@jojonax/codex-copilot 1.5.5 → 1.6.0

package/src/utils/github.js

@@ -1,486 +1,486 @@
-/**
- * GitHub operations module - PR and Review management via gh CLI
- */
-
-import { execSync } from 'child_process';
-import { log } from './logger.js';
-
-function gh(cmd, cwd) {
-  return execSync(`gh ${cmd}`, {
-    cwd,
-    encoding: 'utf-8',
-    stdio: ['pipe', 'pipe', 'pipe'],
-    timeout: 30000, // 30s timeout to prevent hanging on network issues
-  }).trim();
-}
-
-function ghSafe(cmd, cwd) {
-  try {
-    return { ok: true, output: gh(cmd, cwd) };
-  } catch (err) {
-    return { ok: false, output: err.stderr || err.message };
-  }
-}
-
-function ghJSON(cmd, cwd) {
-  const output = gh(cmd, cwd);
-  if (!output) return null;
-  try {
-    return JSON.parse(output);
-  } catch {
-    return null;
-  }
-}
-
-function ghJSONSafe(cmd, cwd) {
-  try {
-    return ghJSON(cmd, cwd);
-  } catch {
-    return null;
-  }
-}
-
-function shellEscape(str) {
-  return `'${str.replace(/'/g, "'\\''")}'`
-}
-
-/**
- * Check if gh CLI is authenticated
- */
-export function checkGhAuth() {
-  try {
-    execSync('gh auth status', { encoding: 'utf-8', stdio: 'pipe' });
-    return true;
-  } catch {
-    return false;
-  }
-}
-
-/**
- * Ensure the base branch exists on remote.
- * If not, push it first.
- */
-export function ensureRemoteBranch(cwd, branch) {
-  try {
-    const result = execSync(
-      `git ls-remote --heads origin ${branch}`,
-      { cwd, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] }
-    ).trim();
-    if (!result) {
-      // Branch doesn't exist on remote, push it
-      log.info(`Base branch '${branch}' not found on remote, pushing...`);
-      execSync(`git push origin ${branch}`, {
-        cwd,
-        encoding: 'utf-8',
-        stdio: ['pipe', 'pipe', 'pipe'],
-      });
-      log.info(`Base branch '${branch}' pushed to remote`);
-    }
-    return true;
-  } catch (err) {
-    log.warn(`Failed to verify remote branch '${branch}': ${err.message}`);
-    return false;
-  }
-}
-
-/**
- * Check if there are commits between base and head branches
- */
-export function hasCommitsBetween(cwd, base, head) {
-  try {
-    const result = execSync(
-      `git log ${base}..${head} --oneline`,
-      { cwd, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] }
-    ).trim();
-    return result.length > 0;
-  } catch {
-    // If comparison fails (e.g., branches diverged), assume there are commits
-    return true;
-  }
-}
-
-/**
- * Find an existing PR for a given head branch
- * @returns {{ number: number, url: string } | null}
- */
-export function findExistingPR(cwd, head) {
-  try {
-    const prs = ghJSON(
-      `pr list --head ${shellEscape(head)} --json number,url --limit 1`,
-      cwd
-    );
-    if (prs && prs.length > 0) {
-      return { number: prs[0].number, url: prs[0].url || '' };
-    }
-    return null;
-  } catch {
-    return null;
-  }
-}
-
-/**
- * Create a pull request with pre-checks and auto-recovery
- */
-export function createPR(cwd, { title, body, base = 'main', head }) {
-  // Pre-check: ensure base branch exists on remote
-  ensureRemoteBranch(cwd, base);
-
-  const output = gh(
-    `pr create --title ${shellEscape(title)} --body ${shellEscape(body)} --base ${shellEscape(base)} --head ${shellEscape(head)}`,
-    cwd
-  );
-  // Extract PR URL and number from output
-  const urlMatch = output.match(/https:\/\/github\.com\/.+\/pull\/(\d+)/);
-  if (urlMatch) {
-    return { url: urlMatch[0], number: parseInt(urlMatch[1]) };
-  }
-  // May already exist
-  const existingMatch = output.match(/already exists.+\/pull\/(\d+)/);
-  if (existingMatch) {
-    return { url: output, number: parseInt(existingMatch[1]) };
-  }
