@in-the-loop-labs/pair-review 2.6.3 → 3.0.0

package/src/routes/worktrees.js

@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: GPL-3.0-or-later
+// Copyright 2026 Tim Perkins (tjwp) | SPDX-License-Identifier: Apache-2.0
 /**
  * Worktree Management Routes
  *
@@ -9,9 +9,10 @@
  */
 
 const express = require('express');
-const { query, queryOne, run, WorktreeRepository } = require('../database');
+const { query, queryOne, run, ReviewRepository } = require('../database');
 const { setupPRReview } = require('../setup/pr-setup');
 const { GitHubApiError } = require('../github/client');
+const { GitWorktreeManager } = require('../git/worktree');
 const fs = require('fs').promises;
 const logger = require('../utils/logger');
 
@@ -116,211 +117,274 @@ router.post('/api/worktrees/create', async (req, res) => {
 });
 
 /**
- * Get recently accessed worktrees with cursor-based pagination.
- * Returns list of recently reviewed PRs with metadata.
- * Filters out stale worktrees where the directory no longer exists.
+ * Get recently reviewed PRs with cursor-based pagination.
+ * Lists from pr_metadata (source of truth) and includes storage status
+ * based on whether a local worktree directory exists.
  *
  * Query parameters:
- *   limit  - Number of worktrees to return (default 10, max 50)
- *   before - ISO timestamp cursor: return worktrees accessed before this time.
+ *   limit  - Number of reviews to return (default 10, max 50)
+ *   before - ISO timestamp cursor: return reviews accessed before this time.
  *            For subsequent pages, send the last_accessed_at of the last item
  *            from the previous page. Omit for the initial load.
  *
  * Response includes:
- *   worktrees - Array of worktree objects
- *   hasMore   - Whether more worktrees are available beyond this page
+ *   reviews - Array of review objects with storage_status
+ *   hasMore - Whether more reviews are available beyond this page
  */
 router.get('/api/worktrees/recent', async (req, res) => {
   try {
-    const limit = Math.min(parseInt(req.query.limit) || 10, 50); // Default 10, max 50
-    const before = req.query.before || null; // ISO timestamp cursor
+    const limit = Math.min(parseInt(req.query.limit) || 10, 50);
+    const before = req.query.before || null;
     const db = req.app.get('db');
 
