delivery-friction-analyzer 0.2.1 → 0.2.3

package/README.md

@@ -1,38 +1,30 @@
 # Delivery Friction Analyzer
 
-Delivery Friction Analyzer is a product concept for measuring where AI-assisted software delivery still wastes time: review loops, CI churn, scope drift, missing validation, and repeated corrective work after a pull request opens.
+Delivery Friction Analyzer is a local CLI for GitHub pull request analytics. It samples merged PRs from a repository and writes delivery-friction reports that show where work slowed down: review loops, CI churn, scope spread, validation gaps, planning signals, and repeated corrective work.
 
-The core idea is to use GitHub data as the first durable signal. Pull request diffs, review comments by source, check runs, commits, change scope, file roles, and merge timelines can reveal which repositories, modules, and workflow stages create the most back-and-forth before work becomes mergeable.
+Use it when you want to answer questions like:
 
-## Product Direction
-
-Delivery Friction Analyzer is currently a local, GitHub-connected analyzer that produces repository-level friction reports from live pull request data. It is repo-source-agnostic: repository-specific assumptions live in profiles, while generated artifacts preserve source evidence, coverage caveats, and interpretation limits.
-
-`hannasdev/mcp-writing` remains the first validation target and fixture source, not product-specific scope.
-
-The current product wedge is a maintainer workflow:
+- Where do PRs require the most corrective loops?
+- Which feedback patterns repeat across PRs?
+- Which files, surfaces, or PR classes create the most back-and-forth?
+- Which issues look preventable with better local checks, repo-specific AI instructions, skills, hooks, or smaller delivery slices?
 
-- collect the latest merged PR sample from a target repository;
-- classify files and PRs through repository profiles;
-- generate Markdown, JSON, methodology, and CSV artifacts;
-- explain review, validation, scope, planning, PR-size, and PR-class friction with traceable evidence;
-- support explicit follow-up filtering when maintainers want to inspect a configured PR population separately.
+The analyzer runs locally with your GitHub credentials. Generated artifacts preserve source evidence, coverage caveats, and interpretation limits so reports can be inspected before they are shared.
 
-The report helps answer:
+## Requirements
 
-- Where do PRs require the most corrective loops?
-- Which feedback patterns repeat across PRs?
-- Which issues are preventable with better local checks, repo-specific AI instructions, skills, hooks, or smaller delivery slices?
-- Which changes create the largest gap between the PR opened state and the merged state?
-- Which changed files are part of the repository's configured product surface versus tests, docs, generated artifacts, release notes, marketing surfaces, or other support surfaces?
+- Node.js 20 or newer.
+- GitHub CLI (`gh`) installed and authenticated with access to the target repository.
+- A repository profile JSON for the repository you want to analyze.
 
-The product should eventually combine GitHub delivery friction with token and model usage, but GitHub-only analytics remain the active validation surface.
+For public repositories, ordinary read access is usually enough. Private repositories need a `gh` token with enough read access for the requested API families. With a classic PAT, that usually means the `repo` scope. With a fine-grained token or GitHub App, grant read permissions for repository metadata and contents, pull requests, Actions, and checks where available. Missing or partial API coverage is recorded in the generated methodology and coverage artifacts instead of being treated as complete data.
 
-## Local GitHub Analysis
+## Quickstart
 
-Run the live analyzer with local `gh` credentials:
+From this repository, install dependencies and run the analyzer against the sample validation target:
 
 ```sh
+npm install
 npm run analyze:github -- \
   --repo hannasdev/mcp-writing \
   --limit 30 \
@@ -40,7 +32,7 @@ npm run analyze:github -- \
   --out reports/mcp-writing
 ```
 
-After installing from npm, the same analyzer is available as a CLI:
+From another project or script, run the published CLI with `npx`:
 
 ```sh
 npx delivery-friction-analyzer \
@@ -50,45 +42,92 @@ npx delivery-friction-analyzer \
   --out reports/mcp-writing
 ```
 
-The npm CLI still expects a local repository profile JSON. Use the sample profile from this repository as a starting point, then save a copy for the repository you want to analyze.
+Open `reports/mcp-writing/friction-report.md` first. It is the main human-readable report. Use the JSON and CSV files when you want to audit a finding, compare PRs, or build follow-up analysis.
 
