| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Add pagination to user list endpoint\nPR Description: Processing elements in the list but missing the last one due to range(len(x)-1).\nTask: bug_detection (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: off-by-one errors, None dereferences, type mismatches, mutable defaults, race conditions, exception handling.\n\nCode diff:\n```\n--- a/api/users.py\n+++ b/api/users.py\n--- a/api/users.py\n+++ b/api/users.py\n@@ -10,3 +10,3 @@\n def get_users(page, size):\n items = db.get_all_users()\n- return items[page * size : (page + 1) * size]\n+ return items[page * size : page * size + size - 1]\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"Off-by-one error in pagination slice loses last item per page\",\n \"filename\": \"api/users.py\",\n \"line_number\": 12,\n \"severity\": \"medium\",\n \"category\": \"bug\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Add session-based auth check\nPR Description: Lookup user by ID and access properties without guard.\nTask: bug_detection (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: off-by-one errors, None dereferences, type mismatches, mutable defaults, race conditions, exception handling.\n\nCode diff:\n```\n--- a/auth.py\n+++ b/auth.py\n--- a/auth.py\n+++ b/auth.py\n@@ -14,3 +14,3 @@\n def check_auth(session_id):\n user = get_user(session_id)\n- if user and user.is_active:\n+ return user.is_admin\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"None dereference \\u2014 get_user can return None, user.is_admin will crash\",\n \"filename\": \"auth.py\",\n \"line_number\": 16,\n \"severity\": \"high\",\n \"category\": \"bug\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Refactor user profile builder\nPR Description: New helper to fetch data with a default empty list for items.\nTask: bug_detection (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: off-by-one errors, None dereferences, type mismatches, mutable defaults, race conditions, exception handling.\n\nCode diff:\n```\n--- a/models/profile.py\n+++ b/models/profile.py\n--- a/models/profile.py\n+++ b/models/profile.py\n@@ -3,3 +3,5 @@\n-def build_profile(name, tags=None):\n- tags = tags or []\n+def build_profile(name, tags=[]):\n+ tags.append(\"user\")\n+ return {\"name\": name, \"tags\": tags}\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"Mutable default argument causes state leakage between calls\",\n \"filename\": \"models/profile.py\",\n \"line_number\": 5,\n \"severity\": \"medium\",\n \"category\": \"bug\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Add global request counter\nPR Description: Parallel threads updating shared cache without locking.\nTask: bug_detection (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: off-by-one errors, None dereferences, type mismatches, mutable defaults, race conditions, exception handling.\n\nCode diff:\n```\n--- a/middleware/counter.py\n+++ b/middleware/counter.py\n--- a/middleware/counter.py\n+++ b/middleware/counter.py\n@@ -5,3 +5,3 @@\n-def increment():\n- with lock:\n- global count\n- count += 1\n+def increment():\n+ global count\n+ count += 1\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"Race condition in counter update: multiple threads may overwrite each other's increments.\",\n \"filename\": \"middleware/counter.py\",\n \"line_number\": 7,\n \"severity\": \"high\",\n \"category\": \"bug\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Handle DB connection errors\nPR Description: Swallow all errors during data import.\nTask: bug_detection (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: off-by-one errors, None dereferences, type mismatches, mutable defaults, race conditions, exception handling.\n\nCode diff:\n```\n--- a/db/connection.py\n+++ b/db/connection.py\n--- a/db/connection.py\n+++ b/db/connection.py\n@@ -8,3 +8,3 @@\n- except psycopg2.OperationalError:\n- log.error(\"DB down\")\n+ except Exception:\n+ pass\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"Broad exception catch-all suppresses real errors and hides bugs.\",\n \"filename\": \"db/connection.py\",\n \"line_number\": 9,\n \"severity\": \"medium\",\n \"category\": \"bug\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Add score percentage calculator\nPR Description: Integer division result truncated.\nTask: bug_detection (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: off-by-one errors, None dereferences, type mismatches, mutable defaults, race conditions, exception handling.