msw
c80b45417f
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Has been cancelled
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Has been cancelled
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Has been cancelled
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Has been cancelled
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
1.6 KiB
1.6 KiB
code_review.md
Review priorities, in order:
- Correctness
- Security regressions
- Boot/build reproducibility
- Data loss risk
- Error handling
- Test coverage
- Maintainability
- Minimality of diff
- Style consistency
Finding classes:
- BLOCKER: proven correctness bug, security regression, build break, boot break, or data loss risk that must be fixed before merge
- RISK: plausible issue or security concern that is not fully proven from the available context
- CLEANUP: maintainability, readability, or consistency improvement that is not required for correctness
- NOTE: observation only; no change requested
Review output format:
- List findings first, ordered by severity.
- Cite file paths and line numbers where possible.
- For each finding, explain the concrete impact, and the smallest reasonable fix.
- Separate observations, inferences, and recommendations.
- After findings, list missing checks or residual risks.
- If there are no findings, say so explicitly and still mention relevant test gaps.
Do not nitpick formatting if automated tooling exists. Do not invent requirements not present in the task, repository, or documentation.
Security-sensitive review checklist:
- boot trust
- initramfs behavior
- cryptsetup/LUKS handling
- encrypted SquashFS handling
- key material
- remotely unlock
- TLS/mTLS verification
- signature/hash verification
- network exposure
- file permissions
- persistence
- logging of sensitive values
no tracking | no logging | no advertising | no profiling | no bullshit