-The command writes:
+## Repository Profiles
 
-- `source-bundle.json`
-- `normalized.json`
-- `metrics-summary.json`
-- `friction-report.json`
-- `friction-report.md`
-- `methodology.md`
-- `pr-metrics.csv`
-- `bottleneck-examples.csv`
-- `comment-sources.csv`
-- `collection-coverage.csv`
+Every run needs a repository profile. Profiles keep repository-specific assumptions out of the analyzer code by describing how paths and pull request titles should be classified.
 
-Use `--dry-run` or `--metadata-only` to validate repository access, profile JSON, output directory writability, and sampled API coverage without writing full report artifacts. Use `--no-csv` when you want the Markdown, JSON, source, normalized, metrics, and methodology artifacts without spreadsheet-friendly CSV exports. Use `--exclude-pr-class <class>` to explicitly remove a configured PR class from downstream normalized, metrics, report, methodology, and CSV artifacts; `source-bundle.json` still preserves the full collected sample for auditability.
+Profiles can define:
 
-Successful runs print a concise completion message with `friction-report.md` first, followed by the key supporting artifacts and collection coverage status. Use `--json` when automation needs the full machine-readable completion receipt on stdout.
+- file categories such as code, tests, docs, generated files, infrastructure, or config;
+- file roles such as core product code, release notes, fixtures, planning docs, or generated docs;
+- functional surfaces such as runtime, test suite, release notes, or user docs;
+- PR classes such as release, dependency, feature, or other repository-specific groups.
 
-Read `friction-report.md` first, then inspect `methodology.md`, the CSV exports, `friction-report.json`, and `source-bundle.json` when a bottleneck looks surprising. Each ranked bottleneck example includes the workflow-run source, workflow-run conclusions, review-thread source, comment-source breakdown, and a dominance note when one PR contributes most of the displayed signal.
+Use `fixtures/github/mcp-writing/profile.json` as a starting point, then save a copy for the repository you want to analyze. The full profile format is documented in `docs/reference/repository-profile.md`, and the schema lives at `schemas/repository-profile.schema.json`.
 
-Ranked bottlenecks are ordered by their strongest displayed representative score, not by an opaque composite priority score. PR size columns show final/current additions, deletions, changed files, and changed lines so maintainers can compare size against review, validation, and planning signals.
+## Outputs
 
-### Optional narrative drafting
+A successful run writes a report bundle to the output directory:
 
-The generated artifacts are also enough context for an optional local workflow where a separate model drafts a narrative report. Use `friction-report.json` as the structured source of truth, `friction-report.md` as the human-readable source of truth, and the curated CSV exports only as supporting evidence when the draft needs per-PR detail.
+- `friction-report.md`: the main report to read first.
+- `methodology.md`: data coverage, caveats, and interpretation notes.
+- `friction-report.json`: machine-readable report data.
+- `metrics-summary.json`: computed metrics used by the report.
+- `normalized.json`: normalized repository, PR, file, review, and validation entities.
+- `source-bundle.json`: collected source data for auditability.
+- `pr-metrics.csv`: per-PR metrics for spreadsheet review.
+- `bottleneck-examples.csv`: representative bottleneck examples.
+- `comment-sources.csv`: review-comment source breakdowns.
+- `collection-coverage.csv`: API coverage diagnostics.
 
-When using a model this way, keep the deterministic artifacts authoritative: preserve coverage, outlier, PR-class, and analysis-filter caveats; distinguish observed evidence from inferred diagnosis and suggested action; do not invent missing data; and do not rank individuals. Review any generated prose against the Markdown, JSON, and CSV evidence before sharing it.
+Each ranked bottleneck example includes source references, workflow-run conclusions, review-thread source information, comment-source breakdowns, and a dominance note when one PR contributes most of the displayed signal.
 
-No separate model-ready context artifact is required for this workflow. Reconsider a new artifact only if a concrete consumer needs a smaller single-file context, machine-readable prompt packaging, or fields that cannot be represented clearly by `friction-report.json` plus curated CSV evidence.
+## Common Options
+
+Use `--dry-run` or `--metadata-only` to validate repository access, profile JSON, output directory writability, and sampled API coverage without writing full report artifacts.
+
+Use `--no-csv` when you want the Markdown, JSON, source, normalized, metrics, and methodology artifacts without spreadsheet-friendly CSV exports.
+
+Use `--exclude-pr-class <class>` to remove a configured PR class from downstream normalized, metrics, report, methodology, and CSV artifacts. `source-bundle.json` still preserves the full collected sample for auditability.
+
+Use `--json` when automation needs the full machine-readable completion receipt on stdout.
+
+## How To Read A Report
+
+Start with `friction-report.md`. If a bottleneck looks surprising, inspect `methodology.md`, the CSV exports, `friction-report.json`, and `source-bundle.json`.
+
+Ranked bottlenecks are ordered by their strongest displayed representative score, not by an opaque composite priority score. PR size columns show final or current additions, deletions, changed files, and changed lines so maintainers can compare size against review, validation, and planning signals.
 
