collavre_github 0.5.0 → 0.6.0

data/app/models/collavre_github/github_pr_channel.rb

@@ -0,0 +1,207 @@
+module CollavreGithub
+  class GithubPrChannel < Collavre::Channel
+    self.table_name = "channels"
+
+    def repo_full_name
+      config["repo_full_name"]
+    end
+
+    def pr_number
+      config["pr_number"].to_i
+    end
+
+    def pr_url
+      "https://github.com/#{repo_full_name}/pull/#{pr_number}"
+    end
+
+    def label
+      t("label", number: pr_number)
+    end
+
+    # Chip fallbacks: derived directly from config so the chip can render the
+    # full "PR #N" + URL immediately on attach, without waiting for the first
+    # webhook event to populate latest_label / latest_link.
+    def default_label
+      label
+    end
+
+    def default_link
+      pr_url
+    end
+
+    def badge_state
+      pr_state
+    end
+
+    def badge_title
+      I18n.t("collavre_github.channel.pr.badge.#{pr_state}", default: pr_state.to_s)
+    end
+
+    # PR lifecycle state used by the chip badge color. Defaults to "open" so
+    # freshly attached channels render the green badge before any close event
+    # has been received. Persisted in `config` to avoid a schema change for a
+    # channel-subtype-specific concern.
+    PR_STATES = %w[open merged closed_without_merge].freeze
+
+    def pr_state
+      state = config["pr_state"].to_s
+      PR_STATES.include?(state) ? state : "open"
+    end
+
+    # Symmetric with the reader: refuse to persist values outside PR_STATES
+    # rather than silently downgrading to "open" at read time. Without this
+    # any caller that mistypes (e.g. "merged_") would corrupt the badge color
+    # with no error surfaced.
+    def pr_state=(value)
+      value = value.to_s
+      raise ArgumentError, "Invalid pr_state: #{value.inspect}" unless PR_STATES.include?(value)
+      self.config = config.merge("pr_state" => value)
+    end
+
+    def attached_message
+      Collavre::Channel::InjectedMessage.new(
+        speaker: channel_bot_user,
+        message: t("attached_message", label: label, url: pr_url),
+        label: label,
+        link: pr_url
+      )
+    end
+
+    def reopened_message
+      Collavre::Channel::InjectedMessage.new(
+        speaker: channel_bot_user,
+        message: t("reopened_message", label: label, url: pr_url),
+        label: label,
+        link: pr_url
+      )
+    end
+
+    def handle(event:, payload:)
+      case event
+      when "issue_comment"
+        handle_issue_comment(payload)
+      when "pull_request_review_comment"
+        handle_review_comment(payload)
+      when "pull_request_review"
+        handle_review_submitted(payload)
+      when "pull_request"
+        handle_pull_request(payload)
+      end
+    end
+
+    private
+
+    def handle_pull_request(payload)
+      return nil unless payload["action"] == "closed"
+      pr = payload["pull_request"]
+      new_state = pr["merged"] ? "merged" : "closed_without_merge"
+      verb = pr["merged"] ? t("state_merged") : t("state_closed")
+
+      # pr_state is updated atomically with the closing comment: the dispatch
+      # path wraps both `handle` and `inject_into_topic!` in a single with_lock
+      # transaction, so an inject failure rolls this update back too. That is
+      # the intended behavior — we don't want the chip to flash merged/closed
+      # without the matching closing message in the timeline.
+      self.pr_state = new_state
+      save!
+
+      Collavre::Channel::InjectedMessage.new(
+        speaker: channel_bot_user,
+        message: t("closed_message", label: label, verb: verb),
+        label: label,
+        link: pr_url
+      )
+      # Detach is performed by the webhook controller AFTER injecting this
+      # message, so the chip stays visible until the closing comment lands.
+    end
+
+    def handle_review_submitted(payload)
+      return nil unless payload["action"] == "submitted"
+      review = payload["review"]
+      body = review["body"].to_s
+      return nil if body.strip.empty?
+
+      author = review.dig("user", "login")
+      return nil if ignored_actor?(author)
+      state = review["state"]
+      Collavre::Channel::InjectedMessage.new(
+        speaker: channel_bot_user,
+        message: t("review_submitted_message", author: author, state: state, label: label, body: body),
+        label: label,
+        link: pr_url
+      )
+    end
+
+    def handle_review_comment(payload)
+      return nil unless payload["action"] == "created"
+      comment = payload["comment"]
+      author = comment.dig("user", "login")
+      return nil if ignored_actor?(author)
+      path = comment["path"]
+      line = comment["line"]
+      body = comment["body"].to_s
+
+      location =
+        if path && line
+          t("review_comment_location_path_line", path: path, line: line)
+        elsif path
+          t("review_comment_location_path", path: path)
+        else
+          ""
+        end
+      Collavre::Channel::InjectedMessage.new(
+        speaker: channel_bot_user,
+        message: t("review_comment_message", author: author, label: label, location: location, body: body),
+        label: label,
+        link: pr_url
+      )
+    end
+
+    def handle_issue_comment(payload)
+      return nil unless payload["action"] == "created"
+      return nil unless payload.dig("issue", "pull_request") # PR comments only
+
+      comment = payload["comment"]
+      author = comment.dig("user", "login")
+      return nil if ignored_actor?(author)
+      body = comment["body"].to_s
+
+      Collavre::Channel::InjectedMessage.new(
+        speaker: channel_bot_user,
+        message: t("comment_message", author: author, label: label, body: body),
+        label: label,
+        link: pr_url
+      )
+    end
+
+    def ignored_actor?(login)
+      Array(config["ignore_actor_logins"]).include?(login)
+    end
+
+    def t(key, **opts)
+      I18n.t("collavre_github.channel.pr.#{key}", **opts)
+    end
+
+    # Find the channel bot user. Falls back to creating the row when missing
+    # (e.g. migrations applied but `db:seed` was skipped). Without this
+    # fallback every PR webhook would raise RecordNotFound and the event
+    # would be silently dropped by the controller's rescue.
+    def channel_bot_user
+      @channel_bot_user ||=
+        Collavre::User.find_by(email: Collavre::Channel::BOT_EMAIL) ||
+          ensure_channel_bot_user!
+    end
+
+    def ensure_channel_bot_user!
+      email = Collavre::Channel::BOT_EMAIL
+      user = Collavre::User.find_or_initialize_by(email: email)
+      user.name = Collavre::Channel::BOT_NAME
+      user.password = SecureRandom.hex(32) if user.new_record?
+      user.email_verified_at ||= Time.current
+      user.searchable = false if user.respond_to?(:searchable=)
+      user.llm_vendor = nil
+      user.save!
+      user
+    end
+  end
+end

