collavre_github 0.5.1 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6fb4ed5d918d784abb2dbfcaf6618391b4e1f888ccd166844db4bd823dce2e08
-  data.tar.gz: 9d569c3485a15ae9a282c2857bf8e30a3928e30f50fe9efa6e1ab13f12d2fe7d
+  metadata.gz: 10db15f8f1d4877e2b2b8c3c52b6a7bc6b906f742b6ef22d72c5edcdee89ee22
+  data.tar.gz: cc55e2500dafc1b6d19e59f6cb003b966de5ec9394009def30525c0a5b3c00b3
 SHA512:
-  metadata.gz: ed515fb1cd7ea7481ec30269b871b792a74c8a30d780abe4fb5473bf478111937f8748a60e4a432928aa7dbe75f8bef8fc8f1f91bacbd809b8b6367012b91f4a
-  data.tar.gz: 4ffb6a588103ddf1865539e93bff437d8ead4187354e0c4807707248d6f773bd49245d96cde837b6c02330f508ff4b7108da687f298a73d43e546f0f27419180
+  metadata.gz: ce8c29467f23b907a04ef532588d059ca1e7fa2f838e600fd730ba04becc5aba205f2669828a3ac520cd7ace29f29bfb0cc9eec10da776aa5f55693c42860143
+  data.tar.gz: 456701d9b38e6b8498064cede91e6931d2abea3c1d9671d73e6a370aa8e251d207e69b0d5000aac29dd5db597fbb4d1cb28b556bbed02b117dd813ef54f75c6d

data/app/controllers/collavre_github/webhooks_controller.rb

@@ -17,10 +17,13 @@ module CollavreGithub
       # Process all links for this repo (same repo can be linked to multiple creatives)
       all_links = all_repository_links_for(payload)
       all_links.each do |link|
-        create_system_comment_for(link, event, payload) if link.creative
+        create_system_comment_for(link, event, payload) if link.creative && !channel_only_event?(event)
         trigger_markdown_sync_for(link, event, payload) if link.markdown_sync_enabled?
       end
 
+      maybe_auto_attach_channel(event, payload)
+      dispatch_to_channels(event, payload)
+
       head :ok
     rescue JSON::ParserError
       head :bad_request
@@ -28,6 +31,194 @@ module CollavreGithub
 
