neon_sakura 0.1.4

data/.github/settings.yml

@@ -0,0 +1,70 @@
+# GitHub Repository Settings
+# This file can be used with the Probot Settings app: https://github.com/apps/settings
+# Or manually configure these settings in your repository
+
+repository:
+  # Repository name
+  name: neon_sakura
+
+  # Repository description
+  description: A Rails 8 application with advanced search and download capabilities
+
+  # Repository homepage
+  homepage: https://github.com/TRex22/neon_sakura
+
+  # Repository topics
+  topics: ruby, rails, rails8, yjit, sqlite, solidqueue
+
+  # Either true to enable automated security fixes, or false to disable
+  enable_automated_security_fixes: true
+
+  # Either true to enable vulnerability alerts, or false to disable
+  enable_vulnerability_alerts: true
+
+# Collaborators: none configured (manage via GitHub UI)
+
+# See https://docs.github.com/en/rest/reference/repos#update-a-repository for all available settings
+
+# Branch protection rules
+branches:
+  - name: main
+    # Required. Require at least one approving review on a pull request, before merging.
+    protection:
+      # Required. Require status checks to pass before merging.
+      required_status_checks:
+        # Required. Require branches to be up to date before merging.
+        strict: true
+        # Required. The list of status checks to require in order to merge into this branch
+        contexts:
+          - scan_ruby
+          - scan_js
+          - lint
+          - test
+          - system-test
+
+      # Required. Enforce all configured restrictions for administrators.
+      enforce_admins: false
+
+      # Required. Require at least one approving review on a pull request, before merging.
+      required_pull_request_reviews:
+        # Specify if approved reviews should be dismissed when new commits are pushed
+        dismiss_stale_reviews: true
+        # Specify if new reviewable commits should dismiss approved reviews
+        require_code_owner_reviews: false
+        # Specify the number of reviewers required to approve pull requests
+        required_approving_review_count: 0
+
+      # Required. Restrict who can push to this branch. Team and user restrictions are only available for organization-owned repositories. Set to null to disable.
+      restrictions: null
+
+      # Required. Require linear history
+      required_linear_history: false
+
+      # Permits force pushes to the protected branch by anyone with write access to the repository.
+      allow_force_pushes: false
+
+      # Allows deletion of the protected branch by anyone with write access to the repository.
+      allow_deletions: false
+
+      # Required. Allow specified users and teams to bypass required pull requests
+      required_conversation_resolution: true

data/.github/workflows/ai-pr-review-on-comment.yml

@@ -0,0 +1,384 @@
+name: AI PR Review on Comment
+
+on:
+  issue_comment:
+    types: [created]
+
+permissions:
+  contents: read
+  pull-requests: write
+  issues: write
+  models: read
+
+jobs:
+  ai-review-on-comment:
+    # Only run on PR comments that mention the bot
+    if: |
+      github.event.issue.pull_request &&
+      (contains(github.event.comment.body, '@ai-review') ||
+       contains(github.event.comment.body, '/review'))
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: React to comment
+        uses: actions/github-script@v8
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            await github.rest.reactions.createForIssueComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              comment_id: context.payload.comment.id,
+              content: 'rocket'
+            });
+
+      - name: Get PR details
+        id: pr-details
+        uses: actions/github-script@v8
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const pr = await github.rest.pulls.get({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: context.issue.number
+            });
+
+            core.setOutput('base_ref', pr.data.base.ref);
+            core.setOutput('head_ref', pr.data.head.ref);
+            core.setOutput('head_sha', pr.data.head.sha);
+            core.setOutput('pr_title', pr.data.title);
+            core.setOutput('pr_body', pr.data.body || '');
