coderev-cli 1.0.16 → 1.0.18

package/src/github-app.js

@@ -0,0 +1,511 @@
+#!/usr/bin/env node
+
+/**
+ * coderev GitHub App Server
+ *
+ * 一个独立的 webhook 服务器，接收 GitHub App 的 pull_request 事件，
+ * 自动运行 coderev 审查并将结果作为 PR review 发布。
+ *
+ * 运行方式:
+ *   coderev serve --port 3000 --webhook-secret your-secret --app-id 123456 --private-key ./key.pem
+ *   或
+ *   GITHUB_APP_ID=123456 GITHUB_APP_PRIVATE_KEY="$(cat key.pem)" coderev serve
+ *
+ * 部署建议:
+ *   - Railway / Render / Fly.io / 自建 VPS
+ *   - 配合 PM2 持久化运行
+ *   - 设置 GitHub App Webhook URL → https://your-domain.com/webhook
+ */
+
+const http = require('http');
+const crypto = require('crypto');
+const { loadConfig, getApiKey } = require('./config');
+const { reviewDiff } = require('./reviewer');
+const chalk = require('chalk');
+
+// ── 配置 ─────────────────────────────────────────────────────
+
+/**
+ * Load GitHub App config from env vars (or .coderevrc.json later).
+ */
+function loadAppConfig() {
+  const config = loadConfig();
+  const appConfig = config.githubApp || {};
+
+  return {
+    // Required
+    appId: process.env.GITHUB_APP_ID || appConfig.appId,
+    privateKey: process.env.GITHUB_APP_PRIVATE_KEY || appConfig.privateKey,
+    webhookSecret: process.env.GITHUB_APP_WEBHOOK_SECRET || appConfig.webhookSecret || '',
+
+    // Optional
+    port: parseInt(process.env.PORT || appConfig.port || 3000, 10),
+    host: process.env.HOST || appConfig.host || '0.0.0.0',
+    autoApprove: process.env.AUTO_APPROVE === 'true' || appConfig.autoApprove === true,
+    minConfidence: parseInt(process.env.MIN_CONFIDENCE || appConfig.minConfidence || 60, 10),
+    reviewMode: process.env.REVIEW_MODE || appConfig.reviewMode || 'comment',
+    // 'comment' — single PR comment summary
+    // 'inline' — inline review comments (needs file SHA mapping)
+    // 'check' — commit status check (set pending → success/failure)
+    skipDrafts: process.env.SKIP_DRAFTS !== 'false',
+    skipBotPRs: process.env.SKIP_BOT_PRS !== 'false',
+  };
+}
+
+// ── GitHub App JWT Token ────────────────────────────────────
+
+/**
+ * Generate a JWT for GitHub App authentication.
+ * @param {string} appId - GitHub App ID
+ * @param {string} privateKeyPem - RSA private key in PEM format
+ * @returns {{ token: string, expiresAt: number }}
+ */
+function generateAppJWT(appId, privateKeyPem) {
+  if (!appId || !privateKeyPem) {
+    throw new Error('Missing GITHUB_APP_ID or GITHUB_APP_PRIVATE_KEY');
+  }
+
+  const now = Math.floor(Date.now() / 1000);
+  const payload = {
+    iat: now - 60,            // 1 minute leeway
+    exp: now + 600,            // 10 minute expiry (GitHub max)
+    iss: parseInt(appId, 10),
+  };
+
+  const header = {
+    alg: 'RS256',
+    typ: 'JWT',
+  };
+
+  // Base64url encode
+  const b64u = (obj) => Buffer.from(JSON.stringify(obj))
+    .toString('base64')
+    .replace(/=/g, '')
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_');
+
+  const headerEnc = b64u(header);
+  const payloadEnc = b64u(payload);
+
+  const sign = crypto.createSign('RSA-SHA256');
+  sign.update(headerEnc + '.' + payloadEnc);
+  const sig = sign.sign(privateKeyPem, 'base64')
+    .replace(/=/g, '')
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_');
+
+  return {
+    token: headerEnc + '.' + payloadEnc + '.' + sig,
+    expiresAt: payload.exp,
+  };
+}
+
+// ── GitHub API 调用（已认证） ──────────────────────────────
+
+/**
+ * Call GitHub API with JWT or installation token.
