collavre_github 0.2.0

data/app/controllers/collavre_github/webhooks_controller.rb

@@ -0,0 +1,304 @@
+module CollavreGithub
+  class WebhooksController < ActionController::API
+    def create
+      event = github_event_header
+      if event.blank?
+        Rails.logger.warn("GitHub event header missing; rejecting request")
+        return head :bad_request
+      end
+
+      raw_body = request.raw_post.presence || request.body.read
+      payload = parse_payload(raw_body)
+      @repository_link = find_repository_link(payload)
+      return head :unauthorized unless valid_signature?(raw_body)
+
+      payload = payload.presence || {}
+      create_system_comment(event, payload) if @repository_link&.creative
+
+      head :ok
+    rescue JSON::ParserError
+      head :bad_request
+    end
+
+    private
+
+    def create_system_comment(event, payload)
+      creative = @repository_link.creative&.effective_origin
+      return unless creative
+
+      content = format_github_event(event, payload)
+
+      comment = creative.comments.create!(
+        user: nil,
+        content: content,
+        private: false
+      )
+
+      # Dispatch event for AI Agent routing
+      Collavre::SystemEvents::Dispatcher.dispatch("comment_created", {
+        comment: {
+          id: comment.id,
+          content: comment.content,
+          user_id: nil
+        },
+        creative: {
+          id: creative.id,
+          description: creative.description
+        },
+        topic: {
+          id: comment.topic_id
+        },
+        chat: {
+          content: comment.content
+        }
+      })
+    end
+
+    def format_github_event(event, payload)
+      case event
+      when "pull_request"
+        format_pull_request(payload)
+      when "push"
+        format_push(payload)
+      when "issues"
+        format_issue(payload)
+      when "issue_comment"
+        format_issue_comment(payload)
+      else
+        format_generic_event(event, payload)
+      end
+    end
+
+    def format_pull_request(payload)
+      pr = payload["pull_request"] || {}
+      action = payload["action"]
+      number = pr["number"]
+      title = pr["title"]
+      url = pr["html_url"]
+      user = pr.dig("user", "login")
+      merged = pr["merged"]
+      repo = payload.dig("repository", "full_name")
+      t = method(:t_webhook)
+
+      lines = []
+      lines << "### #{t.call('pull_request.title', action: action_label(action, merged))}"
+      lines << ""
+      lines << "**#{t.call('pull_request.repository')}:** #{repo}"
+      lines << "**#{t.call('pull_request.pr')}:** [##{number} #{title}](#{url})"
+      lines << "**#{t.call('pull_request.author')}:** #{user}"
+      lines << "**#{t.call('pull_request.action')}:** #{action}#{merged ? " #{t.call('pull_request.merged')}" : ''}"
+
+      if pr["body"].present?
+        lines << ""
+        lines << "**#{t.call('pull_request.description')}:**"
+        lines << pr["body"].to_s.truncate(500)
+      end
+
+      lines.join("\n")
+    end
+
+    def format_push(payload)
+      repo = payload.dig("repository", "full_name")
+      ref = payload["ref"]
+      branch = ref&.sub("refs/heads/", "")
+      pusher = payload.dig("pusher", "name")
+      commits = payload["commits"] || []
+      t = method(:t_webhook)
+
+      lines = []
+      lines << "### #{t.call('push.title', branch: branch)}"
+      lines << ""
+      lines << "**#{t.call('push.repository')}:** #{repo}"
+      lines << "**#{t.call('push.branch')}:** #{branch}"
+      lines << "**#{t.call('push.pusher')}:** #{pusher}"
+      lines << "**#{t.call('push.commits')}:** #{commits.size}"
+
+      if commits.any?
+        lines << ""
+        lines << "**#{t.call('push.recent_commits')}:**"
+        commits.first(5).each do |commit|
+          message = commit["message"].to_s.lines.first&.strip || t.call("push.no_message")
+          sha = commit["id"].to_s[0, 7]
+          lines << "- `#{sha}` #{message.truncate(80)}"
+        end
+        lines << "- #{t.call('push.more')}" if commits.size > 5
+      end
+
+      lines.join("\n")
+    end
+
+    def format_issue(payload)
+      issue = payload["issue"] || {}
+      action = payload["action"]
+      number = issue["number"]
+      title = issue["title"]
+      url = issue["html_url"]
+      user = issue.dig("user", "login")
+      repo = payload.dig("repository", "full_name")
+      t = method(:t_webhook)
+
+      lines = []
+      lines << "### #{t.call('issue.title', action: action)}"
+      lines << ""
+      lines << "**#{t.call('issue.repository')}:** #{repo}"
+      lines << "**#{t.call('issue.issue')}:** [##{number} #{title}](#{url})"
+      lines << "**#{t.call('issue.author')}:** #{user}"
+      lines << "**#{t.call('issue.action')}:** #{action}"
+
+      if action == "opened" && issue["body"].present?
