@in-the-loop-labs/pair-review 3.5.2 → 3.7.0

package/src/routes/config.js

@@ -20,7 +20,19 @@ const {
   isCheckInProgress
 } = require('../ai');
 const { normalizeRepository } = require('../utils/paths');
-const { isRunningViaNpx, getGitHubToken } = require('../config');
+const {
+  isRunningViaNpx,
+  getGitHubToken,
+  getDefaultProvider,
+  getDefaultModel,
+  resolveHostBinding,
+  resolveBindingRepositoryFromPR,
+  getSummaryEnabled,
+  getSummaryAutoGenerate,
+  getTourEnabled,
+  getTourAutoGenerate
+} = require('../config');
+const { resolveRepoLinks } = require('../links/repo-links');
 const { version } = require('../../package.json');
 const semver = require('semver');
 const { getAllChatProviders, getAllCachedChatAvailability } = require('../chat/chat-providers');
@@ -63,10 +75,54 @@ router.get('/runtime-config.js', (req, res) => {
 
 /**
  * Get user configuration (for frontend use)
- * Returns safe-to-expose configuration values
+ * Returns safe-to-expose configuration values.
+ *
+ * GitHub token presence is reported with two distinct fields:
+ *   - has_global_github_token: always present. True iff `getGitHubToken(config)`
+ *     resolves a token from the top-level config / env (no repo context).
+ *   - has_github_token: present ONLY when both ?owner and ?repo query
+ *     parameters are supplied. True iff a token can be resolved for that
+ *     specific repository via `resolveHostBinding(repo, config)` — this
+ *     covers repo-scoped `token`, `token_command`, alt-host bindings, AND
+ *     falls through to the global lookup. Callers that know which repo
+ *     they're rendering should pass these params so that repo-scoped
+ *     authentication is reflected accurately (e.g. for deciding whether
+ *     to enable GitHub-comment dedup). When the params are absent, the
+ *     repo-aware field is omitted entirely — there is no safe default
+ *     that doesn't risk silently meaning the wrong thing.
+ */
+/**
+ * Resolve a coherent default provider/model PAIR for the frontend.
+ *
+ * `default_provider` and `default_model` seed the bulk modal, auto-analyze, and
+ * the manual analyze dialog as a single selection, so they must belong together.
+ * An explicitly configured model wins (the user opted into it). When no model is
+ * configured, derive it from the selected provider's own default rather than the
+ * provider-agnostic global default — otherwise a provider-only override (e.g.
+ * `default_provider: 'gemini'`) would pair with an Anthropic model like 'opus'.
+ *
+ * @param {Object} config - Configuration object
+ * @returns {{ provider: string, model: string }}
  */
+function resolveDefaultProviderModel(config) {
+  const provider = getDefaultProvider(config);
+  const providerInfo = getAllProvidersInfo().find(p => p.id === provider);
+  const explicitModel = config.default_model || config.model;
+  // Only honour an explicit model if it actually belongs to the selected provider.
+  // `DEFAULT_CONFIG.default_model` is always populated (e.g. 'opus'), so a
+  // provider-only override like `default_provider: 'gemini'` would otherwise inherit
+  // a foreign Anthropic model and return a mismatched pair. When the model does not
+  // belong to the provider, derive a coherent default from the provider itself.
+  const modelBelongs = explicitModel && providerInfo?.models?.some(m => m.id === explicitModel);
+  if (modelBelongs) {
+    return { provider, model: explicitModel };
+  }
+  return { provider, model: providerInfo?.defaultModel || getDefaultModel(config) };
+}
+
 router.get('/api/config', (req, res) => {
   const config = req.app.get('config') || {};
+  const defaultPair = resolveDefaultProviderModel(config);
 
   // Build chat_providers array with availability
   const chatAvailability = getAllCachedChatAvailability();
@@ -74,13 +130,34 @@ router.get('/api/config', (req, res) => {
     id: p.id, name: p.name, type: p.type, available: chatAvailability[p.id]?.available || false
   }));
 
