Review a PR for thread-safe request handling
Company: J.P. Morgan
Role: Software Engineer
Category: Software Engineering Fundamentals
Difficulty: medium
Interview Round: Technical Screen
## PR review / debugging prompt (backend)
You are reviewing a pull request that introduces a `CustomerRequest` class used by a web service to build and send an **external HTTP request** to a downstream system.
The PR has these characteristics:
- `CustomerRequest` contains **many fields** (customer identifiers, metadata, optional attributes), most of them **mutable**.
- The class is used in a **multi-threaded** context (e.g., requests may be processed concurrently; some instances may be shared via caches/singletons by mistake).
- The implementation uses **low-level concurrency primitives**, including at least one `volatile` field to coordinate state (e.g., a lazily initialized token / header map / serialized payload).
- The class also triggers or prepares an **external request** (e.g., constructs an HTTP payload, may call a downstream dependency).
### Task
1. List the **main issues/risks** you would call out in the PR (correctness, thread-safety, maintainability, performance, testability, reliability).
2. Propose a **cleaner design** for this request building + external call flow.
3. Describe what you would ask the author to change, including:
- safer concurrency patterns (what to avoid, what to use instead)
- API/OO design improvements (immutability, validation, builders, separation of concerns)
- reliability requirements for the external call (timeouts, retries, idempotency, circuit breaking)
- how you would test it (unit/integration/concurrency tests)
Assume Java/Kotlin/C#-style server-side development, but keep the answer language-agnostic where possible.
Quick Answer: This question evaluates understanding of thread-safety and concurrent programming, safe object and API design (immutability versus shared mutable state), and reliability concerns involved in constructing and issuing external HTTP requests.