+        lines << ""
+        lines << "**#{t.call('issue.description')}:**"
+        lines << issue["body"].to_s.truncate(500)
+      end
+
+      lines.join("\n")
+    end
+
+    def format_issue_comment(payload)
+      issue = payload["issue"] || {}
+      comment = payload["comment"] || {}
+      action = payload["action"]
+      number = issue["number"]
+      title = issue["title"]
+      url = comment["html_url"]
+      user = comment.dig("user", "login")
+      repo = payload.dig("repository", "full_name")
+      t = method(:t_webhook)
+
+      lines = []
+      lines << "### #{t.call('issue_comment.title', action: action, number: number)}"
+      lines << ""
+      lines << "**#{t.call('issue_comment.repository')}:** #{repo}"
+      lines << "**#{t.call('issue_comment.issue')}:** ##{number} #{title}"
+      lines << "**#{t.call('issue_comment.comment_by')}:** #{user}"
+      lines << "**#{t.call('issue_comment.link')}:** [#{t.call('issue_comment.view_comment')}](#{url})"
+
+      if comment["body"].present?
+        lines << ""
+        lines << "**#{t.call('issue_comment.comment')}:**"
+        lines << comment["body"].to_s.truncate(500)
+      end
+
+      lines.join("\n")
+    end
+
+    def format_generic_event(event, payload)
+      repo = payload.dig("repository", "full_name")
+      action = payload["action"]
+      sender = payload.dig("sender", "login")
+      t = method(:t_webhook)
+
+      lines = []
+      lines << "### #{t.call('generic.title', event: event.titleize)}"
+      lines << ""
+      lines << "**#{t.call('generic.repository')}:** #{repo}"
+      lines << "**#{t.call('generic.action')}:** #{action}" if action
+      lines << "**#{t.call('generic.sender')}:** #{sender}" if sender
+
+      lines.join("\n")
+    end
+
+    def action_label(action, merged)
+      t = method(:t_webhook)
+      case action
+      when "opened"
+        t.call("actions.opened")
+      when "closed"
+        merged ? t.call("actions.merged") : t.call("actions.closed")
+      when "reopened"
+        t.call("actions.reopened")
+      when "synchronize"
+        t.call("actions.updated")
+      when "ready_for_review"
+        t.call("actions.ready_for_review")
+      else
+        action&.titleize || t.call("actions.event")
+      end
+    end
+
+    def t_webhook(key, **options)
+      I18n.t("collavre_github.webhooks.#{key}", **options)
+    end
+
+    def find_repository_link(payload)
+      if payload.blank?
+        Rails.logger.warn("[GitHub Webhook] Payload is blank")
+        return
+      end
+
+      repo = payload["repository"] || payload[:repository]
+      if repo.blank?
+        Rails.logger.warn("[GitHub Webhook] Repository missing in payload")
+        return
+      end
+
+      full_name = repo["full_name"] || repo[:full_name]
+      if full_name.blank?
+        Rails.logger.warn("[GitHub Webhook] Repository full_name missing in payload")
+        return
+      end
+
+      CollavreGithub::RepositoryLink.find_by(repository_full_name: full_name)
+    end
+
+    def valid_signature?(raw_body)
+      secret = webhook_secret
+      signature_header = request.headers["X-Hub-Signature-256"] || request.headers["X-Hub-Signature"]
+
+      if secret.blank?
+        Rails.logger.warn("GitHub webhook secret missing; rejecting request")
+        return false
+      end
+
+      return false if signature_header.blank?
+
+      algorithm =
+        if signature_header.start_with?("sha256=")
+          "sha256"
+        elsif signature_header.start_with?("sha1=")
+          "sha1"
+        end
+
+      return false if algorithm.blank?
+
+      digest = OpenSSL::HMAC.hexdigest(algorithm.upcase, secret, raw_body)
+      expected_signature = "#{algorithm}=#{digest}"
+
+      ActiveSupport::SecurityUtils.secure_compare(expected_signature, signature_header)
+    end
+
+    def webhook_secret
+      @repository_link&.webhook_secret || fallback_webhook_secret
+    end
+
+    def fallback_webhook_secret
+      ENV["GITHUB_WEBHOOK_SECRET"] || Rails.application.credentials.dig(:github, :webhook_secret)
+    end
+
+    def parse_payload(raw_body)
+      params = request.request_parameters
+      parsed_params =
+        case params
+        when ActionController::Parameters
+          params.to_unsafe_h
+        else
+          params
+        end
+
+      if parsed_params.present?
+        wrapper_payload = parsed_params.with_indifferent_access[:payload]
+        return wrapper_payload if wrapper_payload.is_a?(Hash)
+        return JSON.parse(wrapper_payload) if wrapper_payload.is_a?(String)
+
+        return parsed_params
+      end
+
+      raw_body.present? ? JSON.parse(raw_body) : nil
+    end
+
+    def github_event_header
+      request.headers["X-GitHub-Event"].presence ||
+        request.get_header("HTTP_X_GITHUB_EVENT").presence
+    end
+  end
+end