+            return pr.data;
+
+      - name: Checkout PR code
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ steps.pr-details.outputs.head_sha }}
+          fetch-depth: 0
+
+      - name: Get previous AI reviews and comments
+        id: previous-reviews
+        uses: actions/github-script@v8
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            // Fetch both PR comments and review comments
+            const comments = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number
+            });
+
+            const aiComments = comments.data
+              .filter(c => c.body.includes('🤖 AI Code Review'))
+              .map(c => ({
+                type: 'comment',
+                created_at: c.created_at,
+                body: c.body
+              }));
+
+            const reviews = await github.rest.pulls.listReviews({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: context.issue.number
+            });
+
+            const aiReviews = reviews.data
+              .filter(r => r.body && r.body.includes('🤖 AI Code Review'))
+              .map(r => ({
+                type: 'review',
+                created_at: r.submitted_at,
+                state: r.state,
+                body: r.body
+              }));
+
+            // Combine and sort by date (newest last)
+            const allReviews = [...aiComments, ...aiReviews]
+              .sort((a, b) => new Date(a.created_at) - new Date(b.created_at))
+              .slice(-3) // Last 3 reviews/comments
+              .map(r => r.body)
+              .join('\n---\n');
+
+            const truncated = allReviews.substring(0, 3000);
+
+            core.setOutput('reviews', truncated);
+            core.setOutput('has_reviews', truncated.length > 0 ? 'true' : 'false');
+
+      - name: Get PR diff
+        id: pr-diff
+        env:
+          BASE_REF: ${{ steps.pr-details.outputs.base_ref }}
+        run: |
+          git fetch origin "$BASE_REF"
+
+          DIFF=$(git diff "origin/$BASE_REF...HEAD")
+
+          # Filter out ignored sections
+          echo "$DIFF" | awk '
+            /ai-review-ignore-start/ { ignore=1; next }
+            /ai-review-ignore-end/ { ignore=0; next }
+            !ignore { print }
+          ' > pr_diff_filtered.txt
+
+          DIFF=$(cat pr_diff_filtered.txt)
+
+          DIFF_LENGTH=${#DIFF}
+          if [ $DIFF_LENGTH -gt 15000 ]; then
+            DIFF="${DIFF:0:15000}"
+            DIFF="$DIFF\n\n... (diff truncated due to size)"
+          fi
+
+          echo "$DIFF" > pr_diff.txt
+
+      - name: Get changed files list
+        id: changed-files
+        env:
+          BASE_REF: ${{ steps.pr-details.outputs.base_ref }}
+        run: |
+          git fetch origin "$BASE_REF"
+          FILES=$(git diff --name-only "origin/$BASE_REF...HEAD" | head -50)
+          echo "files<<EOF" >> $GITHUB_OUTPUT
+          echo "$FILES" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+
+      - name: Read project guidelines
+        id: guidelines
+        run: |
+          CLAUDE_MD=""
+          RUBOCOP_YML=""
+
+          # Extract comprehensive sections from CLAUDE.md using shared helper
+          if [ -f "CLAUDE.md" ] && [ -f ".ai-reviewer/extract-claude-sections.sh" ]; then
+            CLAUDE_MD=$(.ai-reviewer/extract-claude-sections.sh CLAUDE.md)
+          fi
+
+          # Only include key linting rules
+          if [ -f ".rubocop.yml" ]; then
+            RUBOCOP_YML=$(cat .rubocop.yml | grep -E "^[A-Z]|Enabled:|Max:" | head -c 1000)
+          fi
+
+          echo "claude_md<<EOF" >> $GITHUB_OUTPUT
+          echo "$CLAUDE_MD" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+
+          echo "rubocop_yml<<EOF" >> $GITHUB_OUTPUT
+          echo "$RUBOCOP_YML" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+
+      - name: Extract specific questions from comment
+        id: extract-question
+        uses: actions/github-script@v8
+        with:
+          script: |
+            const comment = context.payload.comment.body;
+
+            // Extract any text after the trigger
+            const triggers = ['@ai-review', '/review'];
+            let question = '';
+
