claude-git-hooks 2.30.2 → 2.33.0

package/lib/hooks/pre-commit.js

@@ -32,6 +32,7 @@ import { loadPreset } from '../utils/preset-loader.js';
 import { getVersion } from '../utils/package-info.js';
 import logger from '../utils/logger.js';
 import { getConfig } from '../config.js';
+import { recordMetric } from '../utils/metrics.js';
 
 /**
  * Configuration loaded from lib/config.js
@@ -218,6 +219,23 @@ const main = async () => {
                 console.log();
             }
 
+            // Record blocked analysis metric
+            recordMetric('analysis.completed', {
+                files: validFiles.map(f => f.path),
+                fileCount: validFiles.length,
+                issues: result.issues,
+                details: (result.details || []).map(d => ({
+                    severity: d.severity, category: d.category,
+                    description: d.description, file: d.file
+                })),
+                blocked: true,
+                duration: Date.now() - startTime,
+                preset: presetName,
+                orchestrated: filesData.length >= 3
+            }).catch((err) => {
+                logger.debug('pre-commit - main', 'Metrics recording failed (blocked)', err);
+            });
+
             // Generate resolution prompt if needed
             if (shouldGeneratePrompt(result)) {
                 const resolutionPath = await generateResolutionPrompt(result, {
@@ -235,6 +253,23 @@ const main = async () => {
             process.exit(1);
         }
 
+        // Record successful analysis metric
+        recordMetric('analysis.completed', {
+            files: validFiles.map(f => f.path),
+            fileCount: validFiles.length,
+            issues: result.issues,
+            details: (result.details || []).map(d => ({
+                severity: d.severity, category: d.category,
+                description: d.description, file: d.file
+            })),
+            blocked: false,
+            duration: Date.now() - startTime,
+            preset: presetName,
+            orchestrated: filesData.length >= 3
+        }).catch((err) => {
+            logger.debug('pre-commit - main', 'Metrics recording failed (success)', err);
+        });
+
         // Success
         const duration = ((Date.now() - startTime) / 1000).toFixed(2);
         console.log(`\n⏱️  Analysis time: ${duration}s`);
@@ -242,6 +277,14 @@ const main = async () => {
 
         process.exit(0);
     } catch (error) {
+        // Record analysis failure metric
+        recordMetric('analysis.failed', {
+            errorMessage: error.message,
+            duration: Date.now() - startTime
+        }).catch((err) => {
+            logger.debug('pre-commit - main', 'Metrics recording failed (error)', err);
+        });
+
         const duration = ((Date.now() - startTime) / 1000).toFixed(2);
         console.log(`\n⏱️  Analysis time: ${duration}s`);
 

package/lib/hooks/prepare-commit-msg.js

@@ -25,6 +25,7 @@ import { getVersion } from '../utils/package-info.js';
 import logger from '../utils/logger.js';
 import { getConfig } from '../config.js';
 import { getOrPromptTaskId, formatWithTaskId } from '../utils/task-id.js';
+import { recordMetric } from '../utils/metrics.js';
 
 /**
  * Builds commit message generation prompt
@@ -265,6 +266,14 @@ const main = async () => {
         // Write to commit message file
         await fs.writeFile(commitMsgFile, `${message}\n`, 'utf8');
 
+        // Record commit generation metric
+        recordMetric('commit.generated', {
+            fileCount: filesData.length,
+            files: filesData.map(f => f.path),
+            duration: Date.now() - startTime,
+            success: true
+        }).catch(() => {});
+
         const duration = ((Date.now() - startTime) / 1000).toFixed(2);
         console.error(`⏱️  Message generation completed in ${duration}s`);
 