+ */
+function githubApi(path, token, method = 'GET', body = null) {
+  return new Promise((resolve, reject) => {
+    const opts = {
+      hostname: 'api.github.com',
+      path,
+      method,
+      headers: {
+        'User-Agent': 'coderev-github-app',
+        'Accept': 'application/vnd.github.v3+json',
+        'Authorization': `Bearer ${token}`,
+      },
+    };
+    if (body) {
+      opts.headers['Content-Type'] = 'application/json';
+      opts.headers['Content-Length'] = Buffer.byteLength(JSON.stringify(body));
+    }
+
+    const req = https.request(opts, (res) => {
+      let data = '';
+      res.on('data', (c) => (data += c));
+      res.on('end', () => {
+        if (res.statusCode >= 200 && res.statusCode < 300) {
+          try { resolve(data ? JSON.parse(data) : {}); }
+          catch { resolve(data); }
+        } else if (res.statusCode === 204) {
+          resolve({});
+        } else {
+          reject(new Error(`GitHub API ${res.statusCode}: ${data.slice(0, 300)}`));
+        }
+      });
+    });
+    req.on('error', reject);
+    if (body) req.write(JSON.stringify(body));
+    req.end();
+  });
+}
+
+/**
+ * Exchange JWT for an installation access token.
+ * @param {string} jwt
+ * @param {number} installationId
+ * @returns {Promise<{ token: string, expiresAt: string }>}
+ */
+async function getInstallationToken(jwt, installationId) {
+  const result = await githubApi(`/app/installations/${installationId}/access_tokens`, jwt, 'POST');
+  return { token: result.token, expiresAt: result.expires_at };
+}
+
+// ── Webhook 处理 ────────────────────────────────────────────
+
+/**
+ * Verify webhook signature.
+ */
+function verifySignature(payload, signature, secret) {
+  if (!secret) return true; // No secret configured — skip verification
+  const sig = 'sha256=' + crypto.createHmac('sha256', secret).update(payload).digest('hex');
+  // Constant-time comparison
+  if (sig.length !== signature.length) return false;
+  return crypto.timingSafeEqual(Buffer.from(sig), Buffer.from(signature));
+}
+
+/**
+ * Handle pull_request.opened and pull_request.synchronize events.
+ */
+async function handlePREvent(event, payload, appConfig) {
+  const action = payload.action;
+  const pr = payload.pull_request;
+
+  // Validate event
+  if (!['opened', 'synchronize', 'reopened'].includes(action)) {
+    return { handled: false, reason: `unsupported action: ${action}` };
+  }
+
+  // Skip drafts
+  if (appConfig.skipDrafts !== false && pr.draft) {
+    return { handled: false, reason: 'draft PR, skipped' };
+  }
+
+  // Skip bot PRs
+  if (appConfig.skipBotPRs !== false && (pr.user?.type === 'Bot' || (pr.title || '').startsWith('[bot]'))) {
+    return { handled: false, reason: 'bot PR, skipped' };
+  }
+
+  const owner = payload.repository.owner.login;
+  const repo = payload.repository.name;
+  const prNumber = pr.number;
+  const ref = { owner, repo, pr: prNumber };
+  const installationId = payload.installation?.id;
+
+  if (!installationId) {
+    return { handled: false, reason: 'no installation id' };
+  }
+
+  console.error(chalk.blue(`[${owner}/${repo}#${prNumber}] Processing ${action}...`));
+
+  // 1. Get installation token
+  const jwt = generateAppJWT(appConfig.appId, appConfig.privateKey);
+  let instToken;
+  try {
+    instToken = await getInstallationToken(jwt.token, installationId);
+  } catch (err) {
+    console.error(chalk.red(`[${owner}/${repo}#${prNumber}] Failed to get installation token: ${err.message}`));
+    return { handled: false, error: err.message };
+  }
+
+  const token = instToken.token;
+
+  // 2. Fetch PR diff
+  const { fetchPrDiff } = require('./github');
+  let diff;
+  try {
+    diff = await fetchPrDiff(ref, token);
+  } catch (err) {
+    console.error(chalk.red(`[${owner}/${repo}#${prNumber}] Failed to fetch diff: ${err.message}`));
+    await setCommitStatus(token, ref, pr.head.sha, 'error', 'Failed to fetch diff');
+    return { handled: false, error: err.message };
+  }
+
+  // 3. Set commit status to pending
+  if (appConfig.reviewMode === 'check' || true) {
+    try {