+            for (const trigger of triggers) {
+              if (comment.includes(trigger)) {
+                const parts = comment.split(trigger);
+                if (parts.length > 1) {
+                  question = parts[1].trim();
+                  break;
+                }
+              }
+            }
+
+            core.setOutput('question', question);
+            return question;
+
+      - name: AI Code Review with Codestral
+        id: ai-review
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_TITLE: ${{ steps.pr-details.outputs.pr_title }}
+          PR_BODY: ${{ steps.pr-details.outputs.pr_body }}
+          CHANGED_FILES: ${{ steps.changed-files.outputs.files }}
+          CLAUDE_MD: ${{ steps.guidelines.outputs.claude_md }}
+          RUBOCOP_YML: ${{ steps.guidelines.outputs.rubocop_yml }}
+          USER_QUESTION: ${{ steps.extract-question.outputs.question }}
+          PREVIOUS_REVIEWS: ${{ steps.previous-reviews.outputs.reviews }}
+          HAS_PREVIOUS_REVIEWS: ${{ steps.previous-reviews.outputs.has_reviews }}
+        run: |
+          DIFF=$(cat pr_diff.txt)
+
+          # Use shared system prompt (source of truth)
+          if [ -f ".ai-reviewer/build-system-prompt.sh" ]; then
+            .ai-reviewer/build-system-prompt.sh > system.txt
+          else
+            echo "Error: Shared system prompt script not found" >&2
+            exit 1
+          fi
+
+          # Build user prompt
+          echo "**PR:** $PR_TITLE" > user.txt
+          echo "" >> user.txt
+          if [ -n "$PR_BODY" ]; then
+            echo "**Desc:** ${PR_BODY:0:500}" >> user.txt
+            echo "" >> user.txt
+          fi
+
+          # Add specific question prominently if provided
+          if [ -n "$USER_QUESTION" ]; then
+            echo "**USER QUESTION:** $USER_QUESTION" >> user.txt
+            echo "" >> user.txt
+          fi
+
+          echo "**Files:** $CHANGED_FILES" >> user.txt
+          echo "" >> user.txt
+          echo "**Diff:**" >> user.txt
+          echo '```diff' >> user.txt
+          echo "$DIFF" >> user.txt
+          echo '```' >> user.txt
+
+          # Add previous reviews if they exist
+          if [ "$HAS_PREVIOUS_REVIEWS" = "true" ]; then
+            echo "" >> user.txt
+            echo "**Previous Reviews:**" >> user.txt
+            echo "$PREVIOUS_REVIEWS" >> user.txt
+            echo "" >> user.txt
+            echo "Focus on: 1) Were previous issues fixed? 2) New changes since last review" >> user.txt
+          fi
+
+          # Only add guidelines if no previous reviews (first review needs full context)
+          if [ "$HAS_PREVIOUS_REVIEWS" != "true" ] && [ -n "$CLAUDE_MD" ]; then
+            echo "" >> user.txt
+            echo "**Project Guidelines (CLAUDE.md):**" >> user.txt
+            echo "$CLAUDE_MD" >> user.txt
+          fi
+
+          # Use jq to build properly escaped JSON from files
+          SYSTEM_PROMPT=$(cat system.txt)
+          USER_PROMPT=$(cat user.txt)
+
+          jq -n \
+            --arg system "$SYSTEM_PROMPT" \
+            --arg user "$USER_PROMPT" \
+            '{
+              messages: [
+                {role: "system", content: $system},
+                {role: "user", content: $user}
+              ],
+              model: "Codestral-2501",
+              temperature: 0.7,
+              max_tokens: 1500,
+              top_p: 0.95
+            }' > prompt.json
+
+          # Call GitHub Models API
+          RESPONSE=$(curl -s -X POST \
+            "https://models.inference.ai.azure.com/chat/completions" \
+            -H "Content-Type: application/json" \
+            -H "Authorization: Bearer $GITHUB_TOKEN" \
+            -d @prompt.json)
+
+          # Extract review content
+          REVIEW=$(echo "$RESPONSE" | jq -r '.choices[0].message.content // "Error: Unable to generate review"')
+
+          echo "$REVIEW" > review_raw.md
+
+          if echo "$REVIEW" | grep -q "Error:"; then
+            echo "ERROR: Failed to generate review"
+            echo "Response: $RESPONSE"
+            exit 1
+          fi
+
+          # Smart deduplication - removes both exact duplicates AND similar issues from same file:line
+          # This catches cases where AI generates variations like:
