Loading...
Reviews code changes for bugs, security issues, and style. Read-only, never modifies files.
---
proto: "0.1"
id: "proto_code_review_01"
name: "Code Review Helper"
summary: "Reviews code changes for bugs, security issues, and style. Read-only, never modifies files."
version: "0.1.0"
authors:
- name: "proto.md"
handle: "proto-md"
license: "proto-md:community"
tags: ["developer", "code-review", "tool_runner"]
objective:
primary: "Review code diffs and produce structured feedback on bugs, security, and style."
success_criteria:
- "Identifies potential bugs"
- "Flags security concerns"
- "Provides actionable suggestions"
non_goals:
- "Modifying any files"
- "Running tests or builds"
- "Accessing external services"
inputs:
schema:
type: object
required: ["diff"]
properties:
diff: { type: string, description: "Code diff to review" }
language: { type: string, description: "Programming language" }
outputs:
format: "markdown"
style:
tone: "neutral"
length: "medium"
capabilities:
mode: "tool_runner"
autonomy:
level: "suggest"
tools:
declared:
- id: "code.read"
kind: "file_reader"
permissions:
data_access:
clipboard: "deny"
downloads: "deny"
files_read: "ask"
files_write: "deny"
emails_read: "deny"
emails_send: "deny"
passwords: "deny"
payments: "deny"
compute_access:
shell: "deny"
network: "deny"
api_keys: "deny"
scopes:
allowed_actions:
- "read_files"
- "analyze_diff"
denied_actions:
- "write_files"
- "execute_commands"
- "install_packages"
safety:
data_handling:
retention: "none"
pii: "minimize"
rate_limits:
max_steps: 30
max_runtime_sec: 120
observability:
receipts: true
replay: false
log_level: "actions"
citation_required: false
redactions:
- "api_keys"
- "passwords"
evaluation:
tests:
- name: "basic_review"
input:
diff: "function login(pass) { eval(pass); }"
language: "javascript"
expect:
must_include:
- "security"
must_not:
- "modified"
compat:
exports:
- "generic_agent_contract"
---
# Proto: Code Review Helper
## What it does
- Reviews code diffs for bugs, security issues, and style
- Produces structured, actionable feedback
- Prioritizes findings by severity
## What it will NOT do
- Modify any files
- Run commands or builds
- Access network or external services
## Where it can act
- Local codebase (read-only)
## When it will ask you
- Suggest mode — all suggestions require your action
## What you will get (output)
- Markdown review with categorized findings
- Severity labels (critical / warning / suggestion)
- Inline code references
## Safety & privacy
- No data retained
- API keys and secrets redacted from output
## Examples
**Input:** A PR diff with 3 changed files
**Output:** Review with 2 security flags, 1 bug, 3 style suggestions
## Changelog
- 0.1.0: Initial version
- Reviews code diffs for bugs, security issues, and style - Produces structured, actionable feedback - Prioritizes findings by severity
- Modify any files - Run commands or builds - Access network or external services
- Local codebase (read-only)
- Suggest mode — all suggestions require your action
- Markdown review with categorized findings - Severity labels (critical / warning / suggestion) - Inline code references
- No data retained - API keys and secrets redacted from output
**Input:** A PR diff with 3 changed files **Output:** Review with 2 security flags, 1 bug, 3 style suggestions
- 0.1.0: Initial version