     private
 
+    # `WebhookProvisioner` auto-subscribes every repo webhook to the events
+    # GithubPrChannel needs (`issue_comment`, `pull_request_review`,
+    # `pull_request_review_comment`). Those events must only reach attached
+    # PR channels — letting them through the creative feed would spam every
+    # linked creative with system comments from issues/PRs that nobody asked
+    # to monitor. `push` and `pull_request` continue to flow into the feed.
+    def channel_only_event?(event)
+      CollavreGithub::WebhookProvisioner::CHANNEL_EVENTS.include?(event)
+    end
+
+    def maybe_auto_attach_channel(event, payload)
+      return unless event == "pull_request" && %w[opened reopened].include?(payload["action"])
+      # GitHub repo identifiers are case-insensitive; normalize so stored
+      # channels (also lowercased) match incoming dispatch payloads regardless
+      # of how the repo casing arrives from clients.
+      repo = payload.dig("repository", "full_name")&.downcase
+      pr_number = payload.dig("pull_request", "number")
+      return unless repo && pr_number
+
+      # `reopened` must resurrect ANY existing channel for this (repo, pr) — not
+      # just channels whose PR body still contains a topic link. Manually attached
+      # channels (via `pr_monitor`) and PRs whose body link was later removed both
+      # have a valid channel but no link; without this branch, the body-link path
+      # below would short-circuit and dispatch_to_channels (.active scope) would
+      # skip the dismissed/detached row, leaving the chip hidden and the PR
+      # unmonitored for the rest of its reopened life.
+      reactivate_existing_channels_on_reopen(repo, pr_number) if payload["action"] == "reopened"
+
+      # Body-link path: only used to CREATE a new channel. Existing-channel paths
+      # are intentionally handled above (reopened) or as a strict no-op (opened
+      # redelivery — must not undo a user's X dismissal).
+      body = payload.dig("pull_request", "body")
+      topic_id = CollavreGithub::PrTopicLinkParser.call(body)
+      return unless topic_id
+
+      topic = Collavre::Topic.find_by(id: topic_id)
+      return unless topic
+
+      # Security: the PR description is attacker-controlled. Anyone able to open
+      # a PR on this repo could otherwise drop a link to an unrelated tenant's
+      # topic and have subsequent PR comments injected there. Only auto-attach
+      # when the topic's creative — or any of its ancestors — is linked to this
+      # repo (RepositoryLink applies to the whole subtree).
+      linked_creative_ids = CollavreGithub::RepositoryLink
+        .where("LOWER(repository_full_name) = ?", repo).pluck(:creative_id)
+      creative = topic.creative
+      return unless creative
+      candidate_ids = [ creative.id ] + creative.ancestors.pluck(:id)
+      return if (linked_creative_ids & candidate_ids).empty?
+
+      existing = GithubPrChannel.where(topic_id: topic.id).find do |c|
+        c.repo_full_name.to_s.downcase == repo && c.pr_number == pr_number
+      end
+      # Existing channel: strict no-op. `reopened` was already handled by the
+      # repo+pr scan above; `opened` redelivery must leave dismissed_at intact.
+      return existing if existing
+
+      GithubPrChannel.create!(
+        topic_id: topic.id,
+        config: { "repo_full_name" => repo, "pr_number" => pr_number, "pr_state" => "open" }
+      )
+    rescue ActiveRecord::RecordNotUnique
+      # concurrent webhook safe
+    rescue => e
+      Rails.logger.error("[CollavreGithub] auto-attach failed: #{e.class}: #{e.message}")
+    end
+
+    # Resurrect every existing channel for (repo, pr_number) on `pull_request.
+    # reopened`, regardless of whether the PR description currently contains a
+    # topic link. Mirrors dispatch's scope re-validation so a channel whose
+    # creative is no longer linked to this repo is NOT resurrected.
+    def reactivate_existing_channels_on_reopen(repo, pr_number)
+      linked_creative_ids = CollavreGithub::RepositoryLink
+        .where("LOWER(repository_full_name) = ?", repo).pluck(:creative_id)
+      return if linked_creative_ids.empty?
+
+      GithubPrChannel.find_each do |channel|
+        next unless channel.repo_full_name.to_s.downcase == repo && channel.pr_number == pr_number
+        next unless channel_in_repo_scope?(channel, linked_creative_ids)
+
+        begin
+          # Row-level lock + re-read guards against duplicate reopened announcements
+          # when two `pull_request.reopened` deliveries for the same dismissed/
+          # detached channel arrive concurrently (GitHub retries on 5xx, or
+          # duplicate fan-out). Without it, both requests can read was_inactive=true
+          # before either clears dismissed_at, then both inject the reopened
+          # message. Mirrors the close-path with_lock in dispatch_to_channels.
+          channel.with_lock do