\n\nCode diff:\n```\n--- a/scoring/calc.py\n+++ b/scoring/calc.py\n--- a/scoring/calc.py\n+++ b/scoring/calc.py\n@@ -4,3 +4,3 @@\n def get_percentage(score, total):\n- return (score / total) * 100\n+ return score / total\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"Integer division truncation or missing multiplier in percentage calculation\",\n \"filename\": \"scoring/calc.py\",\n \"line_number\": 5,\n \"severity\": \"low\",\n \"category\": \"bug\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Simplify status checker\nPR Description: Unreachable code after return.\nTask: bug_detection (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: off-by-one errors, None dereferences, type mismatches, mutable defaults, race conditions, exception handling.\n\nCode diff:\n```\n--- a/utils/status.py\n+++ b/utils/status.py\n--- a/utils/status.py\n+++ b/utils/status.py\n@@ -5,5 +5,3 @@\n def is_active(user):\n- if user.deleted:\n- return False\n- return user.active\n+ return True\n+ log.info(\"Checked user status\")\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"Unreachable code after return statement\",\n \"filename\": \"utils/status.py\",\n \"line_number\": 8,\n \"severity\": \"low\",\n \"category\": \"bug\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Parse webhook payload\nPR Description: Dict key assumed present \u2014 will KeyError if user absent.\nTask: bug_detection (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: off-by-one errors, None dereferences, type mismatches, mutable defaults, race conditions, exception handling.\n\nCode diff:\n```\n--- a/webhooks/parser.py\n+++ b/webhooks/parser.py\n--- a/webhooks/parser.py\n+++ b/webhooks/parser.py\n@@ -12,2 +12,2 @@\n def parse_event(data):\n- email = data.get(\"user\", {}).get(\"email\")\n+ email = data[\"user\"][\"email\"]\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"Unsafe dictionary access will raise KeyError if 'user' or 'email' keys are missing\",\n \"filename\": \"webhooks/parser.py\",\n \"line_number\": 13,\n \"severity\": \"high\",\n \"category\": \"bug\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Add balance check to payment flow\nPR Description: Check if sensor reading is exactly 0.0.\nTask: bug_detection (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: off-by-one errors, None dereferences, type mismatches, mutable defaults, race conditions, exception handling.\n\nCode diff:\n```\n--- a/payments/validator.py\n+++ b/payments/validator.py\n--- a/payments/validator.py\n+++ b/payments/validator.py\n@@ -7,3 +7,3 @@\n def validate_tx(balance, amount):\n- if balance < 0.01:\n+ if balance == 0.0:\n return False\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"Floating point equality comparison is unreliable due to precision issues\",\n \"filename\": \"payments/validator.py\",\n \"line_number\": 8,\n \"severity\": \"medium\",\n \"category\": \"bug\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Clone user config before mutation\nPR Description: Shallow copy treated as deep copy \u2014 affects original.\nTask: bug_detection (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: off-by-one errors, None dereferences, type mismatches, mutable defaults, race conditions, exception handling.\n\nCode diff:\n```\n--- a/config/user_config.py\n+++ b/config/user_config.py\n--- a/config/user_config.py\n+++ b/config/user_config.py\n@@ -10,3 +10,3 @@\n def update_config(original):\n- import copy\n- cfg = copy.deepcopy(original)\n+ cfg = original.copy()\n+ cfg[\"settings\"][\"theme\"] = \"dark\" \n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"Shallow copy used for nested dictionary mutation; will modify the original object\",\n \"filename\": \"config/user_config.py\",\n \"line_number\": 11,\n \"severity\": \"medium\",\n \"category\": \"bug\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Add user search endpoint\nPR Description: Bypassing ORM for a raw SQL query.\nTask: security_audit (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: SQL injection, XSS, hardcoded secrets, JWT issues, insecure deserialization, CORS, timing attacks, path traversal.\n\nCode diff:\n```\n--- a/api/search.py\n+++ b/api/search.py\n--- a/api/search.py\n+++ b/api/search.py\n@@ -15,3 +15,3 @@\n def find_user(name):\n- return db.users.filter(name=name).first()\n+ query = f\"SELECT * FROM users WHERE name = '{name}'\"\n+ return db.execute_raw(query)\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"SQL injection vulnerability via f-string in raw query. Use parameterized queries.