data/app/services/collavre_github/client.rb

@@ -162,12 +162,26 @@ module CollavreGithub
 
     attr_reader :client
 
-    # Use GITHUB_API_ENDPOINT env var if set, otherwise fall back to mock server
-    # in development when no real GitHub credentials are configured.
+    # Resolve the API endpoint via Resolver (DB > ENV), otherwise fall back to
+    # the mock server in development when no real GitHub credentials are
+    # configured.
     def resolve_api_endpoint
-      return ENV["GITHUB_API_ENDPOINT"] if ENV["GITHUB_API_ENDPOINT"].present?
-
-      if Rails.env.development? && ENV["GITHUB_CLIENT_ID"].blank?
+      endpoint =
+        if defined?(Collavre::IntegrationSettings::Resolver)
+          Collavre::IntegrationSettings::Resolver.get(:github_api_endpoint).presence
+        else
+          ENV["GITHUB_API_ENDPOINT"].presence
+        end
+      return endpoint if endpoint.present?
+
+      github_client_id =
+        if defined?(Collavre::IntegrationSettings::Resolver)
+          Collavre::IntegrationSettings::Resolver.get(:github_client_id).presence
+        else
+          ENV["GITHUB_CLIENT_ID"].presence
+        end
+
+      if Rails.env.development? && github_client_id.blank?
         MOCK_SERVER_DEFAULT
       end
     end