-    // Fetch a constant overshoot per page to account for stale entries
-    // that will be filtered out, plus one extra to determine hasMore
-    const fetchCount = limit * 3 + 1;
-
-    let enrichedWorktrees;
-    if (before) {
-      // Cursor-based: fetch rows older than the cursor.
-      // Strict less-than: entries sharing the cursor timestamp may be skipped,
-      // acceptable given millisecond precision and small dataset size.
-      enrichedWorktrees = await query(db, `
-        SELECT
-          w.id,
-          w.repository,
-          w.pr_number,
-          w.branch,
-          w.path,
-          w.last_accessed_at,
-          w.created_at,
-          pm.title as pr_title,
-          pm.author,
-          pm.head_branch,
-          json_extract(pm.pr_data, '$.html_url') as html_url
-        FROM worktrees w
-        LEFT JOIN pr_metadata pm ON w.pr_number = pm.pr_number AND w.repository = pm.repository COLLATE NOCASE
-        WHERE w.last_accessed_at < ?
-        ORDER BY w.last_accessed_at DESC
-        LIMIT ?
-      `, [before, fetchCount]);
-    } else {
-      // Initial load: no cursor, just fetch from the top
-      enrichedWorktrees = await query(db, `
-        SELECT
-          w.id,
-          w.repository,
-          w.pr_number,
-          w.branch,
-          w.path,
-          w.last_accessed_at,
-          w.created_at,
-          pm.title as pr_title,
-          pm.author,
-          pm.head_branch,
-          json_extract(pm.pr_data, '$.html_url') as html_url
-        FROM worktrees w
-        LEFT JOIN pr_metadata pm ON w.pr_number = pm.pr_number AND w.repository = pm.repository COLLATE NOCASE
-        ORDER BY w.last_accessed_at DESC
-        LIMIT ?
-      `, [fetchCount]);
-    }
-
-    // Filter out worktrees where:
-    // 1. The directory no longer exists
-    // 2. The data is incomplete/corrupted (no author, unknown branch)
-    const staleIds = [];
-    const validWorktrees = [];
-
-    for (const w of enrichedWorktrees) {
-      // Check for corrupted/incomplete data
-      if (w.branch === 'unknown' || !w.pr_title || w.pr_title === `PR #${w.pr_number}`) {
-        staleIds.push(w.id);
-        continue;
-      }
-
-      // Check if path still exists
-      try {
-        await fs.access(w.path);
-        validWorktrees.push(w);
-      } catch {
-        // Path doesn't exist - mark for cleanup
-        staleIds.push(w.id);
-      }
-    }
-
-    // Only run stale cleanup on initial (non-paginated) requests to keep the
-    // dataset stable while the user pages through results.
-    if (staleIds.length > 0 && !before) {
-      setImmediate(async () => {
+    // Fetch limit + 1 to determine hasMore
+    const fetchCount = limit + 1;
+
+    const params = before ? [before, fetchCount] : [fetchCount];
+    const rows = await query(db, `
+      SELECT
+        pm.id,
+        pm.repository,
+        pm.pr_number,
+        pm.title,
+        pm.author,
+        pm.head_branch,
+        pm.last_accessed_at,
+        pm.created_at,
+        json_extract(pm.pr_data, '$.html_url') as html_url,
+        w.id as worktree_id,
+        w.path as worktree_path,
+        w.branch
+      FROM pr_metadata pm
+      LEFT JOIN worktrees w ON pm.pr_number = w.pr_number AND pm.repository = w.repository COLLATE NOCASE
+      WHERE pm.title IS NOT NULL AND pm.title != ''
+        ${before ? 'AND pm.last_accessed_at < ?' : ''}
+      ORDER BY pm.last_accessed_at DESC
+      LIMIT ?
+    `, params);
+
+    // Determine storage status for each entry
+    const reviews = [];
+    for (const row of rows) {
+      let storageStatus = 'cached';
+      if (row.worktree_path) {
         try {
-          const placeholders = staleIds.map(() => '?').join(',');
-          await run(db, `DELETE FROM worktrees WHERE id IN (${placeholders})`, staleIds);
-          logger.info(`Cleaned up ${staleIds.length} stale worktree records`);
-        } catch (err) {
-          logger.warn(`Failed to cleanup stale worktrees: ${err.message}`);
+          await fs.access(row.worktree_path);
+          storageStatus = 'local';
+        } catch {
+          // Worktree dir missing — clean up stale record asynchronously on first page
+          if (!before) {
+            setImmediate(async () => {
+              try {
+                await run(db, 'DELETE FROM worktrees WHERE id = ?', [row.worktree_id]);
+                logger.info(`Cleaned up stale worktree record ${row.worktree_id}`);
+              } catch (err) {
+                logger.warn(`Failed to cleanup stale worktree: ${err.message}`);
+              }
+            });
+          }
         }
+      }
+      reviews.push({
+        id: row.id,
+        repository: row.repository,
+        pr_number: row.pr_number,
+        pr_title: row.title,
+        author: row.author || null,
+        head_branch: row.head_branch || row.branch || null,
+        last_accessed_at: row.last_accessed_at,
+        created_at: row.created_at,
+        storage_status: storageStatus,
+        html_url: row.html_url || null
       });
     }
 
