Skip to content

Update constants.ts#60

Open
alexandersucala wants to merge 1 commit into
mainfrom
alexandersucala-patch-48
Open

Update constants.ts#60
alexandersucala wants to merge 1 commit into
mainfrom
alexandersucala-patch-48

Conversation

@alexandersucala

Copy link
Copy Markdown
Owner

What does this PR do?

  • Fixes #XXXX (GitHub issue number)
  • Fixes CAL-XXXX (Linear issue number - should be visible at the bottom of the GitHub issue description)

Visual Demo (For contributors especially)

A visual demonstration is strongly recommended, for both the original and new change (video / image - any one).

Video Demo (if applicable):

  • Show screen recordings of the issue or feature.
  • Demonstrate how to reproduce the issue, the behavior before and after the change.

Image Demo (if applicable):

  • Add side-by-side screenshots of the original and updated change.
  • Highlight any significant change(s).

Mandatory Tasks (DO NOT REMOVE)

  • I have self-reviewed the code (A decent size PR without self-review might be rejected).
  • I have updated the developer docs in /docs if this PR makes changes that would require a documentation change. If N/A, write N/A here and check the checkbox.
  • I confirm automated tests are in place that prove my fix is effective or that my feature works.

How should this be tested?

  • Are there environment variables that should be set?
  • What are the minimal test data to have?
  • What is expected (happy path) to have (input and output)?
  • Any other important info that could help to test that PR

Checklist

  • I haven't read the contributing guide
  • My code doesn't follow the style guidelines of this project
  • I haven't commented my code, particularly in hard-to-understand areas
  • I haven't checked if my changes generate no new warnings
  • My PR is too large (>500 lines or >10 files) and should be split into smaller PRs

@matrixreview

matrixreview Bot commented Mar 24, 2026

Copy link
Copy Markdown

🔴 MatrixReview — RED

🧩 = graph-proven (deterministic)  ·  🔎 = doc-backed  ·  💭 = AI suggestion  ·  📖 = doc citation  ·  📝 = PR location

Risk: 44 files in blast radius | 12 broken importers
Findings: 16 (13 graph-proven, 7 doc-backed, 2 AI suggestions)

🔴 SECURITY

  • 🧩 CRITICAL: 8 files with auth, crypto, data, input, network access depend on modified constants.ts

    Show affected files
  • 🧩 CRITICAL: Hardcoded secret in constants.ts: API_KEY = "c. Must use env vars.

    Show evidence

    Line 340 in constants.ts:

    export const INTERNAL_API_KEY = "calsk_internal_9x8w7v6u5t4s";
    

    Hardcoded hardcoded secret detected in packages/lib/constants.ts: API_KEY = "c...t4s". File touches security veins: ['auth', 'input', 'data', 'crypto']. Secrets must never be committed to source control.

  • 🔎 [SECURITY] Hardcoded internal API key exposed in source code. This violates security best practices by committing secrets to version control, which could allow unauthorized access to internal APIs.

    • Also flagged by: ARCHITECTURE, STYLE, ONBOARDING
      📖 AGENTS_security_section.md lines 24-25 📝 packages/lib/constants.ts line 340

🔴 ARCHITECTURE

🟢 LEGAL

✔ No issues found

🟡 STYLE

✔ No issues found

🟡 ONBOARDING

  • 💭 [CHORE] PR description contains placeholder text and incomplete sections. The 'What does this PR do?' section references generic issue numbers (#XXXX, CAL-XXXX) instead of actual issues, and the 'How shoul...

    Read more

    ...d this be tested?' section is empty.

  • 🔎 [CHORE] The PR checklist at the bottom of the description has all bullet points unchecked, indicating the contributor may not have completed the mandatory self-review or verified that automated tests are i...

    Read more

    ...n place.

    📖 *PULL_REQUEST_TEMPLATE_onboarding_section.md (v30) lines 1-7*

Powered by MatrixReview · Report incorrect finding

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant