| name | pr-review |
| description | Use this skill to review pull requests for VoxBento. Covers correctness, security, architecture compliance, and testing. |
Skill: PR Review
Use this skill to review pull requests for VoxBento.
Covers correctness, security, architecture compliance, and testing.
PR Review Checklist
1. Invariant Compliance
2. Auth & Security
3. Database Changes
4. Route Changes
5. WebSocket Protocol
6. Transcription Changes
7. Frontend Changes
8. Tests
9. Documentation
High-Risk Patterns to Flag
| Pattern | Risk | Action |
|---|
RedirectResponse(url=request.query_params['next']) | Open redirect | Replace with safe_redirect |
role = data.get('role') in WS handler | Role injection | Use session.granted_role |
session.execute(f"... {user_input} ...") | SQL injection | Use parameterized queries |
event.openai_api_key = openai_key (plaintext) | API key exposure | Use encrypt_val |
logger.info(f"Key: {api_key}") | Secret leakage | Remove log line |
| New npm/yarn/vite config | Violates no-build constraint | Remove |
New <script> tag in template | Inline script | Move to ES module file |
Running Validation Locally
uv sync --python 3.13 --dev
uv run pytest tests/ -v
node --check static/js/interpreter-booth.js
node --check static/js/whep-listener.js
uv run alembic upgrade head