-    // Take the first `limit` valid results; anything beyond means hasMore
-    const pageWorktrees = validWorktrees.slice(0, limit);
-    const hasMore = validWorktrees.length > limit;
-
-    // Format the results with fallback values
-    const formattedWorktrees = pageWorktrees.map(w => ({
-      id: w.id,
-      repository: w.repository,
-      pr_number: w.pr_number,
-      pr_title: w.pr_title || `PR #${w.pr_number}`,
-      author: w.author || null,
-      branch: w.branch,
-      head_branch: w.head_branch || w.branch,
-      last_accessed_at: w.last_accessed_at,
-      created_at: w.created_at,
-      html_url: w.html_url || null
-    }));
+    // Take the first `limit` results; anything beyond means hasMore
+    const hasMore = reviews.length > limit;
+    const pageReviews = hasMore ? reviews.slice(0, limit) : reviews;
 
     res.json({
       success: true,
-      worktrees: formattedWorktrees,
+      reviews: pageReviews,
       hasMore
     });
 
   } catch (error) {
-    logger.error('Error fetching recent worktrees:', error);
+    logger.error('Error fetching recent reviews:', error);
     res.status(500).json({
       success: false,
-      error: 'Failed to fetch recent worktrees'
+      error: 'Failed to fetch recent reviews'
     });
   }
 });
 
 /**
- * Delete a worktree
- * Removes the worktree record from the database and optionally deletes the directory
+ * Delete a single review by pr_metadata ID.
+ * Cleans up: worktree directory, worktree record, comments, reviews, and pr_metadata.
+ *
+ * @param {object} db - Database handle
+ * @param {number} metadataId - pr_metadata.id
+ * @returns {{ success: boolean, message: string }}
+ * @throws {Error} if deletion fails
+ */
+async function deleteReviewById(db, metadataId) {
+  const metadata = await queryOne(db, `
+    SELECT id, pr_number, repository FROM pr_metadata WHERE id = ?
+  `, [metadataId]);
+
+  if (!metadata) {
+    return { success: false, message: 'Review not found' };
+  }
+
+  const { pr_number: prNumber, repository } = metadata;
+  logger.info(`Deleting review for ${repository} #${prNumber} (metadata ID ${metadataId})`);
+
+  // Look up associated worktree path for cleanup after DB commit
+  const worktree = await queryOne(db, `
+    SELECT id, path FROM worktrees WHERE pr_number = ? AND repository = ? COLLATE NOCASE
+  `, [prNumber, repository]);
+
+  // Delete all associated database records in a transaction
+  await run(db, 'BEGIN TRANSACTION');
+  try {
+    await run(db, 'DELETE FROM worktrees WHERE pr_number = ? AND repository = ? COLLATE NOCASE', [prNumber, repository]);
+    await run(db, 'DELETE FROM chat_sessions WHERE review_id IN (SELECT id FROM reviews WHERE pr_number = ? AND repository = ? COLLATE NOCASE)', [prNumber, repository]);
+    await run(db, `
+      DELETE FROM comments WHERE review_id IN (
+        SELECT id FROM reviews WHERE pr_number = ? AND repository = ? COLLATE NOCASE
+      )
+    `, [prNumber, repository]);
+    await run(db, 'DELETE FROM reviews WHERE pr_number = ? AND repository = ? COLLATE NOCASE', [prNumber, repository]);
+    await run(db, 'DELETE FROM pr_metadata WHERE id = ?', [metadataId]);
+    // Clean up cached GitHub PR data
+    const parts = repository.split('/');
+    if (parts.length === 2) {
+      await run(db, 'DELETE FROM github_pr_cache WHERE owner = ? AND repo = ? AND number = ?', [parts[0], parts[1], prNumber]);
+    }
+    await run(db, 'COMMIT');
+  } catch (txError) {
+    await run(db, 'ROLLBACK');
+    throw txError;
+  }
+
+  // Clean up worktree AFTER successful DB commit so rollback doesn't orphan data
+  if (worktree && worktree.path) {
+    try {
+      const worktreeManager = new GitWorktreeManager(db);
+      await worktreeManager.cleanupWorktree(worktree.path);
+      logger.info(`Cleaned up worktree: ${worktree.path}`);
+    } catch {
+      logger.warn(`Could not clean up worktree (may not exist): ${worktree.path}`);
+    }
+  }
+
+  logger.success(`Deleted review for ${repository} #${prNumber}`);
+  return { success: true, message: `Review for ${repository} #${prNumber} deleted` };
+}
+
+/**
+ * Delete a review and all associated data.
+ * Cleans up: worktree directory, worktree record, comments, reviews, and pr_metadata.
+ *
+ * :id is the pr_metadata.id (integer primary key)
  */
 router.delete('/api/worktrees/:id', async (req, res) => {
   try {
-    const worktreeId = req.params.id;
+    const metadataId = parseInt(req.params.id, 10);
 