@@ -272,6 +281,12 @@ const main = async () => {
 
         process.exit(0);
     } catch (error) {
+        // Record commit failure metric
+        recordMetric('commit.failed', {
+            errorMessage: error.message,
+            duration: Date.now() - startTime
+        }).catch(() => {});
+
         const duration = ((Date.now() - startTime) / 1000).toFixed(2);
         console.error(`⏱️  Message generation failed after ${duration}s`);
 

package/lib/utils/analysis-engine.js

@@ -34,6 +34,7 @@ import { analyzeCode } from './claude-client.js';
 import { orchestrateBatches } from './diff-analysis-orchestrator.js';
 import { buildAnalysisPrompt } from './prompt-builder.js';
 import logger from './logger.js';
+import { recordMetric } from './metrics.js';
 
 /**
  * Standard file data schema used throughout the analysis pipeline
@@ -448,6 +449,15 @@ export const runAnalysis = async (filesData, config, options = {}) => {
 
         result = consolidateResults(results);
 
+        // Record orchestration metric
+        recordMetric('orchestration.completed', {
+            fileCount: filesData.length,
+            batchCount: batches.length,
+            batchBreakdown: batches.map(b => ({ files: b.files.length, model: b.model })),
+            orchestrationTime,
+            hook
+        }).catch(() => {});
+
         if (saveDebug) {
             const { saveDebugResponse } = await import('./claude-client.js');
             await saveDebugResponse(

package/lib/utils/authorization.js

@@ -3,7 +3,7 @@
  * Purpose: Role-based authorization for protected workflow commands
  *
  * Design:
- * - Permissions are sourced from a centralized GitHub repo (mscope-S-L/claude-hooks-permissions)
+ * - Permissions are sourced from a centralized GitHub repo (mscope-S-L/git-hooks-config)
  * - Role hierarchy is defined in permissions.json (ordered lowest → highest)
  * - Commands not in commandPermissions are open to all
  * - All failure scenarios are fail-closed (block on any error)
@@ -31,14 +31,13 @@ import {
 } from './github-api.js';
 
 /**
- * Constants for the centralized permissions repository
+ * Constants for the centralized config repository
  *
- * PERMISSIONS_REPO_OWNER/NAME: where the permissions file lives (currently personal profile,
- * update to 'mscope-S-L' when repos are migrated to the org).
- * PERMISSIONS_ORG: the GitHub org used for membership checks — stable regardless of repo location.
+ * PERMISSIONS_REPO_OWNER/NAME: where the permissions file lives (mscope-S-L org).
+ * PERMISSIONS_ORG: the GitHub org used for membership checks.
  */
-const PERMISSIONS_REPO_OWNER = 'pablo-rovito-mscope';
-const PERMISSIONS_REPO_NAME = 'claude-hooks-permissions';
+const PERMISSIONS_REPO_OWNER = 'mscope-S-L';
+const PERMISSIONS_REPO_NAME = 'git-hooks-config';
 const PERMISSIONS_FILE_PATH = 'permissions.json';
 const PERMISSIONS_ORG = 'mscope-S-L';
 

package/lib/utils/github-api.js

@@ -212,7 +212,8 @@ export const createPullRequest = async ({
     base,
     draft = false,
     labels = [],
-    reviewers = []
+    reviewers = [],
+    teamReviewers = []
 }) => {
     logger.debug('github-api - createPullRequest', 'Starting PR creation', {
         owner,
@@ -286,28 +287,32 @@ export const createPullRequest = async ({
             logger.debug('github-api - createPullRequest', 'No labels to add');
         }
 
-        // Step 3: Request reviewers (if any)
-        if (reviewers.length > 0) {
+        // Step 3: Request reviewers (if any — individual and/or team)
+        if (reviewers.length > 0 || teamReviewers.length > 0) {
             logger.debug('github-api - createPullRequest', 'Requesting reviewers', {
                 prNumber: pr.number,
-                reviewers
+                reviewers,
+                teamReviewers
             });
             try {
                 await octokit.pulls.requestReviewers({
                     owner,
                     repo,
                     pull_number: pr.number,
-                    reviewers
+                    reviewers,
+                    team_reviewers: teamReviewers
                 });
                 logger.debug('github-api - createPullRequest', 'Reviewers requested successfully', {
-                    reviewers
+                    reviewers,
+                    teamReviewers
                 });
             } catch (reviewerError) {
                 // Non-fatal: PR was created, reviewer request failed
                 logger.warning(`Could not request reviewers: ${reviewerError.message}`);
                 logger.debug('github-api - createPullRequest', 'Reviewer request failed', {
                     error: reviewerError.message,
-                    reviewers
+                    reviewers,
+                    teamReviewers
                 });
             }
         } else {
@@ -324,7 +329,8 @@ export const createPullRequest = async ({
             head: pr.head.ref,
             base: pr.base.ref,
             labels,
-            reviewers
+            reviewers,
+            teamReviewers
         };
 
