npm - @mars-stack/core - Versions diffs - 0.4.0 → 1.0.2 - Mend

@mars-stack/core 0.4.0 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/cursor/manifest.json +6 -0
package/cursor/skills/mars-add-audit-log/SKILL.md +4 -2
package/cursor/skills/mars-address-pr-comments/SKILL.md +129 -0
package/package.json +2 -2

package/cursor/manifest.json CHANGED Viewed

@@ -299,6 +299,12 @@
       "dependencies": ["create-execution-plan", "update-architecture-docs"],
       "capabilities": ["file-edit"],
       "meta": true
+    },
+    "address-pr-comments": {
+      "file": "skills/mars-address-pr-comments/SKILL.md",
+      "triggers": ["address PR comments", "reply to PR comments", "fix review feedback", "respond to PR review", "reply to comments with fixes", "remedial changes"],
+      "dependencies": [],
+      "capabilities": ["file-edit", "terminal"]
     }
   }
 }

package/cursor/skills/mars-add-audit-log/SKILL.md CHANGED Viewed

@@ -280,11 +280,13 @@ Set up automated cleanup using a cron job or scheduled function:
 ```typescript
 // src/app/api/cron/audit-cleanup/route.ts
 import { NextResponse } from 'next/server';
+import { constantTimeEqual } from '@mars-stack/core/auth/crypto-utils';
 import { cleanupOldAuditLogs } from '@/features/audit-log/server';
 export async function GET(request: Request) {
-  const authHeader = request.headers.get('authorization');
-  if (authHeader !== `Bearer ${process.env.CRON_SECRET}`) {
+  const authHeader = request.headers.get('authorization') ?? '';
+  const expected = `Bearer ${process.env.CRON_SECRET}`;
+  if (!constantTimeEqual(authHeader, expected)) {
     return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
   }

package/cursor/skills/mars-address-pr-comments/SKILL.md ADDED Viewed

@@ -0,0 +1,129 @@
+# Skill: Address PR Comments and Reply with Fix Links
+Address pull request review comments by implementing fixes, replying to each comment thread with links to the fix, and pushing the remedial changes. Use for any PR where the user wants to "address PR comments", "reply to comments with fixes", or "fix review feedback".
+## When to Use
+Use this skill when the user asks to:
+- Address PR comments, fix review feedback, or respond to PR review
+- Reply to PR comments with links to the fix
+- Push remedial changes after addressing review
+## Prerequisites
+- Current branch is the PR branch (not `main`).
+- GitHub CLI (`gh`) authenticated and able to read/write the repo.
+- PR number or branch name known (e.g. from "PR #56" or "cursor/mars-development-workflow-1167").
+## Workflow
+### 1. Resolve PR and list review comments
+Get the PR number from branch if needed:
+```bash
+gh pr list --head <branch-name>
+# or: gh pr view <branch-name>
+```
+Fetch review comments (REST) and review threads (GraphQL for replying):
+```bash
+# List all PR review comments (includes body, path, line)
+gh api repos/OWNER/REPO/pulls/PR_NUMBER/comments
+# Get review thread IDs for replying (GraphQL)
+gh api graphql -f query='
+query {
+  repository(owner: "OWNER", name: "REPO") {
+    pullRequest(number: PR_NUMBER) {
+      reviewThreads(first: 50) {
+        nodes {
+          id
+          isResolved
+          comments(first: 3) { nodes { id databaseId body path } }
+        }
+      }
+    }
+  }
+}'
+```
+Replace `OWNER`, `REPO`, `PR_NUMBER` with the actual values (e.g. from `gh repo view` or the PR URL).
+### 2. Implement fixes
+For each comment:
+- **Documentation / ticket moves:** Move tickets (e.g. `in-progress/` → `done/`), update exec plan links and checklist items as requested.
+- **Code feedback:** Edit the referenced file(s) and lines to satisfy the comment (refactors, placement, use of shared utilities, etc.).
+Run relevant tests after edits (e.g. `yarn workspace @mars-stack/cli test` for CLI changes).
+### 3. Commit and push (get commit SHA for links)
+Commit on the current branch, then push so the fix commit exists on the remote:
+```bash
+git add <changed-files>
+git commit -m "fix(pr): address PR #N review comments
+- Brief bullet per comment addressed"
+git push origin <branch-name>
+```
+Capture the commit SHA for reply links (e.g. `git rev-parse HEAD` or short `git rev-parse --short HEAD`).
+### 4. Reply to each review thread with fix links
+Use GitHub GraphQL to add a reply to each thread. The thread ID is the `id` from the `reviewThreads.nodes` query (e.g. `PRRT_kwDORc-XH850cQlY`). Link to the fix using the commit SHA and optional line range:
+**Link format:** `https://github.com/OWNER/REPO/blob/<commit_sha>/PATH#Lstart-Lend`
+Example reply body (use markdown):
+```markdown
+Fixed in commit <short-sha>: <one-line summary>.
+**Link:** [file or description](https://github.com/OWNER/REPO/blob/<sha>/path/to/file.ts#L10-L20)
+```
+GraphQL mutation (one reply per thread):
+```bash
+gh api graphql -f query='
+mutation {
+  addPullRequestReviewThreadReply(input: {
+    pullRequestReviewThreadId: "PRRT_...",
+    body: "Fixed in commit ab19f35: summary.\n\n**Link:** [path](https://github.com/owner/repo/blob/ab19f35/path#L1-L5)"
+  }) {
+    comment { id url }
+  }
+}'
+```
+- Use `pullRequestReviewThreadId` (not `threadId`).
+- Escape newlines in the body as `\n`. Keep the body plain text or markdown; avoid complex HTML.
+- For multiple files in one reply, list multiple links in the same reply.
+### 5. Optional: single summary comment
+If thread replies fail (e.g. permissions or API limits), add one PR-level comment summarizing all fixes and linking to the commit or key files:
+```bash
+gh pr comment PR_NUMBER --body "**Addressed review comments:** ... (bullets + links)"
+```
+## Checklist
+- [ ] Fetched PR review comments and thread IDs
+- [ ] Implemented fixes for each comment
+- [ ] Ran tests; commit and push on PR branch
+- [ ] Replied to each review thread with a link to the fix (commit + path, optional line range)
+- [ ] No direct push to `main` (all changes on the PR branch)
+## Notes
+- **REST reply endpoint:** `POST /repos/OWNER/REPO/pulls/comments/COMMENT_ID/replies` often returns 404 for review comments; prefer GraphQL `addPullRequestReviewThreadReply` with the thread ID.
+- **Resolved threads:** You can still reply to resolved threads; the reply will appear in the conversation.
+- **Line numbers:** After edits, line numbers in the fix commit may differ from the original comment. Use the line numbers in the **fix commit** for the `#Lstart-Lend` fragment so the link points at the correct code.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@mars-stack/core",
-  "version": "0.4.0",
+  "version": "1.0.2",
   "license": "MIT",
   "repository": {
     "type": "git",
@@ -118,7 +118,7 @@
     }
   },
   "publishConfig": {
-    "access": "restricted"
+    "access": "public"
   },
   "files": [
     "dist",