heimdall-pr-reviewlisted

# Heimdall PR Review Use this skill for review requests in the Heimdall repo. ## Trigger guidance - Use it when the user asks for a review, pre-handoff regression pass, or risk check. - Prefer findings-first output ordered by severity. - Do not switch into implementation unless the user asks to fix the findings. ## Review workflow 1. Inspect the branch diff against the appropriate base. 2. Identify affected surfaces such as scanner, server, oauth, pricing, config, webhooks, optimizer, scheduler, or UI. 3. Check the changed code against the repo rules below. 4. Report concrete findings with file and line references. ## Review checklist ### Safety - No `.unwrap()` in library code under scanner, server, pricing, oauth, config, models, or webhooks. - No panic-prone error paths when `Result` propagation is available. - No hardcoded secrets, tokens, or API keys. - No logged OAuth secrets or tokens. - SQLite queries stay parameterized. - Missing `// SAFETY:` comment on any `unsafe {}` block (**CRITICAL**) - `unsafe impl Sync` or `unsafe impl Send` without a `// SAFETY:` comment listing every field type (**CRITICAL**) - `tokio::spawn` capturing a non-`'static` reference (including `&mut State`) (**CRITICAL**) - Panicking inside `Drop::drop` — any `.unwrap()` on cleanup path = double-panic if called during unwind (**CRITICAL**) - `#[no_mangle]` without `#[unsafe(no_mangle)]` form in edition 2024 (**CRITICAL**) ### Correctness - New behavior has matching tests. - SQL stays in