Input: Pull request comments or review document

Extracted:
- Comment 1: "Add error handling for null user" (blocker)
- Comment 2: "Consider extracting this to a helper" (suggestion)
- Comment 3: "Typo in variable name" (nit)
- Comment 4: "Why did you choose approach X?" (question)

Todo List Created:
☐ Add null check for user object (blocker)
☐ Extract validation logic to helper function (suggestion)
☐ Fix variable name typo (nit)
☐ Document rationale for approach X (question)

✓ Add null check for user object
  - Added guard clause at function entry
  - Tests passing

⚙ Extract validation logic to helper function
  - Creating validateUserInput() helper
  - Moving logic from 3 call sites

All tasks completed ✓
Tests passing ✓

Response to reviewer:
- Added null handling as requested
- Extracted validation to shared helper
- Fixed typo in userName variable
- Added comment explaining why we use approach X for performance

I received review feedback on PR #123. Here are the comments:
[paste reviewer comments]

Please create tasks and implement the changes systematically.

Continue implementing review feedback. Next task is extracting
the validation logic to a helper function.

Have we addressed all the reviewer's comments? Show me what's
left and confirm tests are passing.

☐ Task 1 - pending
⚙ Task 2 - in_progress  ← Currently working
☐ Task 3 - pending

⚙ Task 2 - in_progress
  └→ make changes
  └→ run tests
  └→ verify intent addressed
✓ Task 2 - completed

⚙ Task 3 - in_progress  ← Move to next

"This will cause a null pointer exception in production"
"Security: User input isn't sanitized"
"Breaking change: This breaks backward compatibility"

"Consider extracting this to reduce duplication"
"This could be simplified with a map instead of loops"
"Performance: N+1 query here, use join instead"

"Typo: 'recieve' should be 'receive'"
"Inconsistent indentation"
"Variable name could be more descriptive"

"Why did you choose this approach over X?"
"Is this handling the edge case where Y?"
"Can you explain this logic?"

Status Update:
✓ Completed: 3 tasks
⚙ In Progress: "Extract validation to helper"
☐ Pending: 2 tasks

Task Completed: "Add null check for user object"
- Added guard clause: if (!user) throw new Error(...)
- Tests passing: UserService.test.ts (all green)
- Next: Extract validation logic

Reviewer: "The authentication logic has several issues:
1. No error handling for expired tokens
2. Password validation is too weak
3. Consider rate limiting login attempts
4. Why store tokens in localStorage vs. httpOnly cookies?"

Created 4 tasks:
☐ Add error handling for expired JWT tokens (blocker)
☐ Strengthen password validation rules (blocker)
☐ Implement rate limiting for login endpoint (suggestion)
☐ Document token storage decision (question)

⚙ Implementing: "Add error handling for expired tokens"
  - Added try/catch for jwt.verify()
  - Return 401 with clear error message
  - Added test case for expired token scenario
  - Tests passing ✓
✓ Completed

⚙ Implementing: "Strengthen password validation"
  - Updated to require 12+ chars, mixed case, number, special
  - Added validation feedback messages
  - Updated tests
  - Tests passing ✓
✓ Completed

[continues through all tasks...]

All tasks completed ✓
Tests passing (47/47) ✓
Changes ready for re-review ✓

Response to reviewer:
- Added comprehensive error handling for JWTs
- Strengthened password requirements to industry standard
- Implemented rate limiting with 5 attempts per 15 min window
- Added comment explaining localStorage vs cookies decision
  (mobile app requirements, documented in ADR-003)