+            was_inactive = !channel.active? || !channel.dismissed_at.nil?
+            if was_inactive || channel.pr_state != "open"
+              channel.state = :active unless channel.active?
+              channel.dismissed_at = nil unless channel.dismissed_at.nil?
+              channel.pr_state = "open" if channel.pr_state != "open"
+              channel.save!
+            end
+            # When the chip silently reappears after dismiss/detach, inject a
+            # one-line announcement so the user can trace the lifecycle —
+            # mirrors the attach announcement on first create.
+            if was_inactive
+              begin
+                channel.inject_into_topic!(channel.reopened_message)
+              rescue => e
+                Rails.logger.error("[CollavreGithub] reopened announce failed: #{e.class}: #{e.message}")
+              end
+            end
+          end
+        rescue => e
+          # Per-channel isolation: one bad row must not block sibling channels.
+          Rails.logger.error(
+            "[CollavreGithub] reopen reactivate failed for channel #{channel.id}: #{e.class}: #{e.message}"
+          )
+        end
+      end
+    end
+
+    def dispatch_to_channels(event, payload)
+      repo = payload.dig("repository", "full_name")&.downcase
+      pr_number = extract_pr_number(event, payload)
+      return if repo.blank? || pr_number.nil?
+
+      # Re-resolve which creatives are linked to this repo on every dispatch.
+      # The auto-attach guard validated the link at creation time, but a
+      # RepositoryLink can be removed or a topic can be moved to a different
+      # creative subtree after attachment. Without re-validating here, an
+      # orphaned channel would keep receiving cross-tenant PR events.
+      linked_creative_ids = CollavreGithub::RepositoryLink
+        .where("LOWER(repository_full_name) = ?", repo).pluck(:creative_id)
+
+      # Ruby-level filter for DB portability (SQLite dev/test, Postgres prod).
+      # Future optimization: switch to a jsonb-portable query once an established
+      # pattern exists in this codebase. Compare repo names case-insensitively
+      # so legacy mixed-case rows continue to match the canonical lowercase
+      # payload value.
+      GithubPrChannel.active.find_each do |channel|
+        next unless channel.repo_full_name.to_s.downcase == repo && channel.pr_number == pr_number
+        next unless channel_in_repo_scope?(channel, linked_creative_ids)
+
+        begin
+          # Row-level lock + re-check guards against duplicate dispatch when the
+          # same webhook is redelivered (GitHub retries on 5xx) or two webhooks
+          # arrive concurrently. Without it, both processes read state=active
+          # and each inject the closing comment. The query-level .active scope
+          # alone does not race-protect the inject+detach window.
+          channel.with_lock do
+            next unless channel.active?
+
+            injected = channel.handle(event: event, payload: payload)
+            next if injected.nil?
+
+            channel.inject_into_topic!(injected)
+            # Detach AFTER injecting the closing message so the chip remains
+            # visible (now with merged/closed badge) until dismissed by the user.
+            channel.detach! if event == "pull_request" && payload["action"] == "closed"
+          end
+        rescue => e
+          # Isolate per-channel failures so one broken channel does not block
+          # sibling channels monitoring the same PR.
+          Rails.logger.error(
+            "[CollavreGithub] channel #{channel.id} dispatch failed: #{e.class}: #{e.message}"
+          )
+        end
+      end
+    end
+
+    # A channel is in-scope iff its topic's creative — or any ancestor — is
+    # still listed in a RepositoryLink for the webhook's repo. Mirrors the
+    # auto-attach guard so removing a link severs the dispatch, not just the
+    # ability to create new monitors.
+    def channel_in_repo_scope?(channel, linked_creative_ids)
+      return false if linked_creative_ids.empty?
+
+      creative = channel.topic&.creative
+      return false unless creative
+
+      candidate_ids = [ creative.id ] + creative.ancestors.pluck(:id)
+      (linked_creative_ids & candidate_ids).any?
+    end
+
+    def extract_pr_number(event, payload)
+      case event
+      when "issue_comment"
+        n = payload.dig("issue", "number")
+        n if payload.dig("issue", "pull_request")
+      when "pull_request_review_comment", "pull_request_review", "pull_request"
+        payload.dig("pull_request", "number")
+      end
+    end
+
     def create_system_comment_for(link, event, payload)
       creative = link.creative&.effective_origin
       return unless creative
@@ -220,7 +411,9 @@ module CollavreGithub
       repo = payload&.dig("repository", "full_name") || payload&.dig(:repository, :full_name)
       return [ @repository_link ].compact if repo.blank?
 
