@octavio.bot/review 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.mjs +1 -0
- package/package.json +4 -3
- package/prompts/code-review.md +25 -0
- package/prompts/security-review.md +39 -0
- package/prompts/styling-review.md +27 -0
package/dist/index.mjs
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@octavio.bot/review",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.2",
|
|
4
4
|
"private": false,
|
|
5
5
|
"description": "CLI for OpenCode-powered pull request review checks",
|
|
6
6
|
"homepage": "https://github.com/rustydotwtf/octavio.bot/tree/main/apps/review-bot-cli",
|
|
@@ -16,14 +16,15 @@
|
|
|
16
16
|
"octavio-review": "./dist/index.mjs"
|
|
17
17
|
},
|
|
18
18
|
"files": [
|
|
19
|
-
"dist"
|
|
19
|
+
"dist",
|
|
20
|
+
"prompts"
|
|
20
21
|
],
|
|
21
22
|
"type": "module",
|
|
22
23
|
"publishConfig": {
|
|
23
24
|
"access": "public"
|
|
24
25
|
},
|
|
25
26
|
"scripts": {
|
|
26
|
-
"build": "bun build ./src/index.ts --outfile ./dist/index.mjs --target bun",
|
|
27
|
+
"build": "bun build ./src/index.ts --outfile ./dist/index.mjs --target bun --banner '#!/usr/bin/env bun' && chmod +x ./dist/index.mjs && rm -rf ./prompts && mkdir -p ./prompts && cp ../../packages/prompts/prompts/*.md ./prompts/",
|
|
27
28
|
"prepack": "bun run build"
|
|
28
29
|
},
|
|
29
30
|
"dependencies": {
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
---
|
|
2
|
+
policy:
|
|
3
|
+
fail_on:
|
|
4
|
+
- "new:critical"
|
|
5
|
+
- "new:high"
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Code Review Instructions
|
|
9
|
+
|
|
10
|
+
Review this pull request with a focus on correctness, security, and maintainability.
|
|
11
|
+
|
|
12
|
+
Prioritize findings that are:
|
|
13
|
+
|
|
14
|
+
1. likely bugs or regressions,
|
|
15
|
+
2. security-sensitive,
|
|
16
|
+
3. likely to cause production issues,
|
|
17
|
+
4. expensive to maintain later.
|
|
18
|
+
|
|
19
|
+
Only report findings that can be tied to a changed file and line number.
|
|
20
|
+
|
|
21
|
+
When suggesting comments, be concise and include:
|
|
22
|
+
|
|
23
|
+
- what is wrong,
|
|
24
|
+
- why it matters,
|
|
25
|
+
- what to change.
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
---
|
|
2
|
+
policy:
|
|
3
|
+
fail_on:
|
|
4
|
+
- "new:critical"
|
|
5
|
+
- "new:high"
|
|
6
|
+
- "new:medium"
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# Security Review Instructions
|
|
10
|
+
|
|
11
|
+
Review this pull request with a focus on exploitable security risk, misuse of sensitive data, and unsafe defaults.
|
|
12
|
+
|
|
13
|
+
Prioritize findings that are:
|
|
14
|
+
|
|
15
|
+
1. externally exploitable or privilege escalating,
|
|
16
|
+
2. likely to leak secrets, tokens, PII, or internal metadata,
|
|
17
|
+
3. likely to expose identifying or environment-specific traces that can deanonymize contributors,
|
|
18
|
+
4. missing validation, authorization, or integrity checks,
|
|
19
|
+
5. introducing insecure cryptography, transport, or storage patterns,
|
|
20
|
+
6. mismatches between PR title/description claims and changed code that could hide risky behavior.
|
|
21
|
+
|
|
22
|
+
Treat threat-model relevance as required context: report issues that materially increase risk in this repository's runtime paths.
|
|
23
|
+
|
|
24
|
+
Avoid speculative findings without a concrete abuse path tied to changed code.
|
|
25
|
+
|
|
26
|
+
Treat deceptive PR metadata as a security signal when it materially reduces reviewer ability to detect risky changes.
|
|
27
|
+
|
|
28
|
+
When a finding is about PR metadata itself, use:
|
|
29
|
+
|
|
30
|
+
- `path: "PR_TITLE"`, `line: 1` for title issues.
|
|
31
|
+
- `path: "PR_DESCRIPTION"`, `line: 1` for description issues.
|
|
32
|
+
|
|
33
|
+
Only report findings that can be tied to a changed file and line number, or to PR metadata locations above.
|
|
34
|
+
|
|
35
|
+
When suggesting comments, be concise and include:
|
|
36
|
+
|
|
37
|
+
- what the security issue is and how it can be abused,
|
|
38
|
+
- why the risk matters in practical terms,
|
|
39
|
+
- what concrete mitigation should be applied.
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
---
|
|
2
|
+
policy:
|
|
3
|
+
fail_on:
|
|
4
|
+
- "new:critical"
|
|
5
|
+
- "new:high"
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Styling Review Instructions
|
|
9
|
+
|
|
10
|
+
Review this pull request with a focus on style consistency, readability, and maintainability.
|
|
11
|
+
|
|
12
|
+
Prioritize findings that are:
|
|
13
|
+
|
|
14
|
+
1. inconsistent with existing project conventions,
|
|
15
|
+
2. likely to make code harder to read or maintain,
|
|
16
|
+
3. likely to increase review friction in future changes,
|
|
17
|
+
4. clear opportunities for simpler or clearer structure.
|
|
18
|
+
|
|
19
|
+
Avoid purely subjective preferences unless they conflict with an existing convention in this repository.
|
|
20
|
+
|
|
21
|
+
Only report findings that can be tied to a changed file and line number.
|
|
22
|
+
|
|
23
|
+
When suggesting comments, be concise and include:
|
|
24
|
+
|
|
25
|
+
- what is inconsistent or unclear,
|
|
26
|
+
- why it matters for maintainability,
|
|
27
|
+
- what concrete change would align with project style.
|