\",\n \"filename\": \"api/search.py\",\n \"line_number\": 16,\n \"severity\": \"critical\",\n \"category\": \"security\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Add Stripe webhook handler\nPR Description: Hardcoded secret key in configuration.\nTask: security_audit (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: SQL injection, XSS, hardcoded secrets, JWT issues, insecure deserialization, CORS, timing attacks, path traversal.\n\nCode diff:\n```\n--- a/payments/webhook.py\n+++ b/payments/webhook.py\n--- a/payments/webhook.py\n+++ b/payments/webhook.py\n@@ -5,1 +5,1 @@\n-stripe_secret = os.getenv(\"STRIPE_SECRET\")\n+SECRET_KEY = \"sk_live_dummy_secret_key_for_testing_12345\" \n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"Hardcoded sensitive credentials in source code\",\n \"filename\": \"payments/webhook.py\",\n \"line_number\": 5,\n \"severity\": \"critical\",\n \"category\": \"security\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Add file download endpoint\nPR Description: New endpoint to read local audit logs based on path (no sanitization).\nTask: security_audit (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: SQL injection, XSS, hardcoded secrets, JWT issues, insecure deserialization, CORS, timing attacks, path traversal.\n\nCode diff:\n```\n--- a/api/files.py\n+++ b/api/files.py\n--- a/api/files.py\n+++ b/api/files.py\n@@ -10,3 +10,3 @@\n def download_file(user_input):\n- safe_path = os.path.join(BASE_DIR, os.path.basename(user_input))\n- return open(safe_path, \"rb\").read()\n+ filepath = BASE_DIR + \"/\" + user_input\n+ return open(filepath, \"rb\").read()\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"Path traversal vulnerability: user input is directly concatenated to the base path\",\n \"filename\": \"api/files.py\",\n \"line_number\": 11,\n \"severity\": \"high\",\n \"category\": \"security\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Add system ping utility\nPR Description: Command injection using os.system with user input.\nTask: security_audit (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: SQL injection, XSS, hardcoded secrets, JWT issues, insecure deserialization, CORS, timing attacks, path traversal.\n\nCode diff:\n```\n--- a/utils/network.py\n+++ b/utils/network.py\n--- a/utils/network.py\n+++ b/utils/network.py\n@@ -8,3 +8,3 @@\n def ping_host(host):\n- import subprocess\n- return subprocess.run([\"ping\", \"-c\", \"1\", host])\n+ import os\n+ os.system(f\"ping -c 1 {host}\")\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"Command injection vulnerability via os.system and shell formatting\",\n \"filename\": \"utils/network.py\",\n \"line_number\": 10,\n \"severity\": \"critical\",\n \"category\": \"security\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Add session state caching\nPR Description: Faster state loading by using pickle format for internal caches.\nTask: security_audit (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: SQL injection, XSS, hardcoded secrets, JWT issues, insecure deserialization, CORS, timing attacks, path traversal.\n\nCode diff:\n```\n--- a/cache/session.py\n+++ b/cache/session.py\n--- a/cache/session.py\n+++ b/cache/session.py\n@@ -10,3 +10,3 @@\n def get_session(key):\n- data = redis.get(key)\n- return json.loads(data)\n+ import pickle\n+ return pickle.loads(redis.get(key))\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"Insecure deserialization using pickle leads to Arbitrary Code Execution (RCE)\",\n \"filename\": \"cache/session.py\",\n \"line_number\": 12,\n \"severity\": \"high\",\n \"category\": \"security\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Add JWT decode helper\nPR Description: Allow bypassing JWT checks for faster local development loop.\nTask: security_audit (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: SQL injection, XSS, hardcoded secrets, JWT issues, insecure deserialization, CORS, timing attacks, path traversal.\n\nCode diff:\n```\n--- a/auth/jwt_helper.py\n+++ b/auth/jwt_helper.py\n--- a/auth/jwt_helper.py\n+++ b/auth/jwt_helper.py\n@@ -15,3 +15,3 @@\n def decode_token(token):\n- return jwt.decode(token, SECRET, algorithms=[\"HS256\"])\n+ return jwt.decode(token, options={\"verify_signature\": False})\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"JWT decoded without signature verification; attackers can forge any account\",\n \"filename\": \"auth/jwt_helper.py\",\n \"line_number\": 16,\n \"severity\": \"critical\",\n \"category\": \"security\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Add login redirect\nPR Description: Allow all origins for login redirect.