-  throw new Error(`Failed to create PR: ${output}`);
-}
-
-/**
- * Create PR with full auto-recovery: pre-checks → create → fallback to find existing
- * @returns {{ number: number, url: string }}
- */
-export function createPRWithRecovery(cwd, { title, body, base = 'main', head }) {
-  // Step 1: Try to create the PR
-  try {
-    return createPR(cwd, { title, body, base, head });
-  } catch (err) {
-    log.warn(`PR creation failed: ${err.message}`);
-  }
-
-  // Step 2: Auto-find existing PR for this branch
-  log.info('Searching for existing PR...');
-  const existing = findExistingPR(cwd, head);
-  if (existing) {
-    log.info(`Found existing PR #${existing.number}`);
-    return existing;
-  }
-
-  // Step 3: Check if there are actually commits to create a PR for
-  if (!hasCommitsBetween(cwd, base, head)) {
-    log.warn('No commits between base and head branch');
-    log.info('This may be a new repo or empty branch. Attempting to push base branch and retry...');
-
-    // Ensure both branches are pushed
-    ensureRemoteBranch(cwd, base);
-    ensureRemoteBranch(cwd, head);
-
-    // Retry PR creation
-    try {
-      return createPR(cwd, { title, body, base, head });
-    } catch (retryErr) {
-      log.warn(`PR retry also failed: ${retryErr.message}`);
-    }
-
-    // Last resort: try to find PR again
-    const retryExisting = findExistingPR(cwd, head);
-    if (retryExisting) {
-      log.info(`Found existing PR #${retryExisting.number}`);
-      return retryExisting;
-    }
-  }
-
-  // Step 4: If all else fails, throw with actionable message
-  throw new Error(
-    `Cannot create or find PR for branch '${head}'. ` +
-    `Possible causes: base branch '${base}' may not exist on remote, ` +
-    `or there are no commits between '${base}' and '${head}'. ` +
-    `Try: git push origin ${base} && git push origin ${head}`
-  );
-}
-
-/**
- * Get PR review list
- */
-export function getReviews(cwd, prNumber) {
-  try {
-    const num = validatePRNumber(prNumber);
-    return ghJSON(`api repos/{owner}/{repo}/pulls/${num}/reviews`, cwd) || [];
-  } catch {
-    return [];
-  }
-}
-
-/**
- * Get PR review comments
- */
-export function getReviewComments(cwd, prNumber) {
-  try {
-    const num = validatePRNumber(prNumber);
-    return ghJSON(`api repos/{owner}/{repo}/pulls/${num}/comments`, cwd) || [];
-  } catch {
-    return [];
-  }
-}
-
-/**
- * Get PR issue comments (including bot comments)
- */
-export function getIssueComments(cwd, prNumber) {
-  try {
-    const num = validatePRNumber(prNumber);
-    return ghJSON(`api repos/{owner}/{repo}/issues/${num}/comments`, cwd) || [];
-  } catch {
-    return [];
-  }
-}
-
-/**
- * Check the latest review state
- * @returns {'APPROVED' | 'CHANGES_REQUESTED' | 'COMMENTED' | 'PENDING' | null}
- */
-export function getLatestReviewState(cwd, prNumber) {
-  const reviews = getReviews(cwd, prNumber);
-  if (!reviews || reviews.length === 0) return null;
-
-  // Filter out PENDING and DISMISSED
-  const active = reviews.filter(r => r.state !== 'PENDING' && r.state !== 'DISMISSED');
-  if (active.length === 0) return null;
-
-  return active[active.length - 1].state;
-}
-
-/**
- * Merge a pull request
- */
-export function mergePR(cwd, prNumber, method = 'squash') {
-  const num = validatePRNumber(prNumber);
-  const validMethods = ['squash', 'merge', 'rebase'];
-  if (!validMethods.includes(method)) {
-    throw new Error(`Invalid merge method: ${method}`);
-  }
-  gh(`pr merge ${num} --${method} --delete-branch`, cwd);
-}
-
-function validatePRNumber(prNumber) {
-  const num = parseInt(prNumber, 10);
-  if (isNaN(num) || num <= 0) throw new Error(`Invalid PR number: ${prNumber}`);
-  return num;
-}
-
-/**
- * Collect all review feedback as structured text.
