بنقرة واحدة
review
Instructions for reviewing Rust and Python code changes, ensuring quality, security, and correctness.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Instructions for reviewing Rust and Python code changes, ensuring quality, security, and correctness.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Instructions for building the VAK project including Rust, WASM skills, and Python bindings.
WASM skill providing basic arithmetic operations for VAK agents.
WASM skill providing cryptographic hashing operations for VAK agents.
WASM skill providing JSON validation and manipulation for VAK agents.
WASM skill providing pattern matching operations for VAK agents.
Instructions for releasing and publishing the VAK project to crates.io and PyPI.
| name | review |
| description | Instructions for reviewing Rust and Python code changes, ensuring quality, security, and correctness. |
This skill provides a comprehensive checklist and guidelines for reviewing code changes in the VAK project.
///)? Do examples work?Result used? Are errors descriptive?clone(). Proper use of lifetimes.unsafe justified and documented with // SAFETY:? (SEC-003)async fn. Correct use of tokio.cargo clippy pass without warnings?cargo fmt?unwrap(), expect(), or panic!() in production code.async/await and asyncio.ruff format?VAK follows a layered architecture with strict boundaries:
┌─────────────────────────────────────────────────────────────┐
│ Agent Layer │
└─────────────────────────────────────────────────────────────┘
│
┌─────────────────────────▼───────────────────────────────────┐
│ VAK Kernel (src/) │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ Policy │ │ Audit │ │ Memory │ │
│ │ Engine │ │ Logger │ │ Manager │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ WASM │ │ Reasoner │ │ Swarm │ │
│ │ Sandbox │ │ (NSR) │ │ Protocol │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ │
└─────────────────────────────────────────────────────────────┘
| Module | Path | Key Responsibilities |
|---|---|---|
| Policy | src/policy/ | Cedar enforcement, hot-reload, context injection |
| Audit | src/audit/ | Flight recorder, OpenTelemetry, GraphQL API |
| Memory | src/memory/ | Merkle DAG, time travel, content-addressable store |
| Sandbox | src/sandbox/ | WASM runtime, epoch ticker, pooling allocator |
| Reasoner | src/reasoner/ | Datalog, PRM, constrained decoding, prompt injection |
| Swarm | src/swarm/ | A2A protocol, consensus, voting |
| Kernel | src/kernel/ | Core orchestration, rate limiter, custom handlers |
// Good: Uses Result, borrows instead of taking ownership
pub fn process_data(data: &[u8]) -> Result<ProcessedData, ProcessError> {
if data.is_empty() {
return Err(ProcessError::EmptyInput);
}
// ...
}
// Bad: Takes ownership unnecessarily, panics on error
pub fn process_data(data: Vec<u8>) -> ProcessedData {
if data.is_empty() {
panic!("Empty input!"); // Never do this!
}
// ...
}
// Good: Uses policy enforcement
async fn execute_tool(&self, request: ToolRequest) -> Result<ToolResult, KernelError> {
// Check policy BEFORE execution
self.policy_engine.authorize(&request.principal, &request.action, &request.resource)?;
// Log to audit trail
self.audit_log.record(AuditEntry::ToolExecution {
agent_id: request.agent_id,
tool: request.tool_name,
timestamp: Utc::now(),
})?;
// Execute in sandbox
self.sandbox.execute(request).await
}
// Good: Uses panic boundary wrapper
pub fn register_host_function(linker: &mut Linker<HostState>) {
linker.func_wrap("env", "my_function", |caller: Caller<'_, HostState>, arg: i32| {
with_panic_boundary(|| {
// Safe code here
with_safe_policy_check(caller, || {
// Policy-checked operation
Ok(arg * 2)
})
})
});
}
Cargo.toml / pyproject.toml for new dependencies.cargo audit to check for known vulnerabilities.cargo deny check licenses for license compliance.Before approving, verify CI passes:
cargo check --workspacecargo testcargo clippy --all-targets --all-featurescargo fmt --all -- --checkcargo audit (if dependencies changed)cargo deny check (if dependencies changed)