         logger.debug('github-api - createPullRequest', 'PR creation completed', result);
@@ -758,69 +764,95 @@ export const createPullRequestReview = async (
 };
 
 /**
- * Read CODEOWNERS file from repository
+ * List teams with access to a repository
+ * Why: Needed by reviewer-selector to resolve team-based reviewers
  *
- * @param {Object} params - Parameters
- * @param {string} params.owner - Repository owner
- * @param {string} params.repo - Repository name
- * @param {string} params.branch - Branch name (default: main/master)
- * @returns {Promise<string|null>} CODEOWNERS content or null if not found
+ * @param {string} owner - Repository owner
+ * @param {string} repo - Repository name
+ * @returns {Promise<Array<{slug: string, name: string, permission: string}>>} Teams with access
+ * @throws {GitHubAPIError} On failure
  */
-export const readCodeowners = async ({ owner, repo, branch = null }) => {
-    logger.debug('github-api - readCodeowners', 'Attempting to read CODEOWNERS', { owner, repo });
+export const listRepoTeams = async (owner, repo) => {
+    logger.debug('github-api - listRepoTeams', 'Listing repo teams', { owner, repo });
 
     const octokit = getOctokit();
 
-    // Determine default branch if not provided
-    if (!branch) {
-        try {
-            const { data: repoData } = await octokit.repos.get({ owner, repo });
-            branch = repoData.default_branch;
-            logger.debug('github-api - readCodeowners', 'Using default branch', { branch });
-        } catch (error) {
-            branch = 'main'; // Fallback
-            logger.debug(
-                'github-api - readCodeowners',
-                'Could not get default branch, using main',
-                { error: error.message }
-            );
-        }
-    }
+    try {
+        const { data } = await octokit.repos.listTeams({ owner, repo });
 
-    // Try common CODEOWNERS locations
-    const paths = ['CODEOWNERS', '.github/CODEOWNERS', 'docs/CODEOWNERS'];
+        const teams = data.map((t) => ({
+            slug: t.slug,
+            name: t.name,
+            permission: t.permission
+        }));
 
-    for (const path of paths) {
-        try {
-            logger.debug('github-api - readCodeowners', 'Trying path', { path });
+        logger.debug('github-api - listRepoTeams', 'Teams fetched', {
+            count: teams.length,
+            slugs: teams.map((t) => t.slug)
+        });
 
-            const { data } = await octokit.repos.getContent({
-                owner,
-                repo,
-                path,
-                ref: branch
-            });
+        return teams;
+    } catch (error) {
+        const statusCode = error.status || error.response?.status;
+        logger.debug('github-api - listRepoTeams', 'Failed to list repo teams', {
+            owner,
+            repo,
+            status: statusCode,
+            message: error.message
+        });
 
-            if (data.type === 'file' && data.content) {
-                // Decode base64 content
-                const content = Buffer.from(data.content, 'base64').toString('utf8');
-                logger.debug('github-api - readCodeowners', 'CODEOWNERS found', {
-                    path,
-                    lines: content.split('\n').length
-                });
-                return content;
-            }
-        } catch (error) {
-            logger.debug('github-api - readCodeowners', 'Path not found', {
-                path,
-                error: error.message
-            });
-            // Continue to next path
-        }
+        throw new GitHubAPIError(`Failed to list teams for ${owner}/${repo}: ${error.message}`, {
+            cause: error,
+            statusCode,
+            context: { owner, repo }
+        });
     }
+};
+
+/**
+ * List members of a GitHub team within an organization
+ * Why: Needed by reviewer-selector to resolve team slug to individual usernames
+ *
+ * @param {string} org - GitHub organization name
+ * @param {string} teamSlug - Team slug (e.g. 'automation', not '@org/automation')
+ * @returns {Promise<Array<{login: string}>>} Team members
+ * @throws {GitHubAPIError} On failure
+ */
+export const listTeamMembers = async (org, teamSlug) => {
+    logger.debug('github-api - listTeamMembers', 'Listing team members', { org, teamSlug });
+
+    const octokit = getOctokit();
+
+    try {
+        const { data } = await octokit.teams.listMembersInOrg({
+            org,
+            team_slug: teamSlug,
+            per_page: 100
+        });
 
