一键导入
check-rico-chat
Verify Rico Hunt chat flow. Inspect public chat session isolation, rate limits, authenticated chat routing, and public session prefixing.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Verify Rico Hunt chat flow. Inspect public chat session isolation, rate limits, authenticated chat routing, and public session prefixing.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | check-rico-chat |
| description | Verify Rico Hunt chat flow. Inspect public chat session isolation, rate limits, authenticated chat routing, and public session prefixing. |
| triggers | ["user","model"] |
| allowed-tools | ["read","grep","exec"] |
Verify Rico Hunt chat flow. This skill is read-only and does not send abusive traffic. It may call the local public chat endpoint with a synthetic session ID for a smoke check.
POST /api/v1/rico/chat/public) is rate-limited and unauthenticated.POST /api/v1/rico/chat with JWT cookie.session_id must be ≥ 8 characters (returns 422 otherwise).# Public vs authenticated routes
grep -n "chat/public\|def chat_public\|def chat" src/api/routers/rico_chat.py src/services/chat_service.py
# Public session prefixing
grep -n "public_\|anonymous\|session_id" src/api/routers/rico_chat.py src/services/chat_service.py
# Rate limiting
grep -n "rate_limit\|Limiter\|@limit" src/api/routers/rico_chat.py src/api/rate_limit.py
# Chat frontend entry
grep -n "sendChatPublic\|sendChat\|/api/v1/rico/chat" apps/web/lib/api.ts apps/web/app/command/page.tsx
If the backend is running on port 8000:
curl -X POST http://localhost:8000/api/v1/rico/chat/public \
-H "Content-Type: application/json" \
-d '{"message":"What jobs are available?","session_id":"smoke-session-001"}'
Expected: 200 OK with response_source: "fallback" when no AI keys are present.
src/api/routers/rico_chat.py — chat routessrc/services/chat_service.py — chat business logicapps/web/lib/api.ts — frontend API helperapps/web/app/command/page.tsx — public chat UIsession_id values (< 8 chars) in tests.Accessibility audit for Rico Hunt. Run contrast checks and review alt text, focus states, ARIA labels, and keyboard navigation in frontend code.
Read-only audit of Rico Hunt AI provider routing. Verify RICO_AI_PROVIDER env var, fallback chain, and provider health without calling live AI APIs.
Verify Rico Hunt authentication rules. Check JWT cookie usage, signup role enforcement, protected route isolation, and no request body user_id.
Read-only database health check for Rico Hunt. Verify DATABASE_URL connectivity, key tables, and row counts without exposing user data or mutating anything.
Verify Rico Hunt required environment variables are set without exposing values. Check backend, frontend, and admin/dev env vars.
Read-only verification of Rico Hunt job fetching and scoring. Inspect JSearch adapter, provider fallback, and scoring pipeline without calling live APIs.