+  // Repo-aware token resolution (opt-in via ?owner & ?repo query params).
+  // Both must be non-empty strings; missing/partial params fall back to the
+  // global-only response shape.
+  const { owner, repo } = req.query;
+  const hasRepoContext = typeof owner === 'string' && owner.length > 0
+    && typeof repo === 'string' && repo.length > 0;
+
+  const hasGlobalGithubToken = Boolean(getGitHubToken(config));
+  let hasRepoGithubToken = null;
+  if (hasRepoContext) {
+    const repository = `${owner}/${repo}`;
+    // resolveHostBinding already falls through to top-level config when
+    // no repo-scoped token is configured, so this is a true union of
+    // "repo-scoped binding works" OR "global token works".
+    hasRepoGithubToken = Boolean(resolveHostBinding(repository, config).token);
+  }
+
   // Only return safe configuration values (not secrets like github_token)
   res.json({
     version,
     theme: config.theme || 'light',
-    has_github_token: Boolean(getGitHubToken(config)),
+    has_global_github_token: hasGlobalGithubToken,
+    // Repo-aware field — only included when owner+repo were supplied.
+    ...(hasRepoContext ? { has_github_token: hasRepoGithubToken } : {}),
     comment_button_action: config.comment_button_action || 'submit',
     comment_format: config.comment_format || 'legacy',
+    default_provider: defaultPair.provider,
+    default_model: defaultPair.model,
     // Include npx detection for frontend command examples
     is_running_via_npx: isRunningViaNpx(),
     enable_chat: config.enable_chat !== false,
@@ -93,6 +170,14 @@ router.get('/api/config', (req, res) => {
     enable_graphite: config.enable_graphite === true,
     external_comments: config.external_comments !== false,
     chat_spinner: config.chat_spinner || 'dots',
+    summaries: {
+      enabled: getSummaryEnabled(config),
+      auto_generate: getSummaryAutoGenerate(config)
+    },
+    tours: {
+      enabled: getTourEnabled(config),
+      auto_generate: getTourAutoGenerate(config)
+    },
     // Share configuration for external review viewers.
     // - url: The base URL of the external share site
     // - method: Plumbed through for future use (e.g., POST-based share flows).
@@ -200,6 +285,35 @@ router.get('/api/repos/:owner/:repo/settings', async (req, res) => {
   }
 });
 
+/**
+ * Get repository-specific header link configuration.
+ * Reads `config.repos["owner/repo"].links` and returns:
+ *   - external: { label, url_template, icon } | null
+ *   - github: boolean (false means hide the default GitHub link)
+ *   - graphite: boolean (false means hide the Graphite link)
+ *
+ * The icon SVG is sanitised server-side (script tags, on* handlers, and
+ * `javascript:` URLs stripped). The url_template is NOT substituted here —
+ * the frontend has the live PR/branch context, so it performs the
+ * whitelisted substitution at render time.
+ */
+router.get('/api/repos/:owner/:repo/links', (req, res) => {
+  try {
+    const { owner, repo } = req.params;
+    const repository = normalizeRepository(owner, repo);
+    const config = req.app.get('config') || {};
+    // Resolve via bindingRepository so monorepo-style configs (one
+    // `repos[...]` entry serving many captured owner/repo via
+    // url_pattern) surface the right link config.
+    const bindingRepository = resolveBindingRepositoryFromPR(owner, repo, config);
+    const links = resolveRepoLinks(config, bindingRepository);
+    res.json({ repository, links });
+  } catch (error) {
+    logger.error('Error resolving repo links:', error);
+    res.status(500).json({ error: 'Failed to resolve repository links' });
+  }
+});
+
 /**
  * Save repository-specific settings
  * Saves default_instructions, default_provider, and/or default_model for the repository
@@ -410,3 +524,4 @@ function _resetPendingUpdate() {
 
 module.exports = router;
 module.exports._resetPendingUpdate = _resetPendingUpdate;
+module.exports._resolveDefaultProviderModel = resolveDefaultProviderModel;

package/src/routes/context-files.js

@@ -11,10 +11,11 @@
 const fs = require('fs');
 const path = require('path');
 const express = require('express');
-const { ReviewRepository, ContextFileRepository, WorktreeRepository } = require('../database');
+const { ContextFileRepository, WorktreeRepository } = require('../database');
 const logger = require('../utils/logger');
 const { broadcastReviewEvent } = require('../events/review-events');
 const { getDiffFileList } = require('../utils/diff-file-list');
+const validateReviewId = require('./middleware/validate-review-id');
 
 const router = express.Router();
 
@@ -45,34 +46,6 @@ async function resolveRepoRoot(db, review) {
   return null;
 }
 