-      CollavreGithub::RepositoryLink.where(repository_full_name: repo).to_a
+      CollavreGithub::RepositoryLink
+        .where("LOWER(repository_full_name) = ?", repo.downcase)
+        .to_a
     end
 
     def find_repository_link(payload)
@@ -241,7 +434,9 @@ module CollavreGithub
         return
       end
 
-      CollavreGithub::RepositoryLink.find_by(repository_full_name: full_name)
+      CollavreGithub::RepositoryLink
+        .where("LOWER(repository_full_name) = ?", full_name.downcase)
+        .first
     end
 
     def valid_signature?(raw_body)
@@ -275,7 +470,11 @@ module CollavreGithub
     end
 
     def fallback_webhook_secret
-      ENV["GITHUB_WEBHOOK_SECRET"] || Rails.application.credentials.dig(:github, :webhook_secret)
+      resolved =
+        if defined?(Collavre::IntegrationSettings::Resolver)
+          Collavre::IntegrationSettings::Resolver.get(:github_webhook_secret).presence
+        end
+      resolved || ENV["GITHUB_WEBHOOK_SECRET"] || Rails.application.credentials.dig(:github, :webhook_secret)
     end
 
     def parse_payload(raw_body)

data/app/models/collavre_github/github_pr_channel.rb

@@ -0,0 +1,207 @@
+module CollavreGithub
+  class GithubPrChannel < Collavre::Channel
+    self.table_name = "channels"
+
+    def repo_full_name
+      config["repo_full_name"]
+    end
+
+    def pr_number
+      config["pr_number"].to_i
+    end
+
+    def pr_url
+      "https://github.com/#{repo_full_name}/pull/#{pr_number}"
+    end
+
+    def label
+      t("label", number: pr_number)
+    end
+
+    # Chip fallbacks: derived directly from config so the chip can render the
+    # full "PR #N" + URL immediately on attach, without waiting for the first
+    # webhook event to populate latest_label / latest_link.
+    def default_label
+      label
+    end
+
+    def default_link
+      pr_url
+    end
+
+    def badge_state
+      pr_state
+    end
+
+    def badge_title
+      I18n.t("collavre_github.channel.pr.badge.#{pr_state}", default: pr_state.to_s)
+    end
+
+    # PR lifecycle state used by the chip badge color. Defaults to "open" so
+    # freshly attached channels render the green badge before any close event
+    # has been received. Persisted in `config` to avoid a schema change for a
+    # channel-subtype-specific concern.
+    PR_STATES = %w[open merged closed_without_merge].freeze
+
+    def pr_state
+      state = config["pr_state"].to_s
+      PR_STATES.include?(state) ? state : "open"
+    end
+
+    # Symmetric with the reader: refuse to persist values outside PR_STATES
+    # rather than silently downgrading to "open" at read time. Without this
+    # any caller that mistypes (e.g. "merged_") would corrupt the badge color
+    # with no error surfaced.
+    def pr_state=(value)
+      value = value.to_s
+      raise ArgumentError, "Invalid pr_state: #{value.inspect}" unless PR_STATES.include?(value)
+      self.config = config.merge("pr_state" => value)
+    end
+
+    def attached_message
+      Collavre::Channel::InjectedMessage.new(
+        speaker: channel_bot_user,
+        message: t("attached_message", label: label, url: pr_url),
+        label: label,
+        link: pr_url
+      )
+    end
+
+    def reopened_message
+      Collavre::Channel::InjectedMessage.new(
+        speaker: channel_bot_user,
+        message: t("reopened_message", label: label, url: pr_url),
+        label: label,
+        link: pr_url
+      )
+    end
+
+    def handle(event:, payload:)
+      case event
+      when "issue_comment"
+        handle_issue_comment(payload)
+      when "pull_request_review_comment"
+        handle_review_comment(payload)
+      when "pull_request_review"
+        handle_review_submitted(payload)
+      when "pull_request"
+        handle_pull_request(payload)
+      end
+    end
+
+    private
+
+    def handle_pull_request(payload)
+      return nil unless payload["action"] == "closed"
+      pr = payload["pull_request"]
+      new_state = pr["merged"] ? "merged" : "closed_without_merge"
+      verb = pr["merged"] ? t("state_merged") : t("state_closed")
+
+      # pr_state is updated atomically with the closing comment: the dispatch
+      # path wraps both `handle` and `inject_into_topic!` in a single with_lock
+      # transaction, so an inject failure rolls this update back too. That is
+      # the intended behavior — we don't want the chip to flash merged/closed
+      # without the matching closing message in the timeline.
+      self.pr_state = new_state
+      save!
+
+      Collavre::Channel::InjectedMessage.new(
+        speaker: channel_bot_user,
+        message: t("closed_message", label: label, verb: verb),
+        label: label,
+        link: pr_url
+      )
+      # Detach is performed by the webhook controller AFTER injecting this
+      # message, so the chip stays visible until the closing comment lands.
+    end
+
+    def handle_review_submitted(payload)
+      return nil unless payload["action"] == "submitted"
+      review = payload["review"]
+      body = review["body"].to_s
+      return nil if body.strip.empty?
+
+      author = review.dig("user", "login")
+      return nil if ignored_actor?(author)
+      state = review["state"]
+      Collavre::Channel::InjectedMessage.new(
+        speaker: channel_bot_user,
+        message: t("review_submitted_message", author: author, state: state, label: label, body: body),
+        label: label,
+        link: pr_url
+      )
+    end
+
+    def handle_review_comment(payload)
+      return nil unless payload["action"] == "created"
+      comment = payload["comment"]
+      author = comment.dig("user", "login")
+      return nil if ignored_actor?(author)
+      path = comment["path"]
+      line = comment["line"]
+      body = comment["body"].to_s
+
+      location =
+        if path && line
+          t("review_comment_location_path_line", path: path, line: line)
+        elsif path
+          t("review_comment_location_path", path: path)
+        else
+          ""
+        end
+      Collavre::Channel::InjectedMessage.new(
+        speaker: channel_bot_user,
+        message: t("review_comment_message", author: author, label: label, location: location, body: body),
+        label: label,
+        link: pr_url
+      )
+    end
+
+    def handle_issue_comment(payload)
+      return nil unless payload["action"] == "created"
+      return nil unless payload.dig("issue", "pull_request") # PR comments only
+
+      comment = payload["comment"]
+      author = comment.dig("user", "login")
+      return nil if ignored_actor?(author)
+      body = comment["body"].to_s
+
+      Collavre::Channel::InjectedMessage.new(
+        speaker: channel_bot_user,
+        message: t("comment_message", author: author, label: label, body: body),
+        label: label,
+        link: pr_url
+      )
+    end
+
+    def ignored_actor?(login)
+      Array(config["ignore_actor_logins"]).include?(login)
+    end
+
+    def t(key, **opts)
+      I18n.t("collavre_github.channel.pr.#{key}", **opts)
+    end
+
+    # Find the channel bot user. Falls back to creating the row when missing
+    # (e.g. migrations applied but `db:seed` was skipped). Without this
+    # fallback every PR webhook would raise RecordNotFound and the event
+    # would be silently dropped by the controller's rescue.
+    def channel_bot_user
+      @channel_bot_user ||=
+        Collavre::User.find_by(email: Collavre::Channel::BOT_EMAIL) ||
+          ensure_channel_bot_user!
+    end
+
+    def ensure_channel_bot_user!
+      email = Collavre::Channel::BOT_EMAIL
+      user = Collavre::User.find_or_initialize_by(email: email)
+      user.name = Collavre::Channel::BOT_NAME
+      user.password = SecureRandom.hex(32) if user.new_record?
+      user.email_verified_at ||= Time.current
+      user.searchable = false if user.respond_to?(:searchable=)
+      user.llm_vendor = nil
+      user.save!
+      user
+    end
+  end
+end

