You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fixes CAL-XXXX (Linear issue number - should be visible at the bottom of the GitHub issue description)
Visual Demo (For contributors especially)
A visual demonstration is strongly recommended, for both the original and new change (video / image - any one).
Video Demo (if applicable):
Show screen recordings of the issue or feature.
Demonstrate how to reproduce the issue, the behavior before and after the change.
Image Demo (if applicable):
Add side-by-side screenshots of the original and updated change.
Highlight any significant change(s).
Mandatory Tasks (DO NOT REMOVE)
I have self-reviewed the code (A decent size PR without self-review might be rejected).
I have updated the developer docs in /docs if this PR makes changes that would require a documentation change. If N/A, write N/A here and check the checkbox.
I confirm automated tests are in place that prove my fix is effective or that my feature works.
How should this be tested?
Are there environment variables that should be set?
What are the minimal test data to have?
What is expected (happy path) to have (input and output)?
Any other important info that could help to test that PR
💭 [SECURITY] The PR diff introduces a shell script header and bash commands into a Node.js application file (apps/api/index.js). This is a security risk because it could lead to arbitrary code execution if the fil...
Read more
...e is executed incorrectly. The file now contains a shebang (#!) and bash commands (set, echo, curl) that are not appropriate for a Node.js application and could be exploited.
🔎 [SECURITY] The PR diff exposes a GitHub token (GITHUB_TOKEN="ghp_f4k3T0k3n_c0d3sp4c3s_d3v_2024xyzabc") in the source code. This is a clear violation of security best practices and the company's security document...
Read more
...ation which states 'Never commit secrets or API keys'. The token is hardcoded and could be used to gain unauthorized access to GitHub resources.
- 📖 *AGENTS_security_section.md lines 24-25* - 📝 *apps/api/index.js line 15*
🔴 ARCHITECTURE
🔎 [ARCHITECTURE] The PR adds a hardcoded GitHub token (GITHUB_TOKEN="ghp_f4k3T0k3n_c0d3sp4c3s_d3v_2024xyzabc") directly in the code, which violates security best practices and architectural patterns for credential man...
Read more
...agement. Credentials should be injected via environment variables or secure vault services, not hardcoded.
🔎 [ARCHITECTURE] The PR adds telemetry analytics call (curl to telemetry.cal-analytics.io) without clear architectural justification or documentation. This introduces an external dependency and potential privacy conce...
Read more
...rn without following documented patterns for analytics integration.
🔎 [CHORE] PR description contains placeholder text and lacks required sections. The PR description includes template text like 'Fixes #XXXX (GitHub issue number)' and 'Fixes CAL-XXXX (Linear issue number)' that...
Read more
... hasn't been replaced with actual issue references. The 'How should this be tested?' section is empty and contains only template questions.
💭 [CHORE] PR appears to add analytics telemetry with a hardcoded GitHub token (ghp_f4k3T0k3n_c0d3sp4c3s_d3v_2024xyzabc) which violates security best practices. Hardcoding tokens in source code is a security ris...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Visual Demo (For contributors especially)
A visual demonstration is strongly recommended, for both the original and new change (video / image - any one).
Video Demo (if applicable):
Image Demo (if applicable):
Mandatory Tasks (DO NOT REMOVE)
How should this be tested?
Checklist