- * Returns raw feedback — classification is done by AI provider.
- */
-export function collectReviewFeedback(cwd, prNumber) {
-  const reviews = getReviews(cwd, prNumber);
-  const comments = getReviewComments(cwd, prNumber);
-  const issueComments = getIssueComments(cwd, prNumber);
-
-  let feedback = '';
-
-  // Review body text (skip APPROVED — already handled by state check)
-  for (const r of reviews) {
-    if (r.body && r.body.trim() && r.state !== 'APPROVED') {
-      feedback += `### Review (${r.state})\n${r.body}\n\n`;
-    }
-  }
-
-  // Inline code comments (comments on specific diff lines)
-  for (const c of comments) {
-    feedback += `### ${c.path}:L${c.line || c.original_line}\n${c.body}\n\n`;
-  }
-
-  // Bot comments
-  for (const c of issueComments) {
-    if (c.user?.type === 'Bot' || c.user?.login?.includes('bot')) {
-      feedback += `### Bot Review (${c.user.login})\n${c.body}\n\n`;
-    }
-  }
-
-  return feedback.trim();
-}
-
-/**
- * Check if the current repo is private
- * @returns {boolean} true if private, false if public or unknown
- */
-export function isPrivateRepo(cwd) {
-  try {
-    const result = ghJSON('repo view --json isPrivate', cwd);
-    return result?.isPrivate === true;
-  } catch {
-    return false; // Default to public behavior if detection fails
-  }
-}
-
-/**
- * Request bots to re-review the PR.
- * Auto-detects which review bots have previously commented on the PR
- * and triggers only those. Falls back to all known bot triggers.
- */
-export function requestReReview(cwd, prNumber) {
-  // Known review bots and their re-review trigger commands
-  const REVIEW_BOTS = [
-    { login: 'gemini-code-assist', trigger: '/gemini review' },
-    { login: 'coderabbitai', trigger: '@coderabbitai review' },
-    { login: 'sourcery-ai', trigger: '@sourcery-ai review' },
-    { login: 'deepsource', trigger: '@deepsource review' },
-    { login: 'sweep-ai', trigger: 'sweep: review' },
-    { login: 'openai-codex', trigger: '@codex review' },
-    { login: 'claude', trigger: '@claude review' },
-    { login: 'copilot', trigger: '@copilot review' },
-  ];
-
-  try {
-    const num = validatePRNumber(prNumber);
-
-    // Detect which bots have previously interacted with this PR
-    const reviews = getReviews(cwd, num);
-    const comments = getIssueComments(cwd, num);
-    const reviewComments = getReviewComments(cwd, num);
-
-    const allLogins = new Set();
-    for (const r of reviews) if (r.user?.login) allLogins.add(r.user.login);
-    for (const c of comments) if (c.user?.login) allLogins.add(c.user.login);
-    for (const c of reviewComments) if (c.user?.login) allLogins.add(c.user.login);
-
-    // Find matching bots that have been active on this PR
-    const activeBots = REVIEW_BOTS.filter(bot =>
-      [...allLogins].some(login => login.includes(bot.login))
-    );
-
-    // Determine which triggers to fire
-    const triggers = activeBots.length > 0
-      ? activeBots.filter(b => b.trigger).map(b => b.trigger)
-      : REVIEW_BOTS.filter(b => b.trigger).map(b => b.trigger).slice(0, 1); // fallback: try gemini
-
-    // Fire triggers as separate comments
-    let triggered = 0;
-    for (const trigger of triggers) {
-      try {
-        gh(`pr comment ${num} --body "${trigger}"`, cwd);
-        triggered++;
-      } catch { /* individual trigger failure is non-critical */ }
-    }
-
-    // Also try to request re-review from previous human reviewers via GitHub API
-    try {
-      const prReviews = ghJSON(`pr view ${num} --json reviews --jq '.reviews[].author.login'`, cwd);
-      if (prReviews && typeof prReviews === 'string') {
-        const logins = [...new Set(prReviews.trim().split('\n').filter(l => l && !l.includes('[bot]')))];
-        if (logins.length > 0) {
-          const owner = execSync('gh repo view --json owner --jq .owner.login', { cwd, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] }).trim();
-          const repo = execSync('gh repo view --json name --jq .name', { cwd, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] }).trim();
-          execSync(`gh api repos/${owner}/${repo}/pulls/${num}/requested_reviewers -f "reviewers[]=${logins[0]}" -X POST`, {
-            cwd, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'],
-          });
-        }
-      }
-    } catch {
-      // Non-critical: human re-review request failed
-    }
-
-    return triggered > 0;
-  } catch {
-    return false;
-  }
-}
-
-/**
- * C4: Verify GitHub CLI authentication is valid.