-    logger.debug('github-api - readCodeowners', 'CODEOWNERS not found in any location');
-    return null;
+        const members = data.map((m) => ({ login: m.login }));
+
+        logger.debug('github-api - listTeamMembers', 'Members fetched', {
+            teamSlug,
+            count: members.length,
+            logins: members.map((m) => m.login)
+        });
+
+        return members;
+    } catch (error) {
+        const statusCode = error.status || error.response?.status;
+        logger.debug('github-api - listTeamMembers', 'Failed to list team members', {
+            org,
+            teamSlug,
+            status: statusCode,
+            message: error.message
+        });
+
+        throw new GitHubAPIError(
+            `Failed to list members of team '${teamSlug}' in ${org}: ${error.message}`,
+            { cause: error, statusCode, context: { org, teamSlug } }
+        );
+    }
 };
 
 /**

package/lib/utils/github-client.js

@@ -1,12 +1,12 @@
 /**
  * File: github-client.js
- * Purpose: GitHub utilities for CODEOWNERS parsing and reviewer detection
+ * Purpose: GitHub utilities for repository parsing and config-based reviewer detection
  *
  * Note: PR creation and API calls are in github-api.js (Octokit-based)
+ * Team-based reviewer selection is in reviewer-selector.js
  * This module handles:
  * - Repository URL parsing
- * - CODEOWNERS file parsing
- * - Reviewer detection from CODEOWNERS and config
+ * - Config-based reviewer detection (fallback for team-based selection)
  */
 
 import { execSync } from 'child_process';
@@ -57,93 +57,6 @@ export const parseGitHubRepo = () => {
     }
 };
 
-/**
- * Read CODEOWNERS file from repository
- * Why: Auto-detect reviewers based on file changes
- *
- * @returns {Promise<string|null>} - CODEOWNERS content or null if not found
- */
-export const readCodeowners = async () => {
-    logger.debug('github-client - readCodeowners', 'Reading CODEOWNERS file');
-
-    const repo = parseGitHubRepo();
-
-    try {
-        // Use Octokit-based implementation from github-api.js
-        const { readCodeowners: readCodeownersOctokit } = await import('./github-api.js');
-        const content = await readCodeownersOctokit({
-            owner: repo.owner,
-            repo: repo.repo
-        });
-        return content;
-    } catch (error) {
-        logger.debug('github-client - readCodeowners', 'Could not read CODEOWNERS', {
-            error: error.message
-        });
-        return null; // Non-critical failure
-    }
-};
-
-/**
- * Parse CODEOWNERS file to get reviewers for files
- * Why: Extract reviewer info from CODEOWNERS content
- *
- * @param {string} codeownersContent - CODEOWNERS file content
- * @param {Array<string>} files - Files changed in PR
- * @returns {Array<string>} - GitHub usernames of reviewers
- */
-export const parseCodeownersReviewers = (codeownersContent, files = []) => {
-    if (!codeownersContent) {
-        return [];
-    }
-
-    logger.debug('github-client - parseCodeownersReviewers', 'Parsing CODEOWNERS', {
-        filesCount: files.length
-    });
-
-    const reviewers = new Set();
-    const lines = codeownersContent.split('\n');
-
-    // Parse CODEOWNERS format:
-    // pattern @username1 @username2
-    // Example: *.js @frontend-team @tech-lead
-
-    for (const line of lines) {
-        const trimmed = line.trim();
-
-        // Skip comments and empty lines
-        if (!trimmed || trimmed.startsWith('#')) {
-            continue;
-        }
-
-        const parts = trimmed.split(/\s+/);
-        if (parts.length < 2) {
-            continue;
-        }
-
-        const pattern = parts[0];
-        const owners = parts.slice(1).filter((o) => o.startsWith('@'));
-
-        // Check if any file matches this pattern
-        const patternRegex = new RegExp(
-            pattern.replace(/\./g, '\\.').replace(/\*/g, '.*').replace(/\?/g, '.')
-        );
-
-        for (const file of files) {
-            if (patternRegex.test(file)) {
-                owners.forEach((owner) => reviewers.add(owner.substring(1))); // Remove @
-            }
-        }
-    }
-
-    const reviewersList = Array.from(reviewers);
-    logger.debug('github-client - parseCodeownersReviewers', 'Found reviewers', {
-        reviewers: reviewersList
-    });
-
-    return reviewersList;
-};
-
 /**
  * Get reviewers for PR based on changed files
  * Why: Auto-detect appropriate reviewers
@@ -159,20 +72,7 @@ export const getReviewersForFiles = async (files = [], config = {}) => {
 