+      await setCommitStatus(token, ref, pr.head.sha, 'pending', 'coderev is reviewing...');
+    } catch {}
+  }
+
+  // 4. Run review
+  let result;
+  try {
+    result = await reviewDiff(diff, null, {
+      noCache: true,
+      minConfidence: appConfig.minConfidence,
+    });
+  } catch (err) {
+    console.error(chalk.red(`[${owner}/${repo}#${prNumber}] Review failed: ${err.message}`));
+    await setCommitStatus(token, ref, pr.head.sha, 'error', 'Review failed: ' + err.message.slice(0, 100));
+    return { handled: false, error: err.message };
+  }
+
+  const issueCount = (result.issues || []).length;
+
+  console.error(chalk.cyan(`[${owner}/${repo}#${prNumber}] Review complete: ${result.score}/100, ${issueCount} issues`));
+
+  // 5. Post review
+  try {
+    if (appConfig.reviewMode === 'inline') {
+      // Inline mode — post review comments at file level
+      await postInlineReview(token, ref, pr, result);
+    } else {
+      // Default: post a PR comment summary
+      const { postPrComment } = require('./github');
+      const md = formatAppMarkdown(result, ref);
+      await postPrComment(ref, md, token);
+    }
+  } catch (err) {
+    console.error(chalk.yellow(`[${owner}/${repo}#${prNumber}] Failed to post comment: ${err.message}`));
+  }
+
+  // 6. Set final commit status (check mode or always)
+  try {
+    const state = issueCount === 0 ? 'success' : (result.score >= 60 ? 'neutral' : 'failure');
+    const description = issueCount === 0
+      ? '✅ coderev: no issues found'
+      : `⚠ coderev: ${issueCount} issues (score: ${result.score}/100)`;
+    await setCommitStatus(token, ref, pr.head.sha, state, description);
+  } catch {}
+
+  // 7. Auto-approve if configured and no issues
+  if (appConfig.autoApprove && issueCount === 0) {
+    try {
+      await approvePR(token, ref, pr.head.sha);
+      console.error(chalk.green(`[${owner}/${repo}#${prNumber}] Auto-approved`));
+    } catch (err) {
+      console.error(chalk.yellow(`[${owner}/${repo}#${prNumber}] Auto-approve failed: ${err.message}`));
+    }
+  }
+
+  return { handled: true, score: result.score, issues: issueCount };
+}
+
+/**
+ * Set a commit status on GitHub.
+ */
+async function setCommitStatus(token, ref, sha, state, description) {
+  const body = {
+    state, // 'pending', 'success', 'failure', 'error', 'neutral'
+    description: description || 'coderev review',
+    context: 'coderev/review',
+    target_url: `https://github.com/${ref.owner}/${ref.repo}/pull/${ref.pr}`,
+  };
+  return githubApi(`/repos/${ref.owner}/${ref.repo}/statuses/${sha}`, token, 'POST', body);
+}
+
+/**
+ * Approve a pull request.
+ */
+async function approvePR(token, ref, sha) {
+  const body = {
+    commit_id: sha,
+    event: 'APPROVE',
+    body: '✅ coderev: no issues found. Auto-approved.',
+  };
+  return githubApi(`/repos/${ref.owner}/${ref.repo}/pulls/${ref.pr}/reviews`, token, 'POST', body);
+}
+
+/**
+ * Post inline review comments.
+ */
+async function postInlineReview(token, ref, pr, result) {
+  const { fetchPrFiles } = require('./github');
+  const prFiles = await fetchPrFiles(ref, token);
+
+  const fileMap = {};
+  for (const f of prFiles) fileMap[f.filename] = f;
+
+  const comments = [];
+  for (const issue of result.issues || []) {
+    if (!issue.file) continue;
+    if (!fileMap[issue.file]) continue;
+    comments.push({
+      path: issue.file,
+      line: issue.line || 1,
+      side: 'RIGHT',
+      body: `**${issue.type.toUpperCase()}** [${issue.severity}]: ${issue.message}${issue.suggestion ? '\n\n> 💡 ' + issue.suggestion : ''}`,
+    });
+    if (comments.length >= 50) break; // GitHub limit
+  }
+
+  const body = {
+    commit_id: pr.head.sha,
+    event: 'COMMENT',
+    body: `## 📋 coderev review\n\n**Score: ${result.score}/100** | ${(result.issues || []).length} issues found\n\n${result.summary || ''}`,
+    comments,
+  };
+
+  return githubApi(`/repos/${ref.owner}/${ref.repo}/pulls/${ref.pr}/reviews`, token, 'POST', body);
+}
+
+// ── Webhook Server ──────────────────────────────────────────
+
+/**
+ * Start the GitHub App webhook server.