data/app/services/collavre_github/pr_topic_link_parser.rb

@@ -0,0 +1,11 @@
+module CollavreGithub
+  class PrTopicLinkParser
+    TOPIC_RE = %r{/creatives/\d+/topics/(\d+)}.freeze
+
+    def self.call(body)
+      return nil if body.blank?
+      m = body.match(TOPIC_RE)
+      m && m[1].to_i
+    end
+  end
+end

data/app/services/collavre_github/tools/permission_denied_error.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+module CollavreGithub
+  module Tools
+    # Kept as an alias of the core engine's shared error so existing rescue
+    # blocks and tests in collavre_github continue to match. New code should
+    # reference `Collavre::Tools::PermissionDeniedError` directly.
+    PermissionDeniedError = ::Collavre::Tools::PermissionDeniedError
+  end
+end

data/app/services/collavre_github/tools/pr_monitor_service.rb

@@ -0,0 +1,152 @@
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "rails_mcp_engine"
+
+module CollavreGithub
+  module Tools
+    class PrMonitorService
+      extend T::Sig
+      extend ToolMeta
+
+      PR_URL_RE = %r{\Ahttps?://github\.com/([^/]+/[^/]+)/pull/(\d+)\z}.freeze
+
+      tool_name "pr_monitor"
+      tool_description <<~DESC.strip
+        Attach a GitHub PR monitor to a Collavre topic. After attachment,
+        PR comments, review comments, and review submissions are injected
+        into the topic as chat messages. Idempotent.
+      DESC
+
+      tool_param :topic_id, description: "The Collavre topic id to attach the PR channel to."
+      tool_param :pr_url, description: "Full GitHub PR URL, e.g. https://github.com/owner/repo/pull/123"
+
+      sig { params(topic_id: Integer, pr_url: String).returns(T::Hash[Symbol, T.untyped]) }
+      def call(topic_id:, pr_url:)
+        m = pr_url.match(PR_URL_RE)
+        raise ArgumentError, "Invalid PR URL: #{pr_url}" unless m
+        # GitHub owner/repo identifiers are case-insensitive but webhook payloads
+        # always carry the canonical case. Normalize on store so user input
+        # like "Owner/Repo" still matches incoming events.
+        repo = m[1].downcase
+        pr_number = m[2].to_i
+
+        topic = Collavre::Topic.find(topic_id)
+        Collavre::Tools::TopicAuthorizer.authorize_write!(topic)
+        channel, attach_status = find_or_attach_channel(topic, repo, pr_number)
+        # Re-seed announcement on fresh attach AND on detached->active so the
+        # chip label/link cache is repopulated after the channel was previously
+        # auto-detached (PR closed) and the user reattached it.
+        if attach_status == :created || attach_status == :reactivated
+          channel.inject_into_topic!(channel.attached_message)
+        end
+
+        result = { ok: true, channel_id: channel.id, repo: repo, pr_number: pr_number }
+        warning = ensure_webhook_events(topic, repo)
+        result[:webhook_warning] = warning if warning
+        result
+      end
+
+      private
+
+      # Wraps Collavre::ChannelAttacher with PR-specific create attrs and a
+      # PR-specific reactivation reset (pr_state back to "open"). The shared
+      # attacher handles the create/reactivate/noop lifecycle, including the
+      # concurrent insert race and dismissed_at clearing — Mirror
+      # WebhooksController#maybe_auto_attach_channel reactivation, so the
+      # chip resurfaces under the not_dismissed render scope.
+      sig { params(topic: Collavre::Topic, repo: String, pr_number: Integer).returns([ CollavreGithub::GithubPrChannel, Symbol ]) }
+      def find_or_attach_channel(topic, repo, pr_number)
+        Collavre::ChannelAttacher.call(
+          channel_class: CollavreGithub::GithubPrChannel,
+          lookup: -> { lookup_channel(topic, repo, pr_number) },
+          create_attrs: {
+            topic_id: topic.id,
+            config: { "repo_full_name" => repo, "pr_number" => pr_number, "pr_state" => "open" }
+          },
+          on_reactivate: ->(channel) {
+            channel.pr_state = "open" if channel.pr_state != "open"