     const reviewers = new Set();
 
-    // Option 1: Try CODEOWNERS file
-    try {
-        const codeowners = await readCodeowners();
-        if (codeowners) {
-            const codeownersReviewers = parseCodeownersReviewers(codeowners, files);
-            codeownersReviewers.forEach((r) => reviewers.add(r));
-        }
-    } catch (error) {
-        logger.debug('github-client - getReviewersForFiles', 'Could not read CODEOWNERS', {
-            error: error.message
-        });
-    }
-
-    // Option 2: Use config-based reviewers
+    // Config-based reviewers (flat array or object)
     if (config.reviewers) {
         const configReviewers = Array.isArray(config.reviewers)
             ? config.reviewers
@@ -181,7 +81,7 @@ export const getReviewersForFiles = async (files = [], config = {}) => {
         configReviewers.forEach((r) => reviewers.add(r));
     }
 
-    // Option 3: Use reviewer rules (pattern-based)
+    // Reviewer rules (pattern-based)
     if (config.reviewerRules && Array.isArray(config.reviewerRules)) {
         for (const rule of config.reviewerRules) {
             const patternRegex = new RegExp(rule.pattern);

package/lib/utils/judge.js

@@ -25,7 +25,7 @@ import { loadPrompt } from './prompt-builder.js';
 import { formatBlockingIssues, getAffectedFiles, formatFileContents } from './resolution-prompt.js';
 import { getRepoRoot, getRepoName, getCurrentBranch } from './git-operations.js';
 import logger from './logger.js';
-import { recordEvent } from './telemetry.js';
+import { recordMetric } from './metrics.js';
 
 const JUDGE_DEFAULT_MODEL = 'sonnet';
 const JUDGE_TIMEOUT = 120000;
@@ -239,14 +239,21 @@ const judgeAndFix = async (analysisResult, filesData, config) => {
         );
     }
 
-    // Record telemetry
-    await recordEvent('judge', {
+    // Record metrics
+    recordMetric('judge.completed', {
         model,
         issueCount: allIssues.length,
         fixedCount,
         falsePositiveCount,
-        unresolvedCount
-    });
+        unresolvedCount,
+        falsePositives: fixes.filter(f => f.assessment === 'FALSE_POSITIVE')
+            .map(f => ({ explanation: f.explanation || '' })),
+        unresolved: remainingIssues.map(i => ({
+            severity: i.severity, description: i.description || i.message || '', file: i.file
+        })),
+        fixed: fixes.filter((f, idx) => f.assessment === 'TRUE_ISSUE' && resolvedIndices.has(idx))
+            .map(f => ({ file: f.file, explanation: f.explanation || '' }))
+    }).catch(() => {});
 
     return { fixedCount, falsePositiveCount, remainingIssues, verdicts };
 };