+ */
+function startServer(appConfig) {
+  const server = http.createServer(async (req, res) => {
+    // Health check
+    if (req.url === '/health') {
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ status: 'ok', version: '1.0.0', uptime: process.uptime() }));
+      return;
+    }
+
+    // Only accept POST /webhook
+    if (req.method !== 'POST' || req.url !== '/webhook') {
+      res.writeHead(404);
+      res.end('Not found');
+      return;
+    }
+
+    // Read payload
+    const buffers = [];
+    for await (const chunk of req) buffers.push(chunk);
+    const rawBody = Buffer.concat(buffers);
+
+    // Verify signature
+    const signature = req.headers['x-hub-signature-256'] || '';
+    if (!verifySignature(rawBody, signature, appConfig.webhookSecret)) {
+      console.error(chalk.red('✖ Invalid webhook signature'));
+      res.writeHead(401);
+      res.end('Invalid signature');
+      return;
+    }
+
+    const event = req.headers['x-github-event'];
+    let payload;
+    try {
+      payload = JSON.parse(rawBody.toString('utf-8'));
+    } catch {
+      res.writeHead(400);
+      res.end('Invalid JSON');
+      return;
+    }
+
+    // Ack immediately
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ received: true }));
+
+    // Handle PR events
+    if (event === 'pull_request') {
+      try {
+        const result = await handlePREvent(event, payload, appConfig);
+        console.error(chalk.green(`✔ ${payload.repository?.full_name || '?'}#${payload.pull_request?.number || '?'}: ${result.handled ? 'Reviewed' : 'Skipped (' + result.reason + ')'}`));
+      } catch (err) {
+        console.error(chalk.red(`✖ Webhook handler error: ${err.message}`));
+      }
+    } else if (event === 'installation' || event === 'installation_repositories') {
+      const action = payload.action;
+      const account = payload.installation?.account?.login || payload.sender?.login || 'unknown';
+      const repos = (payload.repositories || []).map(r => r.full_name).join(', ') || 'N/A';
+      console.error(chalk.cyan(`📦 Installation ${action}: ${account} — ${repos}`));
+    } else {
+      console.error(chalk.gray(`ℹ Ignored event: ${event}`));
+    }
+  });
+
+  server.listen(appConfig.port, appConfig.host, () => {
+    console.error(chalk.bold.green('\n🚀 coderev GitHub App Server'));
+    console.error(chalk.gray('━').repeat(50));
+    console.error(chalk.cyan(`  Webhook URL: http://${appConfig.host}:${appConfig.port}/webhook`));
+    console.error(chalk.cyan(`  Health:      http://${appConfig.host}:${appConfig.port}/health`));
+    console.error(chalk.cyan(`  App ID:      ${appConfig.appId || '(not set)'}`));
+    console.error(chalk.cyan(`  Review mode: ${appConfig.reviewMode}`));
+    console.error(chalk.cyan(`  Auto-approve: ${appConfig.autoApprove ? 'yes' : 'no'}`));
+    console.error(chalk.gray('━').repeat(50));
+    console.error(chalk.gray('  Listening...'));
+  });
+
+  return server;
+}
+
+// ── Markdown 格式化（App 版本） ─────────────────────────────
+
+function formatAppMarkdown(result, ref) {
+  const TAG = `<!-- coderev:${ref.owner}/${ref.repo}#${ref.pr} -->`;
+  let md = `## 📋 coderev review\n\n${TAG}\n`;
+  md += `**Score:** ${result.score}/100\n`;
+  md += `**Issues found:** ${(result.issues || []).length}\n\n`;
+
+  if (result.summary) md += `${result.summary}\n\n`;
+
+  if (result.issues && result.issues.length > 0) {
+    md += '### Issues\n\n';
+    for (const issue of result.issues) {
+      const icons = { error: '🔴', warning: '🟡', info: '🔵' };
+      md += `- ${icons[issue.type] || '⚪'} **${issue.type.toUpperCase()}**`;
+      if (issue.severity) md += ` [${issue.severity}]`;
+      md += `: ${issue.message}`;
+      if (issue.file) md += ` (\`${issue.file}\``;
+      if (issue.line) md += `:${issue.line}`;
+      if (issue.file) md += `)`;
+      md += '\n';
+      if (issue.suggestion) md += `  - 💡 ${issue.suggestion}\n`;
+    }
+  }
+
+  if (result.praise && result.praise.length > 0) {
+    md += '\n### ✅ Good Practices\n\n';
+    for (const p of result.praise) md += `- ${p}\n`;
+  }
+
+  if (result.score !== undefined) {
+    const scoreVal = result.score;
+    const emoji = scoreVal >= 80 ? '🟢' : scoreVal >= 50 ? '🟡' : '🔴';
+    md += `\n${emoji} **Overall Score:** ${result.score}/100\n`;
+  }
+
+  return md;
+}
+
+// ── CLI 入口 ────────────────────────────────────────────────
+
+/**
+ * Parse CLI args and start the server.