-/**
- * Middleware: validate that :reviewId exists in the reviews table.
- * Attaches the review record to req.review for downstream handlers.
- */
-async function validateReviewId(req, res, next) {
-  try {
-    const reviewId = parseInt(req.params.reviewId, 10);
-
-    if (isNaN(reviewId) || reviewId <= 0) {
-      return res.status(400).json({ error: 'Invalid review ID' });
-    }
-
-    const db = req.app.get('db');
-    const reviewRepo = new ReviewRepository(db);
-    const review = await reviewRepo.getReview(reviewId);
-
-    if (!review) {
-      return res.status(404).json({ error: `Review #${reviewId} not found` });
-    }
-
-    req.review = review;
-    req.reviewId = reviewId;
-    next();
-  } catch (error) {
-    next(error);
-  }
-}
-
 /**
  * POST /api/reviews/:reviewId/context-files
  * Add a context file range for a review.

package/src/routes/external-comments.js

@@ -34,8 +34,9 @@ const router = express.Router();
  * Default dependencies for the sync flow. Tests override these via the
  * `externalCommentsDeps` Express app setting (or by passing `_deps` to
  * `executeSync` directly). Credential resolution is delegated to the
- * adapter via `adapter.resolveCredentials(config)` — keeps the route
- * source-agnostic and lets each adapter name its own env var in errors.
+ * adapter via `adapter.resolveCredentials(config, repository)` — keeps the
+ * route source-agnostic, lets each adapter name its own env var in errors,
+ * and threads the repo through so per-repo alt-host bindings apply.
  */
 const defaults = {
   getAdapter
@@ -115,7 +116,7 @@ function isPRMode(review) {
  * @param {Object} params.config - Server config (for token lookup)
  * @param {Object} params.review - Validated review row
  * @param {string} params.source - Adapter source name (e.g. 'github')
- * @param {Object} [params._deps] - Test overrides for { GitHubClient, getGitHubToken, getAdapter }
+ * @param {Object} [params._deps] - Test overrides for { GitHubClient, getGitHubToken, getAdapter, resolveHostBinding, resolveBindingRepositoryFromPR }
  * @returns {Promise<{count: number, lostAnchors: number, syncedAt: string}>}
  */
 async function executeSync({ db, config, review, source, _deps }) {
@@ -124,12 +125,9 @@ async function executeSync({ db, config, review, source, _deps }) {
   // Look up adapter — throws on unknown sources, caught by the route.
   const adapter = deps.getAdapter(source);
 
-  // Delegate credential resolution to the adapter so the route stays
-  // source-agnostic and each adapter can name its own env var in errors.
-  // The adapter throws (e.g. GitHubApiError 401) when credentials are
-  // missing — the route's catch maps it to a 401 response.
-  const { client } = adapter.resolveCredentials(config || {}, _deps);
-
+  // Parse owner/repo BEFORE resolving credentials: the repository drives
+  // binding-aware credential resolution (per-repo api_host/token for
+  // alt-host repos), so it must be validated first.
   const [owner, repo] = String(review.repository).split('/');
   if (!owner || !repo) {
     throw new BadRequestError(
@@ -137,6 +135,18 @@ async function executeSync({ db, config, review, source, _deps }) {
     );
   }
 
+  // Delegate credential resolution to the adapter so the route stays
+  // source-agnostic and each adapter can name its own env var in errors.
+  // Thread `review.repository` through so the adapter resolves the
+  // repo-scoped host binding (alt-host api_host + repo token) instead of
+  // always targeting api.github.com with the top-level github.com token.
+  // The adapter throws (e.g. GitHubApiError 401) when credentials are
+  // missing — the route's catch maps it to a 401 response.
+  // `isAltHost` reflects whether the resolved binding targets an alternate
+  // Git host. Alt-hosts don't implement GitHub's deprecated `position`
+  // field, so it drives line-based anchoring in `mapComment` below.
+  const { client, isAltHost } = adapter.resolveCredentials(config || {}, review.repository, _deps);
+
   const apiRows = await adapter.fetchComments({
     client,
     owner,
@@ -156,7 +166,7 @@ async function executeSync({ db, config, review, source, _deps }) {
   for (const apiRow of apiRows || []) {
     let mapped;
     try {
-      mapped = adapter.mapComment(apiRow);
+      mapped = adapter.mapComment(apiRow, { isAltHost });
     } catch (mapError) {
       // A malformed row from the source shouldn't kill the whole sync — log
       // it and keep going. The adapter only throws for genuinely malformed

package/src/routes/github-collections.js

@@ -161,7 +161,9 @@ function registerCollection(def) {
       }
 
       const config = req.app.get('config');
-      const githubToken = getGitHubToken(config);
+      // Cross-repo search on github.com — no per-repo binding applies here.
+      // Explicit `undefined` repository selects the no-repo (top-level) path.
+      const githubToken = getGitHubToken(config, undefined);
       if (!githubToken) {
         return res.status(401).json({ success: false, error: 'GitHub token not configured' });
       }