tessl-labs/pr-review-guardrails
Evidence-first pull request review with independent critique, selective challenger review, and human handoff.
87
92%
Does it follow best practices?
Impact
87%
1.31xAverage score across 43 eval scenarios
Risky
Do not use without reviewing
criteria.jsonevals/scenario-24/
{
"context": "Hard: SNS topic with public access policy and HTTP (not HTTPS) subscription",
"type": "weighted_checklist",
"checklist": [
{
"name": "Catches unencrypted notification endpoint",
"description": "Identifies that the alarm notification subscription uses HTTP instead of HTTPS, sending potentially sensitive operational alerts over an unencrypted connection",
"max_score": 7
},
{
"name": "Catches overly permissive SNS policy",
"description": "Identifies that the SNS topic policy grants public or overly broad access (AWS: * or similar), allowing unauthorized parties to subscribe to or read alarm notifications",
"max_score": 7
},
{
"name": "Risk classified red or yellow",
"description": "PR is classified as yellow or red — it configures security-sensitive notification infrastructure",
"max_score": 10
}
]
}evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
scenario-10
scenario-11
scenario-12
scenario-13
scenario-14
scenario-15
scenario-16
scenario-17
scenario-18
scenario-19
scenario-20
scenario-21
scenario-22
scenario-23
scenario-24
scenario-25
scenario-26
scenario-27
scenario-28
scenario-29
scenario-30
scenario-31
scenario-32
scenario-33
scenario-34
scenario-35
scenario-36
scenario-37
scenario-38
scenario-39
scenario-40
scenario-41
scenario-42
scenario-43
rules
skills
challenger-review
finding-synthesizer
fresh-eyes-review
human-review-handoff
pr-evidence-builder
review-retrospective