- * Checks both auth status and token expiry.
- * @returns {{ ok: boolean, user: string|null, error: string|null }}
- */
-export function ensureAuth(cwd) {
-  try {
-    const output = execSync('gh auth status 2>&1', {
-      cwd, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'], timeout: 10000,
-    });
-    const userMatch = output.match(/Logged in to .+ as (\S+)/);
-    return { ok: true, user: userMatch?.[1] || 'unknown', error: null };
-  } catch (err) {
-    const msg = err.stderr || err.message || '';
-    if (msg.includes('not logged in') || msg.includes('authentication')) {
-      return { ok: false, user: null, error: 'Not authenticated. Run: gh auth login' };
-    }
-    if (msg.includes('token') && msg.includes('expir')) {
-      return { ok: false, user: null, error: 'Token expired. Run: gh auth refresh' };
-    }
-    return { ok: false, user: null, error: `Auth check failed: ${msg.substring(0, 100)}` };
-  }
-}
-
-/**
- * C2/C5: Check network connectivity to the git remote.
- * Verifies that we can reach the origin remote.
- * @returns {{ ok: boolean, error: string|null }}
- */
-export function checkConnectivity(cwd) {
-  try {
-    execSync('git ls-remote --exit-code origin HEAD', {
-      cwd, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'], timeout: 15000,
-    });
-    return { ok: true, error: null };
-  } catch (err) {
-    const msg = err.stderr || err.message || '';
-    if (msg.includes('Could not resolve host') || msg.includes('Network is unreachable')) {
-      return { ok: false, error: 'Network unreachable — check internet connection' };
-    }
-    if (msg.includes('Permission denied') || msg.includes('Authentication failed')) {
-      return { ok: false, error: 'Authentication failed — check SSH keys or GH token' };
-    }
-    if (msg.includes('Repository not found')) {
-      return { ok: false, error: 'Remote repository not found — verify origin URL' };
-    }
-    // Timeout or other error
-    return { ok: false, error: `Cannot reach remote: ${msg.substring(0, 100)}` };
-  }
-}
-
-export const github = {
-  checkGhAuth, createPR, createPRWithRecovery, findExistingPR,
-  ensureRemoteBranch, hasCommitsBetween,
-  getReviews, getReviewComments, getIssueComments,
-  getLatestReviewState, mergePR, collectReviewFeedback,
-  isPrivateRepo, requestReReview, closePR, deleteBranch, getPRState,
-  ensureAuth, checkConnectivity,
-};
-
-/**
- * Close a pull request without merging
- */
-export function closePR(cwd, prNumber) {
-  try {
-    const num = validatePRNumber(prNumber);
-    gh(`pr close ${num}`, cwd);
-    return true;
-  } catch {
-    return false;
-  }
-}
-
-/**
- * Delete a remote branch
- */
-export function deleteBranch(cwd, branch) {
-  try {
-    execSync(`git push origin --delete ${branch}`, {
-      cwd, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'],
-    });
-    return true;
-  } catch {
-    return false;
-  }
-}
-
-/**
- * Get the state of a PR: 'open', 'closed', or 'merged'
- */
-export function getPRState(cwd, prNumber) {
-  try {
-    const num = validatePRNumber(prNumber);
-    const output = gh(`pr view ${num} --json state,mergedAt`, cwd);
-    const data = JSON.parse(output);
-    if (data.mergedAt) return 'merged';
-    return (data.state || 'OPEN').toLowerCase();
-  } catch {
-    return 'unknown';
-  }
-}
+/**
+ * GitHub operations module - PR and Review management via gh CLI
+ */
+
+import { execSync } from 'child_process';
+import { log } from './logger.js';
+
+function gh(cmd, cwd) {
+  return execSync(`gh ${cmd}`, {
+    cwd,
