Closed
Conversation
Değişiklikler: - compliance-reviewer.md: Yeni agent (Türk bankacılık regülasyonları) - security-reviewer.md: BDDK/MASAK güvenlik kontrolleri eklendi - patterns.md: Supabase RLS pattern eklendi - agents.md: Digital Board agent'ları eklendi - testing.md: Coverage %80 → %70 Co-Authored-By: Claude Opus 4.5 <[email protected]>
Contributor
📝 WalkthroughWalkthroughChanges introduce Turkish regulatory compliance and security documentation (BDDK, MASAK, KVKK standards), expand agent registry with compliance-reviewer role, add Supabase RLS and client initialization patterns, and lower test coverage requirement from 80% to 70%. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
mtatlisen
changed the title
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Fix all issues with AI agents
In `@agents/compliance-reviewer.md`:
- Around line 66-72: Update the "Eşik Değerler" section in
agents/compliance-reviewer.md by replacing the outdated 150.000 TL threshold
under "Nakit işlem bildirimi" with the current 2026 MASAK thresholds: state that
cash and bank transfer declaration obligation applies at 200.000 TL and above,
and add the higher tiers 2.000.000 TL and 20.000.000 TL with notes that these
trigger the Cash Transaction Declaration Form and require additional
documentation; keep the other bullets (Şüpheli işlem, PEP kontrolü, Yaptırım
taraması) unchanged.
In `@agents/security-reviewer.md`:
- Around line 580-593: The current isTurkeyIP / TURKEY_IP_RANGES approach is
unreliable (false positives/negatives, no CIDR support, stale data); replace it
by using a proper geolocation lookup or validated CIDR matching: update the
isTurkeyIP function to call a maintained geolocation library/service (e.g.,
geoip-lite or MaxMind GeoIP2) or load an authoritative CIDR list and perform
robust CIDR matching (with IPv4/IPv6 parsing and validation) instead of
startsWith; ensure calls from the transaction check (the if that calls
requireAdditionalVerification) handle lookup failures and cache results/refresh
CIDRs periodically for maintainability.
In `@rules/agents.md`:
- Around line 20-28: The Digital Board section duplicates and fragments agent
definitions (e.g., compliance-reviewer appears twice and cfo-analyst,
cmo-analyst, cto-analyst only exist in the Digital Board table); fix by merging
into a single unified "Available Agents" table with an added "Category" column
(e.g., Core, Regulatory, Digital Board) and move cfo-analyst, cmo-analyst,
cto-analyst into that table, then remove the duplicate compliance-reviewer entry
from the Digital Board subsection; alternatively, if you prefer a hierarchy, add
a clear note under Digital Board stating those agent names are role-specific
configurations of the base agents (reference agent names: cfo-analyst,
cmo-analyst, cto-analyst, compliance-reviewer).
🧹 Nitpick comments (3)
agents/security-reviewer.md (1)
548-548: Add language specifiers to fenced code blocks.Markdown best practices require language specifiers for fenced code blocks to enable proper syntax highlighting and improve readability.
Based on static analysis hints.
📝 Proposed fix
-``` +```text - [ ] Müşteri verileri AES-256 ile şifrelenmiş ...-``` +```text - [ ] Şüpheli işlem logları immutable ...Also applies to: 558-558
rules/patterns.md (1)
47-59: Fix code block language identifier.The code block is tagged as
typescriptbut contains SQL statements. This prevents proper syntax highlighting.📝 Proposed fix
-```typescript +```sql // ALWAYS enable RLS on tables with user data -- Enable RLS ALTER TABLE customers ENABLE ROW LEVEL SECURITY;agents/compliance-reviewer.md (1)
41-64: Add return type annotations to async functions.The example functions should include explicit return types for better type safety and documentation.