data/app/models/collavre_github/account.rb

@@ -0,0 +1,11 @@
+module CollavreGithub
+  class Account < ApplicationRecord
+    self.table_name = "github_accounts"
+
+    belongs_to :user, class_name: "::User"
+    has_many :repository_links, class_name: "CollavreGithub::RepositoryLink",
+             foreign_key: :github_account_id, dependent: :destroy
+
+    encrypts :token, deterministic: false
+  end
+end

data/app/models/collavre_github/application_record.rb

@@ -0,0 +1,5 @@
+module CollavreGithub
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/models/collavre_github/repository_link.rb

@@ -0,0 +1,19 @@
+module CollavreGithub
+  class RepositoryLink < ApplicationRecord
+    self.table_name = "github_repository_links"
+
+    belongs_to :creative, class_name: "Collavre::Creative"
+    belongs_to :github_account, class_name: "CollavreGithub::Account"
+
+    validates :repository_full_name, presence: true
+    validates :webhook_secret, presence: true
+
+    before_validation :ensure_webhook_secret
+
+    private
+
+    def ensure_webhook_secret
+      self.webhook_secret ||= SecureRandom.hex(20)
+    end
+  end
+end

data/app/services/collavre_github/client.rb

@@ -0,0 +1,110 @@
+module CollavreGithub
+  class Client
+    def initialize(account)
+      @client = Octokit::Client.new(access_token: account.token)
+      @client.auto_paginate = true
+    end
+
+    def organizations
+      client.organizations
+    rescue Octokit::Error, Faraday::Error => e
+      Rails.logger.warn("GitHub organizations fetch failed: #{e.message}")
+      []
+    end
+
+    def repositories_for_authenticated_user
+      client.repos(nil, type: "all")
+    rescue Octokit::Error, Faraday::Error => e
+      Rails.logger.warn("GitHub user repos fetch failed: #{e.message}")
+      []
+    end
+
+    def repositories_for_organization(org)
+      client.org_repos(org, type: "all")
+    rescue Octokit::Error, Faraday::Error => e
+      Rails.logger.warn("GitHub org repos fetch failed: #{e.message}")
+      []
+    end
+
+    def pull_request_details(repo_full_name, number)
+      client.pull_request(repo_full_name, number)
+    rescue Octokit::Error, Faraday::Error => e
+      Rails.logger.warn("GitHub PR fetch failed: #{e.message}")
+      nil
+    end
+
+    def pull_request_commit_messages(repo_full_name, number)
+      client
+        .pull_request_commits(repo_full_name, number)
+        .map { |commit| commit.commit&.message }
+        .compact
+    rescue Octokit::Error, Faraday::Error => e
+      Rails.logger.warn("GitHub PR commits fetch failed: #{e.message}")
+      []
+    end
+
+    def pull_request_diff(repo_full_name, number)
+      files = client.pull_request_files(repo_full_name, number)
+      formatted = files.filter_map do |file|
+        next unless file.patch.present?
+
+        <<~DIFF.strip
+          diff --git a/#{file.filename} b/#{file.filename}
+          #{file.patch}
+        DIFF
+      end
+      formatted.join("\n\n").presence
+    rescue Octokit::Error, Faraday::Error => e
+      Rails.logger.warn("GitHub PR files fetch failed: #{e.message}")
+      nil
+    end
+
+    def repository_hooks(repo_full_name)
+      client.hooks(repo_full_name)
+    rescue Octokit::Error, Faraday::Error => e
+      Rails.logger.warn("GitHub hooks fetch failed for #{repo_full_name}: #{e.message}")
+      []
+    end
+
+    def create_repository_webhook(repo_full_name, url:, secret:, events:, content_type: "json")
+      client.create_hook(
+        repo_full_name,
+        "web",
+        {