+    encoding: 'utf-8',
+    stdio: ['pipe', 'pipe', 'pipe'],
+    timeout: 30000, // 30s timeout to prevent hanging on network issues
+  }).trim();
+}
+
+function ghSafe(cmd, cwd) {
+  try {
+    return { ok: true, output: gh(cmd, cwd) };
+  } catch (err) {
+    return { ok: false, output: err.stderr || err.message };
+  }
+}
+
+function ghJSON(cmd, cwd) {
+  const output = gh(cmd, cwd);
+  if (!output) return null;
+  try {
+    return JSON.parse(output);
+  } catch {
+    return null;
+  }
+}
+
+function ghJSONSafe(cmd, cwd) {
+  try {
+    return ghJSON(cmd, cwd);
+  } catch {
+    return null;
+  }
+}
+
+function shellEscape(str) {
+  return `'${str.replace(/'/g, "'\\''")}'`
+}
+
+/**
+ * Check if gh CLI is authenticated
+ */
+export function checkGhAuth() {
+  try {
+    execSync('gh auth status', { encoding: 'utf-8', stdio: 'pipe' });
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Ensure the base branch exists on remote.
+ * If not, push it first.
+ */
+export function ensureRemoteBranch(cwd, branch) {
+  try {
+    const result = execSync(
+      `git ls-remote --heads origin ${branch}`,
+      { cwd, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] }
+    ).trim();
+    if (!result) {
+      // Branch doesn't exist on remote, push it
+      log.info(`Base branch '${branch}' not found on remote, pushing...`);
+      execSync(`git push origin ${branch}`, {
+        cwd,
+        encoding: 'utf-8',
+        stdio: ['pipe', 'pipe', 'pipe'],
+      });
+      log.info(`Base branch '${branch}' pushed to remote`);
+    }
+    return true;
+  } catch (err) {
+    log.warn(`Failed to verify remote branch '${branch}': ${err.message}`);
+    return false;
+  }
+}
+
+/**
+ * Check if there are commits between base and head branches
+ */
+export function hasCommitsBetween(cwd, base, head) {
+  try {
+    const result = execSync(
+      `git log ${base}..${head} --oneline`,
+      { cwd, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] }
+    ).trim();
+    return result.length > 0;
+  } catch {
+    // If comparison fails (e.g., branches diverged), assume there are commits
+    return true;
+  }
+}
+
+/**
+ * Find an existing PR for a given head branch
+ * @returns {{ number: number, url: string } | null}
+ */
+export function findExistingPR(cwd, head) {
+  try {
+    const prs = ghJSON(
+      `pr list --head ${shellEscape(head)} --json number,url --limit 1`,
+      cwd
+    );
+    if (prs && prs.length > 0) {
+      return { number: prs[0].number, url: prs[0].url || '' };
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Create a pull request with pre-checks and auto-recovery
+ */
+export function createPR(cwd, { title, body, base = 'main', head }) {
+  // Pre-check: ensure base branch exists on remote
+  ensureRemoteBranch(cwd, base);
+
+  const output = gh(
+    `pr create --title ${shellEscape(title)} --body ${shellEscape(body)} --base ${shellEscape(base)} --head ${shellEscape(head)}`,
+    cwd
+  );
+  // Extract PR URL and number from output
+  const urlMatch = output.match(/https:\/\/github\.com\/.+\/pull\/(\d+)/);
+  if (urlMatch) {
+    return { url: urlMatch[0], number: parseInt(urlMatch[1]) };
+  }
+  // May already exist
+  const existingMatch = output.match(/already exists.+\/pull\/(\d+)/);
+  if (existingMatch) {
+    return { url: output, number: parseInt(existingMatch[1]) };
+  }
+  throw new Error(`Failed to create PR: ${output}`);
+}
+
+/**
+ * Create PR with full auto-recovery: pre-checks → create → fallback to find existing
+ * @returns {{ number: number, url: string }}
+ */