♻️ Proposed improvement
// ❌ YANLIŞ: Kontrol yok -async function transfer(from, to, amount) { +async function transfer(from: string, to: string, amount: number): Promise<void> { await executeTransfer(from, to, amount) } // ✅ DOĞRU: MASAK kontrolü var -async function transfer(from, to, amount) { +async function transfer(from: string, to: string, amount: number): Promise<void> { const check = await masakCheck({ from, to, amount })
Comment on lines
+66
to
+72
| ### Eşik Değerler | ||
| ``` | ||
| - Nakit işlem bildirimi: 150.000 TL ve üzeri | ||
| - Şüpheli işlem: Tutar bağımsız, davranış bazlı | ||
| - PEP kontrolü: Tüm yeni müşteriler | ||
| - Yaptırım taraması: OFAC, UN, EU, Türkiye listeleri | ||
| ``` |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
MASAK Turkish Financial Crimes Investigation Board cash transaction reporting threshold 2026 TL
💡 Result:
MASAK’s draft communiqué sets a declaration obligation for cash and bank transfers of 200,000 Turkish Lira and above, effective January 1, 2026; higher tiers (2,000,000 TL and 20,000,000 TL) trigger completion of a Cash Transaction Declaration Form and additional documentation/explanations. (hurriyetdailynews.com)
Citations:
Update MASAK cash transaction reporting thresholds to current 2026 regulations.
The 150,000 TL threshold is outdated. Effective January 1, 2026, MASAK's current regulations set the declaration obligation for cash and bank transfers at 200,000 TL and above. Additionally, higher tiers at 2,000,000 TL and 20,000,000 TL trigger the Cash Transaction Declaration Form and additional documentation requirements. Update the documentation to reflect the current regulatory thresholds and include all applicable tiers.
🤖 Prompt for AI Agents
In `@agents/compliance-reviewer.md` around lines 66 - 72, Update the "Eşik
Değerler" section in agents/compliance-reviewer.md by replacing the outdated
150.000 TL threshold under "Nakit işlem bildirimi" with the current 2026 MASAK
thresholds: state that cash and bank transfer declaration obligation applies at
200.000 TL and above, and add the higher tiers 2.000.000 TL and 20.000.000 TL
with notes that these trigger the Cash Transaction Declaration Form and require
additional documentation; keep the other bullets (Şüpheli işlem, PEP kontrolü,
Yaptırım taraması) unchanged.
Comment on lines
+580
to
+593
| ### Türkiye IP/Lokasyon Kontrolleri | ||
| ```typescript | ||
| // Yurtdışı erişim kontrolü (gerekirse) | ||
| const TURKEY_IP_RANGES = ['78.', '85.', '88.', '95.', '176.', '212.', '213.'] | ||
|
|
||
| function isTurkeyIP(ip: string): boolean { | ||
| return TURKEY_IP_RANGES.some(range => ip.startsWith(range)) | ||
| } | ||
|
|
||
| // Kritik işlemlerde lokasyon doğrulama | ||
| if (!isTurkeyIP(userIP) && transaction.amount > 10000) { | ||
| await requireAdditionalVerification(userId) | ||
| } | ||
| ``` |
Contributor
There was a problem hiding this comment.
IP-based geolocation is unreliable and overly simplistic.
The current implementation has several issues:
- False negatives: Turkish IPs outside these prefixes (e.g., mobile carriers, newer allocations) will be rejected.
- False positives: Some listed prefixes may be allocated to other countries or shared.
- No CIDR validation: Prefix matching doesn't account for subnet masks.
- Maintainability: IP allocations change; hardcoded ranges become stale.
Consider using a proper IP geolocation service (MaxMind GeoIP2, IP2Location) or at minimum, expanding to full CIDR ranges with regular updates.
