke production. Coverage is an outcome, not the goal.
Review operations, not just code
A release is not done until support can operate it. Logs, user-facing errors, feature toggles, retry paths and monitoring should be visible before production, especially for integrations and revenue workflows.
Bring the hard part to a senior Salesforce engineering team.