data/app/services/collavre_github/client.rb

@@ -162,12 +162,26 @@ module CollavreGithub
 
     attr_reader :client
 
-    # Use GITHUB_API_ENDPOINT env var if set, otherwise fall back to mock server
-    # in development when no real GitHub credentials are configured.
+    # Resolve the API endpoint via Resolver (DB > ENV), otherwise fall back to
+    # the mock server in development when no real GitHub credentials are
+    # configured.
     def resolve_api_endpoint
-      return ENV["GITHUB_API_ENDPOINT"] if ENV["GITHUB_API_ENDPOINT"].present?
-
-      if Rails.env.development? && ENV["GITHUB_CLIENT_ID"].blank?
+      endpoint =
+        if defined?(Collavre::IntegrationSettings::Resolver)
+          Collavre::IntegrationSettings::Resolver.get(:github_api_endpoint).presence
+        else
+          ENV["GITHUB_API_ENDPOINT"].presence
+        end
+      return endpoint if endpoint.present?
+
+      github_client_id =
+        if defined?(Collavre::IntegrationSettings::Resolver)
+          Collavre::IntegrationSettings::Resolver.get(:github_client_id).presence
+        else
+          ENV["GITHUB_CLIENT_ID"].presence
+        end
+
+      if Rails.env.development? && github_client_id.blank?
         MOCK_SERVER_DEFAULT
       end
     end

data/app/services/collavre_github/pr_topic_link_parser.rb

@@ -0,0 +1,11 @@
+module CollavreGithub
+  class PrTopicLinkParser
+    TOPIC_RE = %r{/creatives/\d+/topics/(\d+)}.freeze
+
+    def self.call(body)
+      return nil if body.blank?
+      m = body.match(TOPIC_RE)
+      m && m[1].to_i
+    end
+  end
+end

data/app/services/collavre_github/tools/permission_denied_error.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+module CollavreGithub
+  module Tools
+    # Kept as an alias of the core engine's shared error so existing rescue
+    # blocks and tests in collavre_github continue to match. New code should
+    # reference `Collavre::Tools::PermissionDeniedError` directly.
+    PermissionDeniedError = ::Collavre::Tools::PermissionDeniedError
+  end
+end

