-
-
Notifications
You must be signed in to change notification settings - Fork 0
Playbook Code Review
Hermes Agent edited this page Jul 11, 2026
·
1 revision
Inspect code or diffs for security-relevant defects grounded in file/line evidence.
- repository path or PR diff
- files of interest
- threat or feature context
Typically security-code-review, optionally security-appsec-assessment, then security-qa.
- intake
- surface selection
- code inspection
- evidence extraction
- fix and test recommendations
- QA
- code scope is identifiable
- findings separate evidence from inference
- QA pass before final report
- code findings with evidence
- severity rationale
- remediation suggestions
- regression-test ideas
Code review without runtime validation may over- or under-estimate practical exploitability.
Review a diff that changes authorization checks around a shared-resource API.