Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c47918f323
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| host="139.180.164.78", | ||
| user="readonly", | ||
| password="j234k5lmnooij!some", | ||
| database="qrent", |
There was a problem hiding this comment.
This new file includes a live database host, username, and password directly in source control, which exposes credentials to anyone who can read the repository and enables unauthorized access to the qrent database. Even if this is a temporary debug script, committing plaintext secrets is a security incident; these values should be removed immediately and rotated.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Please prevent hard coded secrets. Reference .github/workflow/cd.yml to see how does it inject the env variable during build time.
| def should_continue(state: State) -> bool: | ||
| last = state.messages[-1] | ||
| tool_calls = getattr(last, "tool_calls", None) | ||
| if not tool_calls: | ||
| return False | ||
| return bool(tool_calls) |
There was a problem hiding this comment.
The termination condition now returns True for any tool call without enforcing the previous MAX_LOOPS guard, so a model that repeatedly emits tool calls can spin until the graph recursion limit is hit and fail the request. Reintroducing an explicit loop cap here prevents runaway tool cycles and makes failures deterministic.
Useful? React with 👍 / 👎.
| if _is_blank(wr): | ||
| errs.append("weekly_rent 不能为空(例如:750)。") | ||
| else: | ||
| try: | ||
| if not isinstance(wr, int): | ||
| raise ValueError | ||
| if wr <= 0: | ||
| errs.append("weekly_rent 必须为正整数。") | ||
| except Exception: | ||
| errs.append("weekly_rent 格式不正确,请填写整数(例如:750)。") | ||
| errs.append("weekly_rent 不能为空(例如:520 / AUD 520 / 520 per week)。") |
There was a problem hiding this comment.
This validation branch now only checks that financials.weekly_rent is present, but it no longer rejects non-positive values. As a result, inputs like 0 or negative rent can pass business validation and be used to generate nonsensical letters; restore the positive-integer constraint in this path.
Useful? React with 👍 / 👎.
| host="139.180.164.78", | ||
| user="readonly", | ||
| password="j234k5lmnooij!some", | ||
| database="qrent", |
There was a problem hiding this comment.
Please prevent hard coded secrets. Reference .github/workflow/cd.yml to see how does it inject the env variable during build time.
|
Please use English for PR title. |
2 participants
No description provided.