+export function createPRWithRecovery(cwd, { title, body, base = 'main', head }) {
+  // Step 1: Try to create the PR
+  try {
+    return createPR(cwd, { title, body, base, head });
+  } catch (err) {
+    log.warn(`PR creation failed: ${err.message}`);
+  }
+
+  // Step 2: Auto-find existing PR for this branch
+  log.info('Searching for existing PR...');
+  const existing = findExistingPR(cwd, head);
+  if (existing) {
+    log.info(`Found existing PR #${existing.number}`);
+    return existing;
+  }
+
+  // Step 3: Check if there are actually commits to create a PR for
+  if (!hasCommitsBetween(cwd, base, head)) {
+    log.warn('No commits between base and head branch');
+    log.info('This may be a new repo or empty branch. Attempting to push base branch and retry...');
+
+    // Ensure both branches are pushed
+    ensureRemoteBranch(cwd, base);
+    ensureRemoteBranch(cwd, head);
+
+    // Retry PR creation
+    try {
+      return createPR(cwd, { title, body, base, head });
+    } catch (retryErr) {
+      log.warn(`PR retry also failed: ${retryErr.message}`);
+    }
+
+    // Last resort: try to find PR again
+    const retryExisting = findExistingPR(cwd, head);
+    if (retryExisting) {
+      log.info(`Found existing PR #${retryExisting.number}`);
+      return retryExisting;
+    }
+  }
+
+  // Step 4: If all else fails, throw with actionable message
+  throw new Error(
+    `Cannot create or find PR for branch '${head}'. ` +
+    `Possible causes: base branch '${base}' may not exist on remote, ` +
+    `or there are no commits between '${base}' and '${head}'. ` +
+    `Try: git push origin ${base} && git push origin ${head}`
+  );
+}
+
+/**
+ * Get PR review list
+ */
+export function getReviews(cwd, prNumber) {
+  try {
+    const num = validatePRNumber(prNumber);
+    return ghJSON(`api repos/{owner}/{repo}/pulls/${num}/reviews`, cwd) || [];
+  } catch {
+    return [];
+  }
+}
+
+/**
+ * Get PR review comments
+ */
+export function getReviewComments(cwd, prNumber) {
+  try {
+    const num = validatePRNumber(prNumber);
+    return ghJSON(`api repos/{owner}/{repo}/pulls/${num}/comments`, cwd) || [];
+  } catch {
+    return [];
+  }
+}
+
+/**
+ * Get PR issue comments (including bot comments)
+ */
+export function getIssueComments(cwd, prNumber) {
+  try {
+    const num = validatePRNumber(prNumber);
+    return ghJSON(`api repos/{owner}/{repo}/issues/${num}/comments`, cwd) || [];
+  } catch {
+    return [];
+  }
+}
+
+/**
+ * Check the latest review state
+ * @returns {'APPROVED' | 'CHANGES_REQUESTED' | 'COMMENTED' | 'PENDING' | null}
+ */
+export function getLatestReviewState(cwd, prNumber) {
+  const reviews = getReviews(cwd, prNumber);
+  if (!reviews || reviews.length === 0) return null;
+
+  // Filter out PENDING and DISMISSED
+  const active = reviews.filter(r => r.state !== 'PENDING' && r.state !== 'DISMISSED');
+  if (active.length === 0) return null;
+
+  return active[active.length - 1].state;
+}
+
+/**
+ * Merge a pull request
+ */
+export function mergePR(cwd, prNumber, method = 'squash') {
+  const num = validatePRNumber(prNumber);
+  const validMethods = ['squash', 'merge', 'rebase'];
+  if (!validMethods.includes(method)) {
+    throw new Error(`Invalid merge method: ${method}`);
+  }
+  gh(`pr merge ${num} --${method} --delete-branch`, cwd);
+}
+
+function validatePRNumber(prNumber) {
+  const num = parseInt(prNumber, 10);
+  if (isNaN(num) || num <= 0) throw new Error(`Invalid PR number: ${prNumber}`);
+  return num;
+}
+
+/**
+ * Collect all review feedback as structured text.