\nTask: security_audit (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: SQL injection, XSS, hardcoded secrets, JWT issues, insecure deserialization, CORS, timing attacks, path traversal.\n\nCode diff:\n```\n--- a/views/auth.py\n+++ b/views/auth.py\n--- a/views/auth.py\n+++ b/views/auth.py\n@@ -20,3 +20,3 @@\n def login_complete(request):\n- next_url = validate_internal_url(request.args.get(\"next\"))\n- return redirect(next_url or \"/dashboard\")\n+ return redirect(request.args.get(\"next\"))\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"Open redirect vulnerability allows attackers to phish users\",\n \"filename\": \"views/auth.py\",\n \"line_number\": 21,\n \"severity\": \"medium\",\n \"category\": \"security\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Update app configuration\nPR Description: DEBUG mode enabled in production settings.\nTask: security_audit (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: SQL injection, XSS, hardcoded secrets, JWT issues, insecure deserialization, CORS, timing attacks, path traversal.\n\nCode diff:\n```\n--- a/config/settings.py\n+++ b/config/settings.py\n--- a/config/settings.py\n+++ b/config/settings.py\n@@ -35,3 +35,4 @@\n-# Production settings\n-DEBUG = False\n-TESTING = False\n+# Debug settings for prod troubleshooting\n+DEBUG = True\n+TESTING = True\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"DEBUG mode enabled in production settings discloses system secrets\",\n \"filename\": \"config/settings.py\",\n \"line_number\": 37,\n \"severity\": \"high\",\n \"category\": \"security\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Enable CORS for frontend\nPR Description: Resolving frontend browser errors by allowing all origins.\nTask: security_audit (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: SQL injection, XSS, hardcoded secrets, JWT issues, insecure deserialization, CORS, timing attacks, path traversal.\n\nCode diff:\n```\n--- a/app.py\n+++ b/app.py\n--- a/app.py\n+++ b/app.py\n@@ -55,3 +55,3 @@\n app.add_middleware(CORSMiddleware, \n- allow_origins=[\"https://secure.app.com\"],\n+ allow_origins=[\"*\"],\n allow_credentials=True)\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"Sensitive CORS policy with wildcard (*) allows data theft via CSRF\",\n \"filename\": \"app.py\",\n \"line_number\": 56,\n \"severity\": \"medium\",\n \"category\": \"security\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Add admin password check\nPR Description: Faster password check by using native equality.\nTask: security_audit (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: SQL injection, XSS, hardcoded secrets, JWT issues, insecure deserialization, CORS, timing attacks, path traversal.\n\nCode diff:\n```\n--- a/admin/auth.py\n+++ b/admin/auth.py\n--- a/admin/auth.py\n+++ b/admin/auth.py\n@@ -10,3 +10,3 @@\n def verify_admin(provided_password):\n- import secrets\n- return secrets.compare_digest(ADMIN_PASS, provided_password)\n+ return ADMIN_PASS == provided_password\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"Timing attack vulnerability in password comparison; use secrets.compare_digest\",\n \"filename\": \"admin/auth.py\",\n \"line_number\": 11,\n \"severity\": \"high\",\n \"category\": \"security\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Add UserManager service\nPR Description: A 200-line class that handles auth, email sending, billing, and profile.\nTask: architectural_review (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: SRP violations, direct DB access from wrong layers, N+1 queries, missing retry/circuit-breaker, god objects, blocking I/O.\n\nCode diff:\n```\n--- a/services/user_manager.py\n+++ b/services/user_manager.py\n--- a/services/user_manager.py\n+++ b/services/user_manager.py\n@@ -1,5 +1,10 @@\n-class UserAuth: pass\n-class UserBilling: pass\n-class UserEmail: pass\n+class UserManager:\n+ def authenticate(self, user): pass\n+ def process_payment(self, amount): pass\n+ def send_welcome_email(self, email): pass\n+ def update_profile_picture(self, img): pass\n+ def sync_to_marketing_tool(self): pass\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"God class violation: UserManager handles multiple unrelated domains (auth, billing, email)\",\n \"filename\": \"services/user_manager.py\",\n \"line_number\": 2,\n \"severity\": \"high\",\n \"category\": \"architecture\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Add order details endpoint\nPR Description: Fetching order items inside a loop (N+1 query).\nTask: architectural_review (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: SRP violations, direct DB access from wrong layers, N+1 queries, missing retry/circuit-breaker, god objects, blocking I/O.