+          url: url,
+          content_type: content_type,
+          secret: secret
+        },
+        {
+          events: events,
+          active: true
+        }
+      )
+    end
+
+    def update_repository_webhook(repo_full_name, hook_id, url:, secret:, events:, content_type: "json")
+      client.edit_hook(
+        repo_full_name,
+        hook_id,
+        "web",
+        {
+          url: url,
+          content_type: content_type,
+          secret: secret
+        },
+        {
+          events: events,
+          active: true
+        }
+      )
+    end
+
+    def delete_repository_webhook(repo_full_name, hook_id)
+      client.remove_hook(repo_full_name, hook_id)
+    end
+
+    private
+
+    attr_reader :client
+  end
+end

data/app/services/collavre_github/tools/concerns/github_client_finder.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module CollavreGithub
+  module Tools
+    module Concerns
+      # Shared logic for finding GitHub client from Creative context
+      module GithubClientFinder
+        extend ActiveSupport::Concern
+
+        private
+
+        # Find GitHub client for a creative and repository
+        # Traverses from creative to its origin, then finds the linked repository
+        #
+        # @param creative_id [Integer] The creative ID to start from
+        # @param repo [String] Repository full name (e.g., "owner/repo")
+        # @return [CollavreGithub::Client, nil] GitHub client or nil if not found
+        def find_github_client(creative_id, repo)
+          creative = Collavre::Creative.find_by(id: creative_id)
+          return nil unless creative
+
+          origin = creative.effective_origin
+          link = CollavreGithub::RepositoryLink
+            .joins(:creative)
+            .where(repository_full_name: repo)
+            .where(creative: origin.self_and_descendants)
+            .first
+
+          return nil unless link&.github_account
+
+          CollavreGithub::Client.new(link.github_account)
+        end
+      end
+    end
+  end
+end

data/app/services/collavre_github/tools/github_pr_commits_service.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "rails_mcp_engine"
+
+module CollavreGithub
+  module Tools
+    class GithubPrCommitsService
+      extend T::Sig
+      extend ToolMeta
+      include Concerns::GithubClientFinder
+
+      tool_name "github_pr_commits"
+      tool_description <<~DESC.strip
+        Get the commit messages of a GitHub pull request.
+        Returns a list of commit messages in the PR.
+        Requires the creative to have a connected GitHub repository.
+      DESC
+
+      tool_param :creative_id, description: "The ID of the creative with GitHub integration."
+      tool_param :repo, description: "Repository full name (e.g., 'owner/repo')."
+      tool_param :pr_number, description: "Pull request number."
+
+      sig { params(creative_id: Integer, repo: String, pr_number: Integer).returns(T::Hash[Symbol, T.untyped]) }
+      def call(creative_id:, repo:, pr_number:)
+        client = find_github_client(creative_id, repo)
+        return { error: "GitHub account not found for this creative and repository" } unless client
+
+        messages = client.pull_request_commit_messages(repo, pr_number)
+
+        {
+          commits: messages.map.with_index(1) { |msg, i| { index: i, message: msg } },
+          count: messages.size
+        }
+      rescue StandardError => e
+        { error: "Failed to fetch PR commits: #{e.message}" }
+      end
+    end
+  end
+end