+ * Returns raw feedback — classification is done by AI provider.
+ */
+export function collectReviewFeedback(cwd, prNumber) {
+  const reviews = getReviews(cwd, prNumber);
+  const comments = getReviewComments(cwd, prNumber);
+  const issueComments = getIssueComments(cwd, prNumber);
+
+  let feedback = '';
+
+  // Review body text (skip APPROVED — already handled by state check)
+  for (const r of reviews) {
+    if (r.body && r.body.trim() && r.state !== 'APPROVED') {
+      feedback += `### Review (${r.state})\n${r.body}\n\n`;
+    }
+  }
+
+  // Inline code comments (comments on specific diff lines)
+  for (const c of comments) {
+    feedback += `### ${c.path}:L${c.line || c.original_line}\n${c.body}\n\n`;
+  }
+
+  // Bot comments
+  for (const c of issueComments) {
+    if (c.user?.type === 'Bot' || c.user?.login?.includes('bot')) {
+      feedback += `### Bot Review (${c.user.login})\n${c.body}\n\n`;
+    }
+  }
+
+  return feedback.trim();
+}
+
+/**
+ * Check if the current repo is private
+ * @returns {boolean} true if private, false if public or unknown
+ */
+export function isPrivateRepo(cwd) {
+  try {
+    const result = ghJSON('repo view --json isPrivate', cwd);
+    return result?.isPrivate === true;
+  } catch {
+    return false; // Default to public behavior if detection fails
+  }
+}
+
+/**
+ * Request bots to re-review the PR.
+ * Auto-detects which review bots have previously commented on the PR
+ * and triggers only those. Falls back to all known bot triggers.
+ */
+export function requestReReview(cwd, prNumber) {
+  // Known review bots and their re-review trigger commands
+  const REVIEW_BOTS = [
+    { login: 'gemini-code-assist', trigger: '/gemini review' },
+    { login: 'coderabbitai', trigger: '@coderabbitai review' },
+    { login: 'sourcery-ai', trigger: '@sourcery-ai review' },
+    { login: 'deepsource', trigger: '@deepsource review' },
+    { login: 'sweep-ai', trigger: 'sweep: review' },
+    { login: 'openai-codex', trigger: '@codex review' },
+    { login: 'claude', trigger: '@claude review' },
+    { login: 'copilot', trigger: '@copilot review' },
+  ];
+
+  try {
+    const num = validatePRNumber(prNumber);
+
+    // Detect which bots have previously interacted with this PR
+    const reviews = getReviews(cwd, num);
+    const comments = getIssueComments(cwd, num);
+    const reviewComments = getReviewComments(cwd, num);
+
+    const allLogins = new Set();
+    for (const r of reviews) if (r.user?.login) allLogins.add(r.user.login);
+    for (const c of comments) if (c.user?.login) allLogins.add(c.user.login);
+    for (const c of reviewComments) if (c.user?.login) allLogins.add(c.user.login);
+
+    // Find matching bots that have been active on this PR
+    const activeBots = REVIEW_BOTS.filter(bot =>
+      [...allLogins].some(login => login.includes(bot.login))
+    );
+
+    // Determine which triggers to fire
+    const triggers = activeBots.length > 0
+      ? activeBots.filter(b => b.trigger).map(b => b.trigger)
+      : REVIEW_BOTS.filter(b => b.trigger).map(b => b.trigger).slice(0, 1); // fallback: try gemini
+
+    // Fire triggers as separate comments
+    let triggered = 0;
+    for (const trigger of triggers) {
+      try {
+        gh(`pr comment ${num} --body "${trigger}"`, cwd);
+        triggered++;
+      } catch { /* individual trigger failure is non-critical */ }
+    }
+
+    // Also try to request re-review from previous human reviewers via GitHub API
+    try {
+      const prReviews = ghJSON(`pr view ${num} --json reviews --jq '.reviews[].author.login'`, cwd);
+      if (prReviews && typeof prReviews === 'string') {
+        const logins = [...new Set(prReviews.trim().split('\n').filter(l => l && !l.includes('[bot]')))];
+        if (logins.length > 0) {
+          const owner = execSync('gh repo view --json owner --jq .owner.login', { cwd, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] }).trim();
+          const repo = execSync('gh repo view --json name --jq .name', { cwd, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] }).trim();
+          execSync(`gh api repos/${owner}/${repo}/pulls/${num}/requested_reviewers -f "reviewers[]=${logins[0]}" -X POST`, {
+            cwd, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'],
+          });
+        }
+      }
+    } catch {
+      // Non-critical: human re-review request failed
+    }
+
+    return triggered > 0;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * C4: Verify GitHub CLI authentication is valid.