\n\nCode diff:\n```\n--- a/api/orders.py\n+++ b/api/orders.py\n--- a/api/orders.py\n+++ b/api/orders.py\n@@ -25,3 +25,4 @@\n def get_order_history(user_id):\n- return db.query(Order).options(joinedload(Order.items)).all()\n+ orders = db.query(Order).filter_by(user_id=user_id).all()\n+ for o in orders:\n+ o.items = db.query(Item).filter_by(order_id=o.id).all()\n+ return orders\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"N+1 query pattern: fetching items in a loop will cause DB performance collapse\",\n \"filename\": \"api/orders.py\",\n \"line_number\": 27,\n \"severity\": \"high\",\n \"category\": \"architecture\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Add notification system\nPR Description: Tight coupling via hardwired SendGrid import.\nTask: architectural_review (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: SRP violations, direct DB access from wrong layers, N+1 queries, missing retry/circuit-breaker, god objects, blocking I/O.\n\nCode diff:\n```\n--- a/services/notifier.py\n+++ b/services/notifier.py\n--- a/services/notifier.py\n+++ b/services/notifier.py\n@@ -1,3 +1,3 @@\n-from services.interfaces import MailProvider\n+from integrations.sendgrid import send_email\n \n-def notify(user, provider: MailProvider):\n- provider.send(user.email)\n+def notify(user):\n+ send_email(user.email)\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"Tight coupling: service depends on concrete implementation instead of abstraction\",\n \"filename\": \"services/notifier.py\",\n \"line_number\": 2,\n \"severity\": \"medium\",\n \"category\": \"architecture\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Add external price fetch to checkout\nPR Description: Synchronous blocking call inside async checkout handler.\nTask: architectural_review (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: SRP violations, direct DB access from wrong layers, N+1 queries, missing retry/circuit-breaker, god objects, blocking I/O.\n\nCode diff:\n```\n--- a/checkout/handler.py\n+++ b/checkout/handler.py\n--- a/checkout/handler.py\n+++ b/checkout/handler.py\n@@ -10,3 +10,4 @@\n async def checkout(cart):\n- async with aiohttp.ClientSession() as s:\n- price = await s.get(PRICE_API)\n+ import requests\n+ price = requests.get(PRICE_API)\n+ return process_order(price)\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"Blocking HTTP call inside async function will stall the entire event loop\",\n \"filename\": \"checkout/handler.py\",\n \"line_number\": 12,\n \"severity\": \"high\",\n \"category\": \"architecture\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Integrate weather API\nPR Description: Missing retry/resilience on external call.\nTask: architectural_review (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: SRP violations, direct DB access from wrong layers, N+1 queries, missing retry/circuit-breaker, god objects, blocking I/O.\n\nCode diff:\n```\n--- a/services/weather.py\n+++ b/services/weather.py\n--- a/services/weather.py\n+++ b/services/weather.py\n@@ -5,3 +5,3 @@\n def get_temp(city):\n- return circuit_breaker.call(WEATHER_URL, timeout=2)\n+ return requests.get(WEATHER_URL).json()\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"Missing resilience (retry, timeout, circuit breaker) on external API dependency\",\n \"filename\": \"services/weather.py\",\n \"line_number\": 6,\n \"severity\": \"medium\",\n \"category\": \"architecture\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Refactor model relationships\nPR Description: Circular import between User and Order models.\nTask: architectural_review (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: SRP violations, direct DB access from wrong layers, N+1 queries, missing retry/circuit-breaker, god objects, blocking I/O.\n\nCode diff:\n```\n--- a/models/order.py\n+++ b/models/order.py\n--- a/models/order.py\n+++ b/models/order.py\n@@ -1,1 +1,2 @@\n+from models.user import User\n class Order(BaseModel):\n- user_id: int\n+ user: User\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"Circular dependency risk: order depends on user while user likely imports order\",\n \"filename\": \"models/order.py\",\n \"line_number\": 1,\n \"severity\": \"medium\",\n \"category\": \"architecture\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Add all-products endpoint\nPR Description: Missing pagination on unbounded list endpoint.\nTask: architectural_review (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: SRP violations, direct DB access from wrong layers, N+1 queries, missing retry/circuit-breaker, god objects, blocking I/O.