+          }
+        )
+      end
+
+      sig { params(topic: Collavre::Topic, repo: String, pr_number: Integer).returns(T.nilable(CollavreGithub::GithubPrChannel)) }
+      def lookup_channel(topic, repo, pr_number)
+        CollavreGithub::GithubPrChannel.where(topic_id: topic.id).find do |c|
+          c.repo_full_name.to_s.downcase == repo.downcase && c.pr_number == pr_number
+        end
+      end
+
+      # Make sure the repo's webhook subscribes to the PR-channel events
+      # (issue_comment / pull_request_review / pull_request_review_comment).
+      # Without these, GitHub never delivers comment payloads and the channel
+      # silently misses them — exactly the bug that motivated this method.
+      # Returns a warning string when provisioning cannot run or fails; nil on
+      # success so the MCP response stays clean.
+      def ensure_webhook_events(topic, repo)
+        scoped_link = scoped_repository_link_for(topic, repo)
+        return "no RepositoryLink found for #{repo} in topic creative scope; webhook events not auto-provisioned" unless scoped_link
+
+        # Provision through the *global* primary link (lowest id across all
+        # creatives), not the scoped link. WebhookProvisioner only patches hook
+        # events when the link IS the primary; non-primary links short-circuit
+        # to secret alignment and skip the GitHub edit_hook call. So if we
+        # provisioned the scoped link and it was not the global primary, the
+        # existing hook would keep its old event list. The scoped link is only
+        # used as an authorization gate above.
+        provisioning_link = global_primary_repository_link_for(repo) || scoped_link
+
+        account = provisioning_link.github_account
+        return "RepositoryLink for #{repo} has no GitHub account; webhook events not auto-provisioned" unless account
+
+        results = CollavreGithub::WebhookProvisioner.ensure_for_links(
+          account: account,
+          links: [ provisioning_link ],
+          webhook_url: github_webhook_url
+        )
+        status = results.first&.last
+        # :failed means Client returned nil (Octokit/Faraday error rescued in
+        # CollavreGithub::Client). Surface that to the MCP caller so they know
+        # webhook events were not actually patched.
+        return "webhook provisioning failed: GitHub API rejected the hook request (see logs)" if status == :failed
+        nil
+      rescue => e
+        Rails.logger.warn("[pr_monitor] webhook provisioning failed for #{repo}: #{e.class}: #{e.message}")
+        "webhook provisioning failed: #{e.message}"
+      end
+
+      # Authorization gate: a RepositoryLink for `repo` must live in this
+      # topic's creative subtree (the topic creative itself or one of its
+      # ancestors). Without one, the dispatch path in WebhooksController would
+      # silently drop events for this topic anyway.
+      def scoped_repository_link_for(topic, repo)
+        creative = topic.creative
+        return nil unless creative
+
+        candidate_ids = [ creative.id ] + creative.ancestors.pluck(:id)
+        CollavreGithub::RepositoryLink
+          .where("LOWER(repository_full_name) = ?", repo.downcase)
+          .where(creative_id: candidate_ids)
+          .order(:id)
+          .first
+      end
+
+      # Mirrors WebhookProvisioner#primary_link_for: the lowest-id link for the
+      # repo across ALL creatives. This is the link whose secret + events the
+      # hook is aligned to, so we must provision through it to trigger an
+      # actual edit_hook call.
+      def global_primary_repository_link_for(repo)
+        CollavreGithub::RepositoryLink
+          .where("LOWER(repository_full_name) = ?", repo.downcase)
+          .order(:id)
+          .first
+      end
+
+      def github_webhook_url
+        CollavreGithub::Engine.routes.url_helpers.webhooks_url(
+          Rails.application.config.action_mailer.default_url_options
+        )
+      end
+    end
+  end
+end