data/app/services/collavre_github/tools/pr_monitor_service.rb

@@ -0,0 +1,152 @@
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "rails_mcp_engine"
+
+module CollavreGithub
+  module Tools
+    class PrMonitorService
+      extend T::Sig
+      extend ToolMeta
+
+      PR_URL_RE = %r{\Ahttps?://github\.com/([^/]+/[^/]+)/pull/(\d+)\z}.freeze
+
+      tool_name "pr_monitor"
+      tool_description <<~DESC.strip
+        Attach a GitHub PR monitor to a Collavre topic. After attachment,
+        PR comments, review comments, and review submissions are injected
+        into the topic as chat messages. Idempotent.
+      DESC
+
+      tool_param :topic_id, description: "The Collavre topic id to attach the PR channel to."
+      tool_param :pr_url, description: "Full GitHub PR URL, e.g. https://github.com/owner/repo/pull/123"
+
+      sig { params(topic_id: Integer, pr_url: String).returns(T::Hash[Symbol, T.untyped]) }
+      def call(topic_id:, pr_url:)
+        m = pr_url.match(PR_URL_RE)
+        raise ArgumentError, "Invalid PR URL: #{pr_url}" unless m
+        # GitHub owner/repo identifiers are case-insensitive but webhook payloads
+        # always carry the canonical case. Normalize on store so user input
+        # like "Owner/Repo" still matches incoming events.
+        repo = m[1].downcase
+        pr_number = m[2].to_i
+
+        topic = Collavre::Topic.find(topic_id)
+        Collavre::Tools::TopicAuthorizer.authorize_write!(topic)
+        channel, attach_status = find_or_attach_channel(topic, repo, pr_number)
+        # Re-seed announcement on fresh attach AND on detached->active so the
+        # chip label/link cache is repopulated after the channel was previously
+        # auto-detached (PR closed) and the user reattached it.
+        if attach_status == :created || attach_status == :reactivated
+          channel.inject_into_topic!(channel.attached_message)
+        end
+
+        result = { ok: true, channel_id: channel.id, repo: repo, pr_number: pr_number }
+        warning = ensure_webhook_events(topic, repo)
+        result[:webhook_warning] = warning if warning
+        result
+      end
+
+      private
+
+      # Wraps Collavre::ChannelAttacher with PR-specific create attrs and a
+      # PR-specific reactivation reset (pr_state back to "open"). The shared
+      # attacher handles the create/reactivate/noop lifecycle, including the
+      # concurrent insert race and dismissed_at clearing — Mirror
+      # WebhooksController#maybe_auto_attach_channel reactivation, so the
+      # chip resurfaces under the not_dismissed render scope.
+      sig { params(topic: Collavre::Topic, repo: String, pr_number: Integer).returns([ CollavreGithub::GithubPrChannel, Symbol ]) }
+      def find_or_attach_channel(topic, repo, pr_number)
+        Collavre::ChannelAttacher.call(
+          channel_class: CollavreGithub::GithubPrChannel,
+          lookup: -> { lookup_channel(topic, repo, pr_number) },
+          create_attrs: {
+            topic_id: topic.id,
+            config: { "repo_full_name" => repo, "pr_number" => pr_number, "pr_state" => "open" }
+          },
+          on_reactivate: ->(channel) {
+            channel.pr_state = "open" if channel.pr_state != "open"
+          }
+        )
+      end
+
+      sig { params(topic: Collavre::Topic, repo: String, pr_number: Integer).returns(T.nilable(CollavreGithub::GithubPrChannel)) }
+      def lookup_channel(topic, repo, pr_number)
+        CollavreGithub::GithubPrChannel.where(topic_id: topic.id).find do |c|
+          c.repo_full_name.to_s.downcase == repo.downcase && c.pr_number == pr_number
+        end
+      end
+
+      # Make sure the repo's webhook subscribes to the PR-channel events
+      # (issue_comment / pull_request_review / pull_request_review_comment).
+      # Without these, GitHub never delivers comment payloads and the channel
+      # silently misses them — exactly the bug that motivated this method.
+      # Returns a warning string when provisioning cannot run or fails; nil on
+      # success so the MCP response stays clean.
+      def ensure_webhook_events(topic, repo)
+        scoped_link = scoped_repository_link_for(topic, repo)
+        return "no RepositoryLink found for #{repo} in topic creative scope; webhook events not auto-provisioned" unless scoped_link
+
+        # Provision through the *global* primary link (lowest id across all
+        # creatives), not the scoped link. WebhookProvisioner only patches hook
+        # events when the link IS the primary; non-primary links short-circuit
+        # to secret alignment and skip the GitHub edit_hook call. So if we
+        # provisioned the scoped link and it was not the global primary, the
+        # existing hook would keep its old event list. The scoped link is only
+        # used as an authorization gate above.
+        provisioning_link = global_primary_repository_link_for(repo) || scoped_link
+
+        account = provisioning_link.github_account
+        return "RepositoryLink for #{repo} has no GitHub account; webhook events not auto-provisioned" unless account
+
+        results = CollavreGithub::WebhookProvisioner.ensure_for_links(
+          account: account,
+          links: [ provisioning_link ],
+          webhook_url: github_webhook_url
+        )
+        status = results.first&.last
+        # :failed means Client returned nil (Octokit/Faraday error rescued in
+        # CollavreGithub::Client). Surface that to the MCP caller so they know
+        # webhook events were not actually patched.
+        return "webhook provisioning failed: GitHub API rejected the hook request (see logs)" if status == :failed
+        nil
+      rescue => e
+        Rails.logger.warn("[pr_monitor] webhook provisioning failed for #{repo}: #{e.class}: #{e.message}")
+        "webhook provisioning failed: #{e.message}"
+      end
+
+      # Authorization gate: a RepositoryLink for `repo` must live in this
+      # topic's creative subtree (the topic creative itself or one of its
+      # ancestors). Without one, the dispatch path in WebhooksController would
+      # silently drop events for this topic anyway.
+      def scoped_repository_link_for(topic, repo)
+        creative = topic.creative
+        return nil unless creative
+
+        candidate_ids = [ creative.id ] + creative.ancestors.pluck(:id)
+        CollavreGithub::RepositoryLink
+          .where("LOWER(repository_full_name) = ?", repo.downcase)
+          .where(creative_id: candidate_ids)
+          .order(:id)
+          .first
+      end
+
+      # Mirrors WebhookProvisioner#primary_link_for: the lowest-id link for the
+      # repo across ALL creatives. This is the link whose secret + events the
+      # hook is aligned to, so we must provision through it to trigger an
+      # actual edit_hook call.
+      def global_primary_repository_link_for(repo)
+        CollavreGithub::RepositoryLink
+          .where("LOWER(repository_full_name) = ?", repo.downcase)
+          .order(:id)
+          .first
+      end
+
+      def github_webhook_url
+        CollavreGithub::Engine.routes.url_helpers.webhooks_url(
+          Rails.application.config.action_mailer.default_url_options
+        )
+      end
+    end
+  end
+end