+ * Called from cli.js 'serve' command.
+ */
+async function serveCommand(options) {
+  const config = loadConfig();
+  const appConfig = loadAppConfig();
+
+  // CLI overrides
+  if (options.port) appConfig.port = parseInt(options.port, 10);
+  if (options.webhookSecret) appConfig.webhookSecret = options.webhookSecret;
+  if (options.appId) appConfig.appId = options.appId;
+  if (options.privateKey) appConfig.privateKey = options.privateKey;
+  if (options.reviewMode) appConfig.reviewMode = options.reviewMode;
+  if (options.autoApprove !== undefined) appConfig.autoApprove = options.autoApprove;
+  if (options.minConfidence) appConfig.minConfidence = parseInt(options.minConfidence, 10);
+
+  // Validate required fields
+  const missing = [];
+  if (!appConfig.appId) missing.push('--app-id / GITHUB_APP_ID');
+  if (!appConfig.privateKey) missing.push('--private-key / GITHUB_APP_PRIVATE_KEY');
+
+  if (missing.length > 0) {
+    console.error(chalk.red('✖ Missing required configuration:'));
+    for (const m of missing) console.error(chalk.red(`   ${m}`));
+    console.error('');
+    console.error(chalk.yellow('To create a GitHub App:'));
+    console.error(chalk.yellow('  1. Go to https://github.com/settings/apps/new'));
+    console.error(chalk.yellow('  2. Set Webhook URL to your server URL + /webhook'));
+    console.error(chalk.yellow('  3. Subscribe to "Pull requests" event'));
+    console.error(chalk.yellow('  4. Download the private key (.pem file)'));
+    console.error(chalk.yellow('  5. Run:'));
+    console.error(chalk.yellow('     coderev serve --app-id <ID> --private-key "$(cat key.pem)"'));
+    console.error('');
+    process.exit(1);
+  }
+
+  return startServer(appConfig);
+}
+
+module.exports = { serveCommand, handlePREvent, generateAppJWT, getInstallationToken, formatAppMarkdown };
+
+// Required for inline require('https') in functions
+const https = require('https');

package/src/reviewer.js

@@ -2,6 +2,7 @@ const { loadConfig, getApiKey } = require('./config');
 const { cacheKey, getCached, setCached } = require('./cache');
 const { recordReview } = require('./stats');
 const { getRuleDescriptions } = require('./rules');
+const { analyzeDiffContext, tagIssuesWithBlame } = require('./blame');
 
 // ── 多智能体并行审查 ──
 
@@ -217,6 +218,7 @@ async function runParallelAgents(apiKey, config, prompts) {
  * @param {string} [options.context] - Previous review context (for incremental reviews)
  * @param {string} [options.ignorePattern] - File patterns to ignore
  * @param {number} [options.minConfidence] - Minimum confidence threshold (default: 60)
+ * @param {boolean} [options.blame] - Enable git blame context analysis
  * @returns {Promise<object>} Review result with issues, suggestions, score, etc.
  */
 async function reviewDiff(diff, config, options = {}) {
@@ -292,6 +294,23 @@ async function reviewDiff(diff, config, options = {}) {
     }
   }
 
+  // ── Git blame context analysis ──
+  if (options.blame && result.issues && result.issues.length > 0) {
+    try {
+      const fileContexts = await analyzeDiffContext(diff);
+      result.issues = tagIssuesWithBlame(result.issues, fileContexts);
+      result._blameContext = {
+        filesAnalyzed: fileContexts.length,
+        newIssues: result.issues.filter(i => i.isNew === true).length,
+        preExistingIssues: result.issues.filter(i => i.isNew === false).length,
+        unknownIssues: result.issues.filter(i => i.isNew === null).length,
+      };
+    } catch (err) {
+      // Blame analysis is a best-effort enhancement; don't fail the review
+      result._blameContext = { error: err.message };
+    }
+  }
+
   // Record to stats
   try { recordReview(result); } catch {}