data/app/services/collavre_github/webhook_provisioner.rb

@@ -1,7 +1,13 @@
 module CollavreGithub
   class WebhookProvisioner
-    EVENTS = %w[pull_request].freeze
-    EVENTS_WITH_PUSH = %w[pull_request push].freeze
+    # PR channel webhooks need every event GithubPrChannel handles. Without
+    # `issue_comment` / `pull_request_review` / `pull_request_review_comment`
+    # GitHub never delivers the relevant deliveries, so pr_monitor would attach
+    # a channel that silently misses comments. `pull_request` is required by
+    # the auto-attach + close detection paths.
+    CHANNEL_EVENTS = %w[issue_comment pull_request_review pull_request_review_comment].freeze
+    EVENTS = (%w[pull_request] + CHANNEL_EVENTS).freeze
+    EVENTS_WITH_PUSH = (%w[pull_request push] + CHANNEL_EVENTS).freeze
     CONTENT_TYPE = "json".freeze
 
     def self.ensure_for_links(account:, links:, webhook_url:)
@@ -17,10 +23,15 @@ module CollavreGithub
       @webhook_url = webhook_url
     end
 
+    # Returns [[link, status], ...] so callers can detect silent GitHub
+    # rejections. status is one of:
+    #   :created         - new hook created
+    #   :updated         - existing hook patched (events/url/secret)
+    #   :secret_aligned  - non-primary link with existing hook; only the local
+    #                      RepositoryLink secret was aligned. No GitHub call.
+    #   :failed          - Octokit/Faraday error OR Client returned nil
     def ensure_for_links(links)
-      links.each do |link|
-        ensure_webhook(link)
-      end
+      links.map { |link| [ link, ensure_webhook(link) ] }
     end
 
     def remove_for_repositories(repositories)
@@ -50,8 +61,9 @@ module CollavreGithub
       if hook
         if primary_link && primary_link != link
           align_link_secret(link, primary_link.webhook_secret)
+          :secret_aligned
         else
-          update_webhook(repository_full_name, hook.id, link.webhook_secret)
+          update_webhook(repository_full_name, hook.id, link.webhook_secret) ? :updated : :failed
         end
       else
         secret = link.webhook_secret
@@ -61,12 +73,13 @@ module CollavreGithub
           align_link_secret(link, secret)
         end
 
-        create_webhook(repository_full_name, secret)
+        create_webhook(repository_full_name, secret) ? :created : :failed
       end
     rescue Octokit::Error => e
       Rails.logger.warn(
         "GitHub webhook provisioning failed for #{repository_full_name}: #{e.message}"
       )
+      :failed
     end
 
     def remove_webhook(repository_full_name)

data/config/initializers/integration_settings.rb

@@ -0,0 +1,11 @@
+# Register collavre_github integration setting keys with the central registry.
+# Registered eagerly (not in `to_prepare`) because `github_mock` is read at
+# boot by `config/initializers/omniauth.rb`. The other keys (`webhook_secret`,
+# `api_endpoint`) are resolved per request and don't strictly need eager
+# registration, but we keep them together for clarity.
+if defined?(Collavre::IntegrationSettings::Registry)
+  registry = Collavre::IntegrationSettings::Registry.instance
+  registry.register(:github_webhook_secret, category: "github", sensitive: true,  requires_restart: false)
+  registry.register(:github_api_endpoint,   category: "github", sensitive: false, requires_restart: false)
+  registry.register(:github_mock,           category: "github", sensitive: false, requires_restart: true)
+end