🌍 Recommended alternatives
Option 1: Use a geolocation service
import geoip from 'geoip-lite'
function isTurkeyIP(ip: string): boolean {
const geo = geoip.lookup(ip)
return geo?.country === 'TR'
}Option 2: If staying with prefix matching, use comprehensive CIDR ranges
// Maintain updated CIDR blocks from RIPE/ARIN databases
const TURKEY_CIDR_BLOCKS = [
'78.160.0.0/11',
'85.96.0.0/13',
// ... comprehensive list from regional registries
]
import { IpSubnetCalculator } from 'ip-subnet-calculator'
function isTurkeyIP(ip: string): boolean {
return TURKEY_CIDR_BLOCKS.some(cidr => {
// Proper CIDR matching logic
})
}🤖 Prompt for AI Agents
In `@agents/security-reviewer.md` around lines 580 - 593, The current isTurkeyIP /
TURKEY_IP_RANGES approach is unreliable (false positives/negatives, no CIDR
support, stale data); replace it by using a proper geolocation lookup or
validated CIDR matching: update the isTurkeyIP function to call a maintained
geolocation library/service (e.g., geoip-lite or MaxMind GeoIP2) or load an
authoritative CIDR list and perform robust CIDR matching (with IPv4/IPv6 parsing
and validation) instead of startsWith; ensure calls from the transaction check
(the if that calls requireAdditionalVerification) handle lookup failures and
cache results/refresh CIDRs periodically for maintainability.
Comment on lines
+20
to
+28
| ## Digital Board Agents (Digimental) | ||
|
|
||
| | Agent | Role | When to Use | | ||
| |-------|------|-------------| | ||
| | cfo-analyst | CFO - Finansal analiz | Maliyet/ROI hesaplaması | | ||
| | cmo-analyst | CMO - Pazarlama | Marketing stratejisi | | ||
| | cto-analyst | CTO - Teknik | architect + code-reviewer | | ||
| | compliance-reviewer | Legal | BDDK/MASAK/KVKK uyum | | ||
|
|
Contributor
There was a problem hiding this comment.
🛠️ Refactor suggestion | 🟠 Major
Clarify agent taxonomy and avoid duplication.
The "Digital Board Agents" section creates organizational confusion:
- Duplication:
compliance-reviewerappears in both the main table (line 14) and the Digital Board table (line 27). - Missing entries:
cfo-analyst,cmo-analyst, andcto-analystare only in the Digital Board table, not in the main "Available Agents" table. - Unclear distinction: It's not clear whether Digital Board agents are a subset, aliases, or separate entities.
Consider one of these approaches:
Option 1: Single unified table - Merge all agents into the main table with a "Category" column.
Option 2: Clear hierarchy - Add a note explaining that Digital Board agents are role-specific configurations of base agents.
Option 3: Separate sections - Clearly document that Digital Board agents are project-specific and reference the main agents where applicable.
💡 Example: Option 1 (unified table)
| Agent | Purpose | Category | When to Use |
|-------|---------|----------|-------------|
| planner | Implementation planning | Core | Complex features, refactoring |
| architect | System design | Core | Architectural decisions |
| ...
| compliance-reviewer | BDDK/MASAK/KVKK uyum | Regulatory | RegTech projelerinde |
| cfo-analyst | Finansal analiz | Digital Board | Maliyet/ROI hesaplaması |
| cmo-analyst | Pazarlama | Digital Board | Marketing stratejisi |
| cto-analyst | Teknik | Digital Board | architect + code-reviewer |🤖 Prompt for AI Agents
In `@rules/agents.md` around lines 20 - 28, The Digital Board section duplicates
and fragments agent definitions (e.g., compliance-reviewer appears twice and
cfo-analyst, cmo-analyst, cto-analyst only exist in the Digital Board table);
fix by merging into a single unified "Available Agents" table with an added
"Category" column (e.g., Core, Regulatory, Digital Board) and move cfo-analyst,
cmo-analyst, cto-analyst into that table, then remove the duplicate
compliance-reviewer entry from the Digital Board subsection; alternatively, if
you prefer a hierarchy, add a clear note under Digital Board stating those agent
names are role-specific configurations of the base agents (reference agent
names: cfo-analyst, cmo-analyst, cto-analyst, compliance-reviewer).
