← 返回
未分类 Key

AI Code Review

AI-powered service for pull request code reviews with optional voice note transcription, Discord alerts, and secure diff URL handling.
terrycarter1985
未分类 clawhub v1.1.0 100000 Key: 需要
★ 0
Stars
📥 293
下载
💾 0
安装

概述

ai-code-review

AI-powered code review service with voice transcription, Discord notifications, and ClawHub integration.

Triggers

  • "code review", "review code", "PR review"
  • "transcribe voice note", "voice review"
  • "publish skill", "skill publish"

Usage

Review a pull request

python src/code_review_service.py <pr_number> <diff_url> [voice_note_path]

Environment variables

VariableRequiredDescription
---------
OPENAI_API_KEYYesOpenAI API key for Whisper transcription
DISCORD_WEBHOOK_URLNoDiscord webhook for review notifications
VOICE_NOTE_BASE_DIRNoBase directory for voice note files (default: /tmp/voice_notes)
ALLOW_INTERNAL_DIFF_URLSNoSet to allow internal-network diff URLs (security override)

Security

  • Diff URLs are validated against SSRF (scheme + hostname checks)
  • Voice note paths are sandboxed to VOICE_NOTE_BASE_DIR
  • Discord notification content is escaped to prevent injection
  • All HTTP requests enforce a 30-second timeout

Changelog

1.1.0 (2026-05-07)

  • Fixed SSRF vulnerability in diff URL fetching
  • Fixed path traversal risk in voice note transcription
  • Added Discord content escaping to prevent injection
  • Added request timeouts (30s) to all HTTP calls
  • Fixed analyze_code_changes returning hardcoded "approved" — now returns "pending_manual_review"
  • Added proper error handling for diff fetch and voice transcription
  • Added structured logging throughout the service
  • Improved __main__ with CLI arg parsing and error handling
  • Optimized health check script compatibility (works in chroot/container environments)

版本历史

共 1 个版本

  • v1.1.0 当前
    2026-05-08 13:43 安全 安全

安全检测

暂无安全检测报告