원클릭으로
pr-review
Use this skill to review pull requests for VoxBento. Covers correctness, security, architecture compliance, and testing.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Use this skill to review pull requests for VoxBento. Covers correctness, security, architecture compliance, and testing.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Use this skill to evaluate proposed architecture changes against VoxBento's design principles.
Use this skill to find files, understand module ownership, and locate code in VoxBento.
Use this skill to analyse, audit, or modify HTTP and WebSocket routes in VoxBento. All routes live in `portal/routers/`.
Use this skill for security reviews of VoxBento code. Covers OWASP Top 10 and VoxBento-specific threat model.
Use this skill for tasks involving transcription providers, caption streaming, or the audio pipeline. Reference: `portal/transcription/`, [TRANSCRIPTION_MAP.md](../../context/TRANSCRIPTION_MAP.md).
Use this skill to analyse, audit, or modify database models, migrations, and CRUD helpers. Reference: `portal/models.py`, `portal/database.py`, `alembic/versions/`.
| name | pr-review |
| description | Use this skill to review pull requests for VoxBento. Covers correctness, security, architecture compliance, and testing. |
Use this skill to review pull requests for VoxBento. Covers correctness, security, architecture compliance, and testing.
<script> blocks.AudioContext.destination for interpreter mic audio.from __future__ import annotations at top of every new/modified Python file.portal.* imports (not relative imports or new top-level modules).uv.lock only changed if uv sync --python 3.13 --dev was run.safe_redirect() — no raw RedirectResponse(url=user_input).next_url / next query params validated before use.dependencies=[Depends(require_admin)].portal.crypto.encrypt_val; never stored plaintext.settings.effective_jwt_secret; no hardcoded secrets.portal/models.py have a corresponding Alembic migration.batch_alter_table for column operations on SQLite (see migration 008 as reference).mediamtx_path use joinedload(DBBooth.event).async with get_session() as session: pattern.HTTPException with appropriate status codes.safe_redirect)._require_access(credentials, token) if applicable.fastapi_app.py ws_booth loop.session.granted_role used, not data['role'].Booth.as_public_dict() fields are intentional (broadcast to all clients).TranscriptionProvider ABC.PROVIDERS dict in worker.py.ProviderEnum and ALLOWED_MODELS.CancelledError and cleans up ffmpeg process.node --check static/js/*.js passes.AudioContext.destination for mic audio.portal.dataset.* — not hardcoded.anyio + pytest.mark.anyio fixture (see conftest.py).configure('sqlite+aiosqlite:///:memory:') + init_db().uv run pytest tests/ -v passes.README.md updated if user-facing behavior changed.ARCHITECTURE.md updated if system design changed..github/.agents/context/ updated.agents.md updated if invariants changed.| Pattern | Risk | Action |
|---|---|---|
RedirectResponse(url=request.query_params['next']) | Open redirect | Replace with safe_redirect |
role = data.get('role') in WS handler | Role injection | Use session.granted_role |
session.execute(f"... {user_input} ...") | SQL injection | Use parameterized queries |
event.openai_api_key = openai_key (plaintext) | API key exposure | Use encrypt_val |
logger.info(f"Key: {api_key}") | Secret leakage | Remove log line |
| New npm/yarn/vite config | Violates no-build constraint | Remove |
New <script> tag in template | Inline script | Move to ES module file |
uv sync --python 3.13 --dev
uv run pytest tests/ -v
node --check static/js/interpreter-booth.js
node --check static/js/whep-listener.js
uv run alembic upgrade head # if migration added