msw
98c14bd008
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Has been cancelled
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
3.7 KiB
3.7 KiB
code_review.md
Use this file for explicit review tasks and final self-review after implementation. Do not treat it as a mandate for an unlimited audit unless the user asks for one.
Review priorities
Review findings in this order:
- Correctness
- Security regressions
- Data loss risk
- Boot-chain integrity
- Reproducibility and deterministic behavior
- Error handling and cleanup
- Test or validation coverage
- Maintainability
- Minimality of diff
- Style consistency
Finding classes
BLOCKER: proven correctness bug, security regression, installer break, boot break, or data loss risk that must be fixed before merge.RISK: plausible issue or security concern that is not fully proven from the available context.CLEANUP: maintainability, readability, or consistency improvement that is not required for correctness.NOTE: observation only; no change requested.
Review output format
List findings first, ordered by severity.
For each finding include:
- class
- file path and line number where possible
- observation
- concrete impact
- smallest reasonable fix
Then include:
- missing checks or validation gaps
- residual risks
- concise final recommendation
If there are no findings, say so explicitly and still mention relevant validation gaps.
Scope control
- Review the requested change, touched files, and directly affected code paths.
- Do not expand a small implementation task into a broad repository audit.
- Do not nitpick formatting when automated tooling exists.
- Do not invent requirements not present in the task, repository, or documentation.
- Do not request a full installer run, debootstrap run, destructive disk test, or network-heavy validation unless the changed path cannot be checked responsibly any other way.
- Prefer a small actionable finding over a broad speculative warning.
- Separate observation, inference, and recommendation when the evidence is incomplete.
Installer-specific security checklist
Check whether the change affects:
- destructive disk operations, disk selection, partition table wiping, or formatting
- partition boundaries, GPT/MBR type codes, bootable flags, or firmware mode selection
- cryptsetup/LUKS2 parameters, passphrases, key files, key slots, LUKS UUIDs, header backups, or nuke behavior
- Btrfs filesystem creation, subvolumes, snapshots, labels, compression, or mount options
/etc/fstab,/etc/crypttab, UUIDs, PARTUUIDs, mapper names, or initramfs flags- initramfs-tools hooks, scripts, included binaries, early boot paths, or update-initramfs behavior
- Dropbear initramfs remote unlock, forced commands, host keys, firewalling, unlock-wrapper signatures, or hashes
- GRUB package selection, GRUB modules, encrypted
/boot, UEFI fallback paths, BIOS install paths, or NVRAM behavior - chroot command construction,
env -isanitization, target mount handling, or host/target path separation - APT source generation, package authentication, Debian suite selection, signature verification, or hash verification
- remote downloads, TLS settings, bundled source archives, provenance, or checksum files
- key material, SSH keys, PGP keys, SOPS/AGE values, passphrase files, or secret cleanup
- logging, debug traces, trap output, and accidental disclosure of sensitive values
- file permissions, ownership, sudo policy, PAM, SSH policy, UFW, fail2ban, sysctl, modprobe, or hardening files
- recovery target behavior and consistency with the primary target
- reproducibility, deterministic ordering, and generated file stability
- direct or indirect data loss risk
no tracking | no logging | no advertising | no profiling | no bullshit