-    if (!worktreeId) {
+    if (!metadataId || isNaN(metadataId)) {
       return res.status(400).json({
         success: false,
-        error: 'Invalid worktree ID'
+        error: 'Invalid review ID'
       });
     }
 
     const db = req.app.get('db');
-    const worktreeRepo = new WorktreeRepository(db);
+    const result = await deleteReviewById(db, metadataId);
 
-    // Get worktree info before deletion
-    const worktree = await queryOne(db, `
-      SELECT id, path, pr_number, repository FROM worktrees WHERE id = ?
-    `, [worktreeId]);
-
-    if (!worktree) {
+    if (!result.success) {
       return res.status(404).json({
         success: false,
-        error: 'Worktree not found'
+        error: result.message
       });
     }
 
-    logger.info(`Deleting worktree ID ${worktreeId} for ${worktree.repository} #${worktree.pr_number}`);
+    res.json({
+      success: true,
+      message: result.message
+    });
 
-    // Delete the worktree directory if it exists
-    if (worktree.path) {
-      try {
-        await fs.access(worktree.path);
-        // Directory exists, try to remove it
-        await fs.rm(worktree.path, { recursive: true, force: true });
-        logger.info(`Deleted worktree directory: ${worktree.path}`);
-      } catch (pathError) {
-        // Directory doesn't exist or can't be accessed - that's okay
-        logger.warn(`Could not delete worktree directory (may not exist): ${worktree.path}`);
-      }
+  } catch (error) {
+    logger.error('Error deleting review:', error);
+    res.status(500).json({
+      success: false,
+      error: 'Failed to delete review: ' + error.message
+    });
+  }
+});
+
+/**
+ * Bulk delete reviews by pr_metadata IDs.
+ * Accepts { ids: number[] } in request body. Max 50 IDs per request.
+ * Each deletion is independent — partial failures are reported per-ID.
+ */
+router.post('/api/worktrees/bulk-delete', async (req, res) => {
+  try {
+    const { ids } = req.body || {};
+
+    if (!Array.isArray(ids) || ids.length === 0) {
+      return res.status(400).json({
+        success: false,
+        error: 'Request body must contain a non-empty "ids" array'
+      });
     }
 
-    // Delete the worktree record from the database
-    await run(db, `DELETE FROM worktrees WHERE id = ?`, [worktreeId]);
+    if (ids.length > 50) {
+      return res.status(400).json({
+        success: false,
+        error: 'Maximum 50 IDs per request'
+      });
+    }
 
-    // Also delete associated PR metadata and comments (optional cleanup)
-    // Keep PR metadata for now as user might want to reload the PR later
-    // await run(db, `DELETE FROM pr_metadata WHERE pr_number = ? AND repository = ?`,
-    //   [worktree.pr_number, worktree.repository]);
+    const parsedIds = ids.map(id => parseInt(id, 10));
+    if (parsedIds.some(id => isNaN(id) || id <= 0)) {
+      return res.status(400).json({
+        success: false,
+        error: 'All IDs must be positive integers'
+      });
+    }
 
-    logger.success(`Deleted worktree ID ${worktreeId}`);
+    const db = req.app.get('db');
+    let deleted = 0;
+    const errors = [];
+
+    for (const id of parsedIds) {
+      try {
+        const result = await deleteReviewById(db, id);
+        if (result.success) {
+          deleted++;
+        } else {
+          errors.push({ id, error: result.message });
+        }
+      } catch (err) {
+        errors.push({ id, error: err.message });
+      }
+    }
+
+    if (deleted > 0) logger.success(`Bulk deleted ${deleted} review(s)`);
 
     res.json({
-      success: true,
-      message: `Worktree for ${worktree.repository} #${worktree.pr_number} deleted`
+      success: deleted > 0 || errors.length === 0,
+      deleted,
+      failed: errors.length,
+      errors
     });
 