Owner
|
Teşekkürler! (Thanks!) This PR adds Turkish banking regulations and compliance configs which are very specific to your use case. This repo aims to stay general-purpose. Consider maintaining a fork for your Turkish banking-specific configurations! 🙏 |
moyueheng
added a commit
to moyueheng/everything-claude-code
that referenced
this pull request
Jan 29, 2026
675db95 feat: unify commands and skills (v1.2.0) ca584e2 fix: escape pipe in markdown table for markdownlint a44a055 fix: resolve ESLint errors and update tests for project-name fallback c9ef02b docs: add requirements section and hooks field warning 0c53ad8 Revert "docs: update shorthand to shortform terminology" c3430bd docs: add Traditional Chinese translation fbe2e56 docs: add simplified Chinese README 7c0bc25 feat: add comprehensive CI/CD pipeline 58a97c8 docs: update shorthand to shortform terminology 04ee208 docs: add plugin manifest validation notes e3a1306 fix: remove duplicate hooks declaration from plugin.json 81003b1 feat: use project name as session filename fallback 8996303 fix: prevent command injection in Prettier hook (affaan-m#102) 8894e1b docs: update README with skill-create and instinct commands 9bc587a feat: add skill-create and continuous-learning-v2 commands 0ced59a Merge pull request affaan-m#91 from Hor1zonZzz/fix/readme-rules-limitation 2563d1e Merge pull request affaan-m#92 from jhsong-musinsa/fix/plugin-manifest-validation 5dc1edb Merge pull request affaan-m#93 from pangerlkr/patch-3 2aac2d9 Create PLUGIN_SCHEMA_NOTES.md cdf987d fix: use explicit file paths for agents in plugin.json 384b255 docs: add note about rules limitation in plugin installation accbb47 feat: add proper header banner to shortform guide ff67b03 feat: add images and rename guides to the-shortform-guide.md and the-longform-guide.md 7fc5ef1 Merge pull request affaan-m#83 from msyahidin/claude/add-golang-support-frw0Z 779085e fix: add missing agents and hooks declarations to plugin.json 5e1835a Merge pull request affaan-m#81 from pangerlkr/patch-2 2abefe6 Merge pull request affaan-m#79 from pangerlkr/patch-1 4bca615 Merge pull request affaan-m#80 from lichengzhe/fix/stop-hook-shell-error a1f47f1 Merge pull request affaan-m#85 from roeiba/add-license-file 01ad21b docs: add missing MIT LICENSE file c6c32cd fix: add language labels to fenced code blocks for MD040 compliance 75e1e46 feat: add comprehensive Golang language support 2feac5a docs: add The Longform Guide to Everything Claude Code a0b84f7 Fix: Move Stop hook inline code to separate script file 1564213 docs: add The Shorthand Guide to Everything Claude Code 56ff5d4 fix: use correct unscoped agent-browser package name (affaan-m#77) 5c63fa9 feat: v1.1.0 release - session ID tracking, async hooks, new skills 5670fcd Fix plugin manifest validation errors (affaan-m#75) 1c9fa0b Add hooks.md to documentation index (affaan-m#40) 2bfd2fb feat: add cloud infrastructure security skill (affaan-m#44) fae9716 feat(agents): add database-reviewer agent with Supabase patterns (affaan-m#48) a2087a8 fix: remove unnecessary .sh hooks (affaan-m#41) b9b7831 fix: multiple community-reported issues 660e0d3 fix: security and documentation fixes a7bc5f2 revert: remove hooks declaration - auto-loaded by convention 22ad036 fix: add hooks declaration to plugin.json for proper hook loading 5230892 fix: remove version fields from marketplace.json 970f8bf feat: cross-platform support with Node.js scripts 4ec7a6b fix: remove version field to enable automatic plugin updates 0d438dd style: side-by-side guide layout matching profile README 7f4f622 feat: add star history chart and minimal badge bar c3f1594 fix: move session-end hooks from Stop to SessionEnd 19345df