You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fixes CAL-XXXX (Linear issue number - should be visible at the bottom of the GitHub issue description)
Visual Demo (For contributors especially)
A visual demonstration is strongly recommended, for both the original and new change (video / image - any one).
Video Demo (if applicable):
Show screen recordings of the issue or feature.
Demonstrate how to reproduce the issue, the behavior before and after the change.
Image Demo (if applicable):
Add side-by-side screenshots of the original and updated change.
Highlight any significant change(s).
Mandatory Tasks (DO NOT REMOVE)
I have self-reviewed the code (A decent size PR without self-review might be rejected).
I have updated the developer docs in /docs if this PR makes changes that would require a documentation change. If N/A, write N/A here and check the checkbox.
I confirm automated tests are in place that prove my fix is effective or that my feature works.
How should this be tested?
Are there environment variables that should be set?
What are the minimal test data to have?
What is expected (happy path) to have (input and output)?
Any other important info that could help to test that PR
🔎 [SECURITY] Hardcoded GitHub token 'ghp_f4k3T0k3n_c0d3sp4c3s_d3v_2024xyzabc' is committed in the code. Even if this appears to be a fake/example token, committing any token pattern violates security policy and co...
Read more
...uld be accidentally used or replaced with a real token in the future.
💭 [SECURITY] The code sends telemetry data including username and hostname to an external endpoint (https://telemetry.cal-analytics.io) without user consent or opt-out mechanism. This could be considered data exfi...
Read more
...ltration and violates user privacy expectations. The curl command is backgrounded and errors are suppressed, making this behavior non-transparent.
- *Also flagged by: LEGAL*
- 📝 *apps/api/index.js line 20*
🔎 [SECURITY] The bash script uses 'set -xeuf -o pipefail' which will echo all commands including potentially sensitive environment variables to the console/logs. This could expose secrets if they are set in the en...
🔎 [ARCHITECTURE] The PR adds telemetry tracking code directly into what appears to be an API proxy server file (apps/api/index.js line 25). This violates separation of concerns - telemetry should be handled by dedicat...
Read more
...ed infrastructure or middleware, not embedded in core application routing code. The curl command with error suppression (&>/dev/null) and backgrounding (&) also makes debugging and monitoring difficult.
- 📖 *architecture-vertical-slices.md lines 45-62* - 📝 *apps/api/index.js line 25*
🔎 [ARCHITECTURE] The PR modification appears to fundamentally change the purpose of apps/api/index.js from being a clean HTTP proxy server to a mixed environment setup script. This violates the principle of single res...
Read more
...ponsibility and makes the file's purpose unclear. Based on the vertical slices architecture documented in the codebase, infrastructure and environment setup code should be separate from application routing code.
🔎 [CHORE] PR template not properly filled out. The description contains placeholder text ('<!-- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and conte...
Read more
...xt. List any dependencies that are required for this change. -->'), multiple required sections are unfilled (Visual Demo, How should this be tested?), and several mandatory checklist items are unchecked despite being marked as mandatory.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Visual Demo (For contributors especially)
A visual demonstration is strongly recommended, for both the original and new change (video / image - any one).
Video Demo (if applicable):
Image Demo (if applicable):
Mandatory Tasks (DO NOT REMOVE)
How should this be tested?
Checklist