+          # - "file.rb:10 - Issue A"
+          # - "file.rb:10 - Issue B"  <- should be deduplicated (same file:line)
+          # This allows reviewing config/docs files while preventing repetition
+          awk '
+            # Extract file:line pattern (e.g., "file.rb:10")
+            match($0, /^[[:space:]]*-[[:space:]]*`[^`]+:[0-9]+/) {
+              prefix = substr($0, RSTART, RLENGTH)
+              # If we have seen this file:line before, skip
+              if (seen[prefix]++) next
+            }
+            # Also skip exact duplicate lines
+            !seen_exact[$0]++
+          ' review_raw.md > review.md
+
+          # If review is still too long after deduplication, truncate it
+          if [ $(wc -l < review.md) -gt 100 ]; then
+            head -100 review.md > review_truncated.md
+            echo "" >> review_truncated.md
+            echo "... (review truncated - too many issues)" >> review_truncated.md
+            mv review_truncated.md review.md
+          fi
+
+      - name: Dismiss previous AI reviews
+        uses: actions/github-script@v8
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            // Get all existing reviews for this PR
+            const reviews = await github.rest.pulls.listReviews({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: context.issue.number
+            });
+
+            // Find AI reviews that should be dismissed (REQUEST_CHANGES state)
+            const aiReviews = reviews.data.filter(r =>
+              r.body &&
+              r.body.includes('🤖 AI Code Review') &&
+              r.state === 'CHANGES_REQUESTED'
+            );
+
+            // Dismiss each AI review
+            for (const review of aiReviews) {
+              console.log(`Dismissing previous AI review #${review.id}`);
+              await github.rest.pulls.dismissReview({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                pull_number: context.issue.number,
+                review_id: review.id,
+                message: 'New AI review requested - dismissing previous AI review'
+              });
+            }
+
+      - name: Post review as PR review (not comment)
+        uses: actions/github-script@v8
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const fs = require('fs');
+            const review = fs.readFileSync('review.md', 'utf8');
+
+            // Determine review event type based on the Verdict section only
+            // GitHub does not allow bots to APPROVE, so we use COMMENT or REQUEST_CHANGES
+            let event = 'COMMENT';
+            let verdict = '💬 COMMENT';
+
+            // Extract only the Verdict section to avoid false positives from policy text
+            // Look for the first line after "## Verdict" that contains the status
+            const verdictMatch = review.match(/## Verdict\s*\n\*\*Status:\*\*\s*([^\n]*)/i);
+            if (verdictMatch) {
+              const verdictLine = verdictMatch[1].trim();
+              if (verdictLine.includes('REQUEST_CHANGES') || verdictLine.includes('REQUEST CHANGES')) {
+                event = 'REQUEST_CHANGES';
+                verdict = '⚠️ REQUEST CHANGES';
+              }
+            }
+
+            const body = `## 🤖 AI Code Review - ${verdict}\n\n${review}\n\n---\n*Powered by GitHub Models (Codestral-2501) • Requested by @${context.payload.comment.user.login} • AI recommendations only, human approval required • [Ignore sections](https://github.com/${context.repo.owner}/${context.repo.repo}/blob/main/docs/AI_PR_REVIEWER.md#ignoring-code-sections) with \`ai-review-ignore-start/end\`*`;
+
+            // Post as a proper PR review (not an issue comment)
+            // This prevents duplication and integrates better with GitHub's review system
+            await github.rest.pulls.createReview({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: context.issue.number,
+              body: body,
+              event: event
+            });
+
+      - name: Check for critical issues
+        run: |
+          if grep -qi "REQUEST CHANGES\|CRITICAL\|SECURITY.*CONCERN" review.md; then
+            echo "::warning::AI reviewer found critical issues that need attention"
+          fi