fix: remove duplicate hooks field from plugin.json 73bda1a fix: use ${CLAUDE_PLUGIN_ROOT} for hook script paths ecfbbd3 fix: use relative path './' for plugin source instead of GitHub object ee5affb fix: remove agents field temporarily to debug validation d362ae6 fix: use string format for repository field in plugin.json 9e8006c fix: use GitHub source object in marketplace.json 5010f82 feat: package as Claude Code plugin with marketplace distribution 4491f15 Clarify README description of the repository e6440d3 docs: restructure README to flow shorthand → longform guides together fa0928a Enhance README with update section and resources 2d6fd70 feat: add strategic-compact hook and update hooks.json with all hooks f96ef1e feat: add memory persistence hooks and context files 7d3ea0f feat: add strategic compact skill 6bf102d feat: add continuous learning skill with session examples 3c1e7d9 Clarify repository purpose and additional resources 62a80df Update README with image and guide link 6eefb41 Update README with guide reading reminder d7cf890 Fix formatting in README.md for guide link e57979c Update README with image and guide link 45959c3 Initial release: Complete Claude Code configuration collection REVERT: 69c0b1a Add link to Agent Skills specification website (affaan-m#160) REVERT: be229a5 Fix links in agent skills specification (affaan-m#159) REVERT: f232228 Split agent-skills-spec into separate authoring and client integration guides (affaan-m#148) REVERT: 0075614 Add doc-coauthoring skill and update example skills (affaan-m#134) REVERT: ef74077 Move example skills into dedicated folder and create minimal top-level folder structure (affaan-m#129) REVERT: 0f77e50 Update example skills and rename 'artifacts-builder' (affaan-m#112) REVERT: e5c6015 Add 'frontend-design' example skill (affaan-m#98) REVERT: c74d647 Clarify Claude Code installation in README.md (#20) REVERT: 0877bae Updates to README.md (affaan-m#9) REVERT: b118d29 Add Claude Claude instructions to the readme (#8) REVERT: 4d1e3f3 Add Claude Code Marketplace (affaan-m#5) REVERT: 9b61003 Small tweak to blog link (#7) REVERT: 10e0fbe Add initial Agent Skills Spec (#2) REVERT: ec84104 Add 3rd Party notices (affaan-m#4) REVERT: 67ada86 Adding more details to README (affaan-m#3) REVERT: 83291af Reorganize the example skills (affaan-m#1) REVERT: 37292f3 init repo git-subtree-dir: upstream/anthropics-skills git-subtree-split: 675db95
This was referenced Feb 1, 2026
IAliceBobI
pushed a commit
to IAliceBobI/rust-skills
that referenced
this pull request
Feb 20, 2026
Brainstorming is mandatory workflow affaan-m#1 before starting any project. Skills search becomes workflow #2, conversation search becomes affaan-m#3.
IAliceBobI
pushed a commit
to IAliceBobI/rust-skills
that referenced
this pull request
Feb 20, 2026
Add problem-solving skills from amplifier patterns
IAliceBobI
pushed a commit
to IAliceBobI/rust-skills
that referenced
this pull request
Feb 20, 2026
Documents all changes since v1.0.0: - Skills repository separation (breaking change) - New problem-solving and research skills (PR affaan-m#1) - Personal superpowers system (PR #2, later replaced) - Auto-update functionality - Skills improvements (using-skills v4.0.0, sharing-skills v2.0.0) - Tools improvements (find-skills, skill-run) - Plugin infrastructure changes - Migration guide for existing users
affaan-m
pushed a commit
that referenced
this pull request
Feb 20, 2026
feat: add cloud infrastructure security skill
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Değişiklikler:
Summary by CodeRabbit
Release Notes
New Features
Documentation
Updates
✏️ Tip: You can customize this high-level summary in your review settings.