data/app/services/collavre_github/tools/github_pr_details_service.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "rails_mcp_engine"
+
+module CollavreGithub
+  module Tools
+    class GithubPrDetailsService
+      extend T::Sig
+      extend ToolMeta
+      include Concerns::GithubClientFinder
+
+      tool_name "github_pr_details"
+      tool_description <<~DESC.strip
+        Get details of a GitHub pull request including title, body, author, files changed, etc.
+        Requires the creative to have a connected GitHub repository.
+      DESC
+
+      tool_param :creative_id, description: "The ID of the creative with GitHub integration."
+      tool_param :repo, description: "Repository full name (e.g., 'owner/repo')."
+      tool_param :pr_number, description: "Pull request number."
+
+      sig { params(creative_id: Integer, repo: String, pr_number: Integer).returns(T::Hash[Symbol, T.untyped]) }
+      def call(creative_id:, repo:, pr_number:)
+        client = find_github_client(creative_id, repo)
+        return { error: "GitHub account not found for this creative and repository" } unless client
+
+        pr = client.pull_request_details(repo, pr_number)
+        return { error: "Pull request not found" } unless pr
+
+        {
+          number: pr.number,
+          title: pr.title,
+          body: pr.body.to_s.truncate(2000),
+          state: pr.state,
+          merged: pr.merged,
+          author: pr.user&.login,
+          created_at: pr.created_at&.iso8601,
+          updated_at: pr.updated_at&.iso8601,
+          merged_at: pr.merged_at&.iso8601,
+          additions: pr.additions,
+          deletions: pr.deletions,
+          changed_files: pr.changed_files,
+          html_url: pr.html_url,
+          base_branch: pr.base&.ref,
+          head_branch: pr.head&.ref
+        }
+      rescue StandardError => e
+        { error: "Failed to fetch PR details: #{e.message}" }
+      end
+    end
+  end
+end

data/app/services/collavre_github/tools/github_pr_diff_service.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "rails_mcp_engine"
+
+module CollavreGithub
+  module Tools
+    class GithubPrDiffService
+      extend T::Sig
+      extend ToolMeta
+      include Concerns::GithubClientFinder
+
+      DIFF_MAX_LENGTH = 10_000
+
+      tool_name "github_pr_diff"
+      tool_description <<~DESC.strip
+        Get the diff of a GitHub pull request.
+        Returns the patch/diff for all changed files.
+        Requires the creative to have a connected GitHub repository.
+      DESC
+
+      tool_param :creative_id, description: "The ID of the creative with GitHub integration."
+      tool_param :repo, description: "Repository full name (e.g., 'owner/repo')."
+      tool_param :pr_number, description: "Pull request number."
+      tool_param :max_length, description: "Maximum diff length (default: 10000 chars).", required: false
+
+      sig do
+        params(
+          creative_id: Integer,
+          repo: String,
+          pr_number: Integer,
+          max_length: T.nilable(Integer)
+        ).returns(T::Hash[Symbol, T.untyped])
+      end
+      def call(creative_id:, repo:, pr_number:, max_length: nil)
+        max_length ||= DIFF_MAX_LENGTH
+
+        client = find_github_client(creative_id, repo)
+        return { error: "GitHub account not found for this creative and repository" } unless client
+
+        diff = client.pull_request_diff(repo, pr_number)
+        return { error: "Could not fetch diff", diff: nil } unless diff
+
+        truncated = diff.length > max_length
+        diff_text = truncated ? "#{diff[0, max_length]}\n...\n[Diff truncated to #{max_length} characters]" : diff
+
+        {
+          diff: diff_text,
+          truncated: truncated,
+          original_length: diff.length
+        }
+      rescue StandardError => e
+        { error: "Failed to fetch PR diff: #{e.message}" }
+      end
+    end
+  end
+end