data/config/locales/en.yml

@@ -93,3 +93,21 @@ en:
         updated: "Updated"
         ready_for_review: "Ready for Review"
         event: "Event"
+    channel:
+      pr:
+        label: "PR #%{number}"
+        label_with_state: "%{label} (%{state})"
+        state_merged: "merged"
+        state_closed: "closed"
+        comment_message: "**@%{author}** commented on %{label}:\n\n%{body}"
+        review_comment_message: "**@%{author}** reviewed %{label}%{location}:\n\n%{body}"
+        review_comment_location_path: " on `%{path}`"
+        review_comment_location_path_line: " on `%{path}`:%{line}"
+        review_submitted_message: "**@%{author}** submitted a review (`%{state}`) on %{label}:\n\n%{body}"
+        closed_message: "%{label} was **%{verb}**. Detaching channel."
+        attached_message: "%{label} monitoring started.\n\n%{url}"
+        reopened_message: "%{label} was reopened. Monitoring resumed.\n\n%{url}"
+        badge:
+          open: "Open"
+          merged: "Merged"
+          closed_without_merge: "Closed without merging"

data/config/locales/ko.yml

@@ -93,3 +93,21 @@ ko:
         updated: "업데이트됨"
         ready_for_review: "리뷰 준비됨"
         event: "이벤트"
+    channel:
+      pr:
+        label: "PR #%{number}"
+        label_with_state: "%{label} (%{state})"
+        state_merged: "머지됨"
+        state_closed: "닫힘"
+        comment_message: "**@%{author}**님이 %{label}에 댓글을 남겼습니다:\n\n%{body}"
+        review_comment_message: "**@%{author}**님이 %{label}%{location}을(를) 리뷰했습니다:\n\n%{body}"
+        review_comment_location_path: " (`%{path}`)"
+        review_comment_location_path_line: " (`%{path}`:%{line})"
+        review_submitted_message: "**@%{author}**님이 %{label}에 리뷰를 제출했습니다 (`%{state}`):\n\n%{body}"
+        closed_message: "%{label}이(가) **%{verb}** 되었습니다. 채널을 해제합니다."
+        attached_message: "%{label} 모니터링이 시작되었습니다.\n\n%{url}"
+        reopened_message: "%{label}이(가) 재오픈되어 모니터링이 재개되었습니다.\n\n%{url}"
+        badge:
+          open: "열림"
+          merged: "머지됨"
+          closed_without_merge: "머지 없이 닫힘"

data/db/seeds.rb

@@ -76,6 +76,7 @@ module CollavreGithub
       github_pr_commits
       creative_retrieval_service
       creative_batch_service
+      pr_monitor
     ].freeze
 
     def self.call

data/lib/collavre_github/version.rb

@@ -1,3 +1,3 @@
 module CollavreGithub
-  VERSION = "0.5.0"
+  VERSION = "0.6.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: collavre_github
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Collavre
@@ -66,22 +66,28 @@ files:
 - app/controllers/collavre_github/auth_controller.rb
 - app/controllers/collavre_github/creatives/integrations_controller.rb
 - app/controllers/collavre_github/webhooks_controller.rb
+- app/javascript/collavre_github.js
 - app/jobs/collavre_github/initial_markdown_sync_job.rb
 - app/jobs/collavre_github/markdown_sync_job.rb
 - app/models/collavre_github/account.rb
 - app/models/collavre_github/application_record.rb
+- app/models/collavre_github/github_pr_channel.rb
 - app/models/collavre_github/repository_link.rb
 - app/services/collavre_github/client.rb
 - app/services/collavre_github/markdown_sync/content_processor.rb
 - app/services/collavre_github/markdown_sync/incremental_sync_service.rb
 - app/services/collavre_github/markdown_sync/initial_import_service.rb
+- app/services/collavre_github/pr_topic_link_parser.rb
 - app/services/collavre_github/tools/concerns/github_client_finder.rb
 - app/services/collavre_github/tools/github_pr_commits_service.rb
 - app/services/collavre_github/tools/github_pr_details_service.rb
 - app/services/collavre_github/tools/github_pr_diff_service.rb
+- app/services/collavre_github/tools/permission_denied_error.rb
+- app/services/collavre_github/tools/pr_monitor_service.rb
 - app/services/collavre_github/webhook_provisioner.rb
 - app/views/collavre_github/auth/setup.html.erb
 - app/views/collavre_github/integrations/_modal.html.erb
+- config/initializers/integration_settings.rb
 - config/locales/en.yml
 - config/locales/ko.yml
 - config/routes.rb