\n\nCode diff:\n```\n--- a/api/products.py\n+++ b/api/products.py\n--- a/api/products.py\n+++ b/api/products.py\n@@ -10,3 +10,3 @@\n def list_products():\n- return db.query(Product).limit(50).all()\n+ return db.query(Product).all()\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"Missing pagination on list endpoint will lead to memory exhaustion\",\n \"filename\": \"api/products.py\",\n \"line_number\": 11,\n \"severity\": \"high\",\n \"category\": \"architecture\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Document the payment integration\nPR Description: Sensitive API key included in documentation comment.\nTask: architectural_review (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: SRP violations, direct DB access from wrong layers, N+1 queries, missing retry/circuit-breaker, god objects, blocking I/O.\n\nCode diff:\n```\n--- a/docs/payment_notes.py\n+++ b/docs/payment_notes.py\n--- a/docs/payment_notes.py\n+++ b/docs/payment_notes.py\n@@ -1,2 +1,3 @@\n # Payment integration notes\n+# Use API key: pk_test_abc123 for testing\n def init(): pass\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"Secret leaked in code comment; should be in environment variables only\",\n \"filename\": \"docs/payment_notes.py\",\n \"line_number\": 2,\n \"severity\": \"medium\",\n \"category\": \"architecture\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Add detailed auth logging\nPR Description: Logging sensitive user password in cleartext.\nTask: architectural_review (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: SRP violations, direct DB access from wrong layers, N+1 queries, missing retry/circuit-breaker, god objects, blocking I/O.\n\nCode diff:\n```\n--- a/auth/logger.py\n+++ b/auth/logger.py\n--- a/auth/logger.py\n+++ b/auth/logger.py\n@@ -5,3 +5,3 @@\n def log_login(email, password):\n- logger.info(f\"Attempt for {email}\")\n+ logger.info(f\"Login attempt: user={email} password={password}\")\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"PII/Security Leak: logging plain-text passwords violates security policy\",\n \"filename\": \"auth/logger.py\",\n \"line_number\": 6,\n \"severity\": \"high\",\n \"category\": \"architecture\"\n}"}]} |
| {"messages": [{"role": "system", "content": "You are an expert code reviewer specializing in bugs, security vulnerabilities, and architectural issues.\n\nYou will be given a code diff (PR) to review. Your job is to identify issues and output a single JSON action.\n\nAvailable action types:\n - \"flag_issue\": Flag a specific issue in the code\n - \"approve\": Approve the PR (no issues found / all issues flagged)\n - \"request_changes\": Request changes (issues found that must be fixed)\n - \"ask_question\": Ask a clarifying question\n - \"comment\": Leave a general comment\n\nFor \"flag_issue\", you MUST provide:\n - action_type: \"flag_issue\"\n - body: description of the issue (be specific, mention the root cause)\n - filename: the file containing the issue\n - line_number: approximate line number\n - severity: one of \"low\", \"medium\", \"high\", \"critical\"\n - category: one of \"bug\", \"security\", \"architecture\", \"performance\", \"style\", \"design\"\n\nFor \"approve\" or \"request_changes\", you MUST provide:\n - action_type: \"approve\" or \"request_changes\"\n - body: your overall assessment\n - verdict: \"LGTM\" (for approve) or \"REQUEST_CHANGES\" (for request_changes)\n\nIMPORTANT: Output ONLY a valid JSON object \u2014 no markdown, no explanation.\n"}, {"role": "user", "content": "PR Title: Set up database connection\nPR Description: Hardcoded DB connection string with credentials.\nTask: architectural_review (step 1/10)\nNoise budget remaining: 5 (false positives consume this)\nReview focus: Focus on: SRP violations, direct DB access from wrong layers, N+1 queries, missing retry/circuit-breaker, god objects, blocking I/O.\n\nCode diff:\n```\n--- a/db/setup.py\n+++ b/db/setup.py\n--- a/db/setup.py\n+++ b/db/setup.py\n@@ -5,3 +5,3 @@\n def connect():\n- url = os.environ.get(\"DATABASE_URL\")\n+ url = \"postgresql://admin:password123@localhost:5432/mydb\"\n return create_engine(url)\n```\n\nOutput a single JSON action object. If you've already flagged the main issues, submit approve or request_changes."}, {"role": "assistant", "content": "{\n \"action_type\": \"flag_issue\",\n \"body\": \"Hardcoded environment configuration and credentials\",\n \"filename\": \"db/setup.py\",\n \"line_number\": 6,\n \"severity\": \"high\",\n \"category\": \"architecture\"\n}"}]} |
|
|