data/app/services/collavre_github/webhook_provisioner.rb

@@ -1,7 +1,13 @@
 module CollavreGithub
   class WebhookProvisioner
-    EVENTS = %w[pull_request].freeze
-    EVENTS_WITH_PUSH = %w[pull_request push].freeze
+    # PR channel webhooks need every event GithubPrChannel handles. Without
+    # `issue_comment` / `pull_request_review` / `pull_request_review_comment`
+    # GitHub never delivers the relevant deliveries, so pr_monitor would attach
+    # a channel that silently misses comments. `pull_request` is required by
+    # the auto-attach + close detection paths.
+    CHANNEL_EVENTS = %w[issue_comment pull_request_review pull_request_review_comment].freeze
+    EVENTS = (%w[pull_request] + CHANNEL_EVENTS).freeze
+    EVENTS_WITH_PUSH = (%w[pull_request push] + CHANNEL_EVENTS).freeze
     CONTENT_TYPE = "json".freeze
 
     def self.ensure_for_links(account:, links:, webhook_url:)
@@ -17,10 +23,15 @@ module CollavreGithub
       @webhook_url = webhook_url
     end
 
+    # Returns [[link, status], ...] so callers can detect silent GitHub
+    # rejections. status is one of:
+    #   :created         - new hook created
+    #   :updated         - existing hook patched (events/url/secret)
+    #   :secret_aligned  - non-primary link with existing hook; only the local
+    #                      RepositoryLink secret was aligned. No GitHub call.
+    #   :failed          - Octokit/Faraday error OR Client returned nil
     def ensure_for_links(links)
-      links.each do |link|
-        ensure_webhook(link)
-      end
+      links.map { |link| [ link, ensure_webhook(link) ] }
     end
 
     def remove_for_repositories(repositories)
@@ -50,8 +61,9 @@ module CollavreGithub
       if hook
         if primary_link && primary_link != link
           align_link_secret(link, primary_link.webhook_secret)
+          :secret_aligned
         else
-          update_webhook(repository_full_name, hook.id, link.webhook_secret)
+          update_webhook(repository_full_name, hook.id, link.webhook_secret) ? :updated : :failed
         end
       else
         secret = link.webhook_secret
@@ -61,12 +73,13 @@ module CollavreGithub
           align_link_secret(link, secret)
         end
 
-        create_webhook(repository_full_name, secret)
+        create_webhook(repository_full_name, secret) ? :created : :failed
       end
     rescue Octokit::Error => e
       Rails.logger.warn(
         "GitHub webhook provisioning failed for #{repository_full_name}: #{e.message}"
       )
+      :failed
     end
 
     def remove_webhook(repository_full_name)

data/config/initializers/integration_settings.rb

@@ -0,0 +1,11 @@
+# Register collavre_github integration setting keys with the central registry.
+# Registered eagerly (not in `to_prepare`) because `github_mock` is read at
+# boot by `config/initializers/omniauth.rb`. The other keys (`webhook_secret`,
+# `api_endpoint`) are resolved per request and don't strictly need eager
+# registration, but we keep them together for clarity.
+if defined?(Collavre::IntegrationSettings::Registry)
+  registry = Collavre::IntegrationSettings::Registry.instance
+  registry.register(:github_webhook_secret, category: "github", sensitive: true,  requires_restart: false)
+  registry.register(:github_api_endpoint,   category: "github", sensitive: false, requires_restart: false)
+  registry.register(:github_mock,           category: "github", sensitive: false, requires_restart: true)
+end