   } catch (error) {
-    logger.error('Error deleting worktree:', error);
+    logger.error('Error in bulk delete:', error);
     res.status(500).json({
       success: false,
-      error: 'Failed to delete worktree: ' + error.message
+      error: 'Failed to process bulk delete: ' + error.message
     });
   }
 });

package/src/server.js

@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: GPL-3.0-or-later
+// Copyright 2026 Tim Perkins (tjwp) | SPDX-License-Identifier: Apache-2.0
 const express = require('express');
 const path = require('path');
 const { loadConfig, getGitHubToken, resolveDbName, warnIfDevModeWithoutDbName } = require('./config');
@@ -208,6 +208,34 @@ async function startServer(sharedDb = null) {
       res.sendFile(path.join(__dirname, '..', 'public', 'index.html'));
     });
     
+    // Bulk-open — opens multiple local URLs in the OS browser via the `open` package.
+    // Bypasses popup blockers since the server shells out directly.
+    const openUrl = (...args) => import('open').then(({ default: open }) => open(...args));
+    app.post('/api/bulk-open', async (req, res) => {
+      try {
+        const { urls } = req.body || {};
+        if (!Array.isArray(urls) || urls.length === 0) {
+          return res.status(400).json({ error: 'urls array required' });
+        }
+        if (urls.length > 20) {
+          return res.status(400).json({ error: 'Maximum 20 URLs per request' });
+        }
+        // Only allow local paths starting with / (prevent open-redirect)
+        const validUrls = urls.filter(u => typeof u === 'string' && u.startsWith('/'));
+        if (validUrls.length === 0) {
+          return res.status(400).json({ error: 'All URLs must be local paths starting with /' });
+        }
+        const port = req.socket.localPort;
+        for (const url of validUrls) {
+          await openUrl(`http://localhost:${port}${url}`);
+        }
+        res.json({ success: true, opened: validUrls.length });
+      } catch (error) {
+        logger.error('Bulk open failed:', error);
+        res.status(500).json({ error: 'Failed to open URLs' });
+      }
+    });
+
     // PR display route - serves pr.html if review data exists, setup.html otherwise
     app.get('/pr/:owner/:repo/:number', async (req, res) => {
       const { owner, repo, number } = req.params;
@@ -225,6 +253,8 @@ async function startServer(sharedDb = null) {
           // pr.html for a missing worktree, causing 404s on file fetches.
           const worktree = await queryOne(db, 'SELECT id FROM worktrees WHERE pr_number = ? AND repository = ? COLLATE NOCASE', [prNumber, repository]);
           if (worktree) {
+            // Update last_accessed_at so the recent reviews list reflects actual access
+            run(db, 'UPDATE pr_metadata SET last_accessed_at = ? WHERE id = ?', [new Date().toISOString(), existing.id]).catch(err => logger.warn(`Failed to update last_accessed_at: ${err.message}`));
             res.sendFile(path.join(__dirname, '..', 'public', 'pr.html'));
           } else {
             logger.info(`PR metadata exists but no worktree for ${repository} #${prNumber}, serving setup page`);

package/src/setup/local-setup.js

@@ -1,7 +1,11 @@
-// SPDX-License-Identifier: GPL-3.0-or-later
+// Copyright 2026 Tim Perkins (tjwp) | SPDX-License-Identifier: Apache-2.0
 const { findGitRoot, getHeadSha, getCurrentBranch, getRepositoryName, generateLocalDiff, generateLocalReviewId, computeLocalDiffDigest, findMainGitRoot } = require('../local-review');
 const { ReviewRepository, RepoSettingsRepository } = require('../database');
 const { localReviewDiffs } = require('../routes/shared');
+const { fireHooks, hasHooks } = require('../hooks/hook-runner');
+const { buildReviewStartedPayload, buildReviewLoadedPayload, getCachedUser } = require('../hooks/payloads');
+const { STOPS, DEFAULT_SCOPE } = require('../local-scope');
+const logger = require('../utils/logger');
 const path = require('path');
 const fs = require('fs').promises;
 
