test: AI Review Demo — testing GitHub Models integration

[nsalvacao]

This PR intentionally contains security issues to test the AI code review workflow.

Expected: The AI reviewer should flag SQL injection, hardcoded secrets, and password logging.

🧪 Test PR — do not merge

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[github-actions]

🔍 AI Code Review

🔵 Info

• The workflow adds manual trigger (workflow_dispatch) with PR number input, improving flexibility.
• Permissions are scoped to contents: read and pull-requests: write, which is good least privilege.
• The diff is truncated to 6000 bytes to avoid API limits.
• Uses GitHub Models API with GPT-4.1-mini for review, with low temperature (0.2) for deterministic output.
• Posts AI review as a PR comment with token usage info.

🟡 Warning

• The diff extraction command:

  git diff ${{ github.event.pull_request.base.sha || github.sha }}~1...${{ github.sha }} -- "*.js" "*.ts" "*.py" "*.yml"

  may fail or produce unexpected results if base.sha is undefined or the ref syntax is incorrect. Consider explicitly checking and fallback logic.

• The fallback diff logic (git diff HEAD~1) may not correspond to the PR changes, potentially confusing the AI review.

• The truncation to 6000 bytes may cut off important context in large diffs. Consider chunking or summarizing large diffs instead.

• The curl command does not validate or sanitize the diff input, which could cause JSON injection if the diff contains unexpected characters (e.g., quotes). Using jq with --arg is safe, but verify that $diff is properly escaped.

• The API error handling only logs and exits; consider retry logic or more descriptive error messages.

🔴 Critical

• The workflow posts the AI review as a comment without any moderation or filtering. If the AI generates inappropriate or incorrect content, it will be publicly posted automatically. Consider adding a manual approval step or limiting posting permissions.

• The secrets token MODELS_PAT is used directly in the environment variable GH_MODELS_TOKEN and curl header. Ensure this secret has minimal scope and is rotated regularly.

• The workflow does not verify the origin or authenticity of the PR number input in workflow_dispatch. Malicious users with workflow dispatch permissions could trigger reviews on arbitrary PRs, potentially leaking sensitive info in comments.

---

Summary:

The workflow is well-structured and improves AI review automation but should harden diff extraction, input validation, and output moderation to avoid incorrect or sensitive info leakage. Consider adding safeguards for large diffs and manual review before posting AI-generated comments.

---

🤖 gpt-4.1-mini · 1683 tokens · GitHub Models free tier · 0 premium requests