data/config/locales/en.yml

@@ -93,3 +93,21 @@ en:
         updated: "Updated"
         ready_for_review: "Ready for Review"
         event: "Event"
+    channel:
+      pr:
+        label: "PR #%{number}"
+        label_with_state: "%{label} (%{state})"
+        state_merged: "merged"
+        state_closed: "closed"
+        comment_message: "**@%{author}** commented on %{label}:\n\n%{body}"
+        review_comment_message: "**@%{author}** reviewed %{label}%{location}:\n\n%{body}"
+        review_comment_location_path: " on `%{path}`"
+        review_comment_location_path_line: " on `%{path}`:%{line}"
+        review_submitted_message: "**@%{author}** submitted a review (`%{state}`) on %{label}:\n\n%{body}"
+        closed_message: "%{label} was **%{verb}**. Detaching channel."
+        attached_message: "%{label} monitoring started.\n\n%{url}"
+        reopened_message: "%{label} was reopened. Monitoring resumed.\n\n%{url}"
+        badge:
+          open: "Open"
+          merged: "Merged"
+          closed_without_merge: "Closed without merging"

data/config/locales/ko.yml

@@ -93,3 +93,21 @@ ko:
         updated: "업데이트됨"
         ready_for_review: "리뷰 준비됨"
         event: "이벤트"
+    channel:
+      pr:
+        label: "PR #%{number}"
+        label_with_state: "%{label} (%{state})"
+        state_merged: "머지됨"
+        state_closed: "닫힘"
+        comment_message: "**@%{author}**님이 %{label}에 댓글을 남겼습니다:\n\n%{body}"
+        review_comment_message: "**@%{author}**님이 %{label}%{location}을(를) 리뷰했습니다:\n\n%{body}"
+        review_comment_location_path: " (`%{path}`)"
+        review_comment_location_path_line: " (`%{path}`:%{line})"
+        review_submitted_message: "**@%{author}**님이 %{label}에 리뷰를 제출했습니다 (`%{state}`):\n\n%{body}"
+        closed_message: "%{label}이(가) **%{verb}** 되었습니다. 채널을 해제합니다."
+        attached_message: "%{label} 모니터링이 시작되었습니다.\n\n%{url}"
+        reopened_message: "%{label}이(가) 재오픈되어 모니터링이 재개되었습니다.\n\n%{url}"
+        badge:
+          open: "열림"
+          merged: "머지됨"
+          closed_without_merge: "머지 없이 닫힘"

data/db/seeds.rb

@@ -76,6 +76,7 @@ module CollavreGithub
       github_pr_commits
       creative_retrieval_service
       creative_batch_service
+      pr_monitor
     ].freeze
 
     def self.call

data/lib/collavre_github/version.rb

@@ -1,3 +1,3 @@
 module CollavreGithub
-  VERSION = "0.5.1"
+  VERSION = "0.6.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: collavre_github
 version: !ruby/object:Gem::Version
-  version: 0.5.1
+  version: 0.6.0
 platform: ruby
 authors:
 - Collavre
@@ -71,18 +71,23 @@ files:
 - app/jobs/collavre_github/markdown_sync_job.rb
 - app/models/collavre_github/account.rb
 - app/models/collavre_github/application_record.rb
+- app/models/collavre_github/github_pr_channel.rb
 - app/models/collavre_github/repository_link.rb
 - app/services/collavre_github/client.rb
 - app/services/collavre_github/markdown_sync/content_processor.rb
 - app/services/collavre_github/markdown_sync/incremental_sync_service.rb
 - app/services/collavre_github/markdown_sync/initial_import_service.rb
+- app/services/collavre_github/pr_topic_link_parser.rb
 - app/services/collavre_github/tools/concerns/github_client_finder.rb
 - app/services/collavre_github/tools/github_pr_commits_service.rb
 - app/services/collavre_github/tools/github_pr_details_service.rb
 - app/services/collavre_github/tools/github_pr_diff_service.rb
+- app/services/collavre_github/tools/permission_denied_error.rb
+- app/services/collavre_github/tools/pr_monitor_service.rb
 - app/services/collavre_github/webhook_provisioner.rb
 - app/views/collavre_github/auth/setup.html.erb
 - app/views/collavre_github/integrations/_modal.html.erb
+- config/initializers/integration_settings.rb
 - config/locales/en.yml
 - config/locales/ko.yml
 - config/routes.rb