@@ -15,9 +19,10 @@ const fs = require('fs').promises;
  * @param {Object} options.db - Initialized database instance
  * @param {string} options.targetPath - Path to review (file or directory)
  * @param {Function} [options.onProgress] - Progress callback ({ step, status, message })
+ * @param {Object} [options.config] - App config (for hooks)
  * @returns {Promise<Object>} Review session info
  */
-async function setupLocalReview({ db, targetPath, onProgress }) {
+async function setupLocalReview({ db, targetPath, onProgress, config }) {
   const progress = typeof onProgress === 'function'
     ? onProgress
     : () => {};
@@ -56,7 +61,21 @@ async function setupLocalReview({ db, targetPath, onProgress }) {
     reviewId = generateLocalReviewId(repoPath, headSha);
 
     const reviewRepo = new ReviewRepository(db);
-    existingReview = await reviewRepo.getLocalReview(repoPath, headSha);
+    existingReview = await reviewRepo.getLocalReview(repoPath, headSha, branch);
+
+    // Adopt legacy sessions that predate branch tracking
+    if (!existingReview) {
+      const legacy = await reviewRepo.getLocalReviewByPathAndSha(repoPath, headSha);
+      if (legacy && legacy.local_head_branch === null) {
+        existingReview = legacy;
+      }
+    }
+
+    // Check for branch-scope session (persists across HEAD changes)
+    if (!existingReview) {
+      const branchSession = await reviewRepo.getLocalBranchReview(repoPath, branch);
+      if (branchSession) existingReview = branchSession;
+    }
 
     repository = await getRepositoryName(repoPath);
 
@@ -102,14 +121,21 @@ async function setupLocalReview({ db, targetPath, onProgress }) {
   try {
     progress({ step: 'store', status: 'running', message: 'Persisting review session...' });
 
+    const storeRepo = new ReviewRepository(db);
     if (existingReview) {
       sessionId = existingReview.id;
+      if (existingReview.local_head_sha !== headSha) {
+        await storeRepo.updateLocalHeadSha(sessionId, headSha);
+      }
+      if (existingReview.local_head_branch === null) {
+        await storeRepo.updateReview(sessionId, { local_head_branch: branch });
+      }
     } else {
-      const reviewRepo = new ReviewRepository(db);
-      sessionId = await reviewRepo.upsertLocalReview({
+      sessionId = await storeRepo.upsertLocalReview({
         localPath: repoPath,
         localHeadSha: headSha,
-        repository
+        repository,
+        localHeadBranch: branch
       });
     }
 
@@ -121,6 +147,21 @@ async function setupLocalReview({ db, targetPath, onProgress }) {
     throw err;
   }
 
+  // Fire review hook (non-blocking)
+  const hookEvent = existingReview ? 'review.loaded' : 'review.started';
+  if (config && hasHooks(hookEvent, config)) {
+    getCachedUser(config).then(user => {
+      const builder = existingReview ? buildReviewLoadedPayload : buildReviewStartedPayload;
+      const scopeStart = existingReview?.local_scope_start || DEFAULT_SCOPE.start;
+      const scopeEnd = existingReview?.local_scope_end || DEFAULT_SCOPE.end;
+      const si = STOPS.indexOf(scopeStart);
+      const ei = STOPS.indexOf(scopeEnd);
+      const scope = STOPS.slice(si, ei + 1);
+      const payload = builder({ reviewId: sessionId, mode: 'local', localContext: { path: repoPath, branch, headSha, scope }, user });
+      fireHooks(hookEvent, payload, config);
+    }).catch(err => { logger.warn(`Review hook failed: ${err.message}`); });
+  }
+
   return {
     reviewId: sessionId,
     reviewUrl: '/local/' + sessionId,