+ * Checks both auth status and token expiry.
+ * @returns {{ ok: boolean, user: string|null, error: string|null }}
+ */
+export function ensureAuth(cwd) {
+  try {
+    const output = execSync('gh auth status 2>&1', {
+      cwd, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'], timeout: 10000,
+    });
+    const userMatch = output.match(/Logged in to .+ as (\S+)/);
+    return { ok: true, user: userMatch?.[1] || 'unknown', error: null };
+  } catch (err) {
+    const msg = err.stderr || err.message || '';
+    if (msg.includes('not logged in') || msg.includes('authentication')) {
+      return { ok: false, user: null, error: 'Not authenticated. Run: gh auth login' };
+    }
+    if (msg.includes('token') && msg.includes('expir')) {
+      return { ok: false, user: null, error: 'Token expired. Run: gh auth refresh' };
+    }
+    return { ok: false, user: null, error: `Auth check failed: ${msg.substring(0, 100)}` };
+  }
+}
+
+/**
+ * C2/C5: Check network connectivity to the git remote.
+ * Verifies that we can reach the origin remote.
+ * @returns {{ ok: boolean, error: string|null }}
+ */
+export function checkConnectivity(cwd) {
+  try {
+    execSync('git ls-remote --exit-code origin HEAD', {
+      cwd, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'], timeout: 15000,
+    });
+    return { ok: true, error: null };
+  } catch (err) {
+    const msg = err.stderr || err.message || '';
+    if (msg.includes('Could not resolve host') || msg.includes('Network is unreachable')) {
+      return { ok: false, error: 'Network unreachable — check internet connection' };
+    }
+    if (msg.includes('Permission denied') || msg.includes('Authentication failed')) {
+      return { ok: false, error: 'Authentication failed — check SSH keys or GH token' };
+    }
+    if (msg.includes('Repository not found')) {
+      return { ok: false, error: 'Remote repository not found — verify origin URL' };
+    }
+    // Timeout or other error
+    return { ok: false, error: `Cannot reach remote: ${msg.substring(0, 100)}` };
+  }
+}
+
+export const github = {
+  checkGhAuth, createPR, createPRWithRecovery, findExistingPR,
+  ensureRemoteBranch, hasCommitsBetween,
+  getReviews, getReviewComments, getIssueComments,
+  getLatestReviewState, mergePR, collectReviewFeedback,
+  isPrivateRepo, requestReReview, closePR, deleteBranch, getPRState,
+  ensureAuth, checkConnectivity,
+};
+
+/**
+ * Close a pull request without merging
+ */
+export function closePR(cwd, prNumber) {
+  try {
+    const num = validatePRNumber(prNumber);
+    gh(`pr close ${num}`, cwd);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Delete a remote branch
+ */
+export function deleteBranch(cwd, branch) {
+  try {
+    execSync(`git push origin --delete ${branch}`, {
+      cwd, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'],
+    });
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Get the state of a PR: 'open', 'closed', or 'merged'
+ */
+export function getPRState(cwd, prNumber) {
+  try {
+    const num = validatePRNumber(prNumber);
+    const output = gh(`pr view ${num} --json state,mergedAt`, cwd);
+    const data = JSON.parse(output);
+    if (data.mergedAt) return 'merged';
+    return (data.state || 'OPEN').toLowerCase();
+  } catch {
+    return 'unknown';
+  }
+}