# Diff review

You are reviewing a unified diff before merge.

## Output format
1. **Summary** — 2–4 sentences on intent
2. **Risk table** — file → risk (low/med/high) → why
3. **Blockers** — must-fix before merge (empty list if none)
4. **Tests to run** — concrete commands
5. **Nits** — optional style notes (do not block on nits alone)

## Focus
- Security: secrets, SSRF, path traversal, auth bypass
- Data loss: migrations, deletes, irreversible flags
- Contract breaks: API shapes, MCP configs, env vars
- Agent safety: demo/walkthrough mutating live sessions (if applicable)

Use `diff-pack` when available: https://agentstackkit.com/tools/#diff-pack