-Known MVP interpretation limits:
+Generated artifacts may contain repository names, PR URLs, PR titles, file paths, comment metadata, curated CSV evidence, and coverage diagnostics. Treat source bundles, normalized data, metrics summaries, reports, methodology, and CSV exports as local or private unless you intentionally review and share them.
+
+## Interpretation Limits
+
+Known MVP limits:
 
 - PR-open diff growth is unavailable unless an open-time snapshot or reconstruction exists; the local historical collector does not infer it from merge-time diff data.
 - Workflow runs are collected from branch-based pull-request Actions history, which can be unavailable or partial for deleted, renamed, reused, or inaccessible branches.
 - Review-thread counts depend on GraphQL review-thread coverage; unavailable thread access is reported instead of silently treated as zero review churn.
-- A single PR or PR class, such as release, dependency, bot-driven, or unusually broad feature work, can dominate validation or review findings. Treat PR and class dominance notes as prompts to inspect the raw evidence before generalizing; use `--exclude-pr-class` only when you intentionally want a filtered follow-up view.
+- A single PR or PR class, such as release, dependency, bot-driven, or unusually broad feature work, can dominate validation or review findings. Treat PR and class dominance notes as prompts to inspect the raw evidence before generalizing.
+
+More detail on GitHub API coverage is documented in `docs/reference/github-access-coverage.md`.
+
+## Optional Narrative Drafting
+
+The generated artifacts are enough context for an optional local workflow where a separate model drafts a narrative report. Use `friction-report.json` as the structured source of truth, `friction-report.md` as the human-readable source of truth, and the curated CSV exports only as supporting evidence when the draft needs per-PR detail.
+
+When using a model this way, keep the deterministic artifacts authoritative: preserve coverage, outlier, PR-class, and analysis-filter caveats; distinguish observed evidence from inferred diagnosis and suggested action; do not invent missing data; and do not rank individuals. Review any generated prose against the Markdown, JSON, and CSV evidence before sharing it.
+
+No separate model-ready context artifact is required for this workflow. Reconsider a new artifact only if a concrete consumer needs a smaller single-file context, machine-readable prompt packaging, or fields that cannot be represented clearly by `friction-report.json` plus curated CSV evidence.
+
+## Current Direction
+
+Delivery Friction Analyzer is currently a local, GitHub-connected analyzer that produces repository-level friction reports from live pull request data. It is repo-source-agnostic: repository-specific assumptions live in profiles.
+
+The current product wedge is a maintainer workflow:
+
+- collect the latest merged PR sample from a target repository;
+- classify files and PRs through repository profiles;
+- generate Markdown, JSON, methodology, and CSV artifacts;
+- explain review, validation, scope, planning, PR-size, and PR-class friction with traceable evidence;
+- support explicit follow-up filtering when maintainers want to inspect a configured PR population separately.
+
+The product should eventually combine GitHub delivery friction with token and model usage, but GitHub-only analytics remain the active validation surface.
+
+`hannasdev/mcp-writing` remains the first validation target and fixture source, not product-specific scope.
 
-Generated artifacts may contain repository names, PR URLs, PR titles, file paths, comment metadata, curated CSV evidence, and coverage diagnostics. Treat source bundles, normalized data, metrics summaries, reports, methodology, and CSV exports as local/private unless you intentionally review and share them.
+## Development Notes
 
 The existing metrics-summary-only report command remains available for fixture and advanced workflows:
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "delivery-friction-analyzer",
-  "version": "0.2.1",
+  "version": "0.2.3",
   "description": "Local GitHub pull request analytics for delivery friction reports.",
   "license": "MIT",
   "type": "module",

package/release-log.md

@@ -2,6 +2,14 @@
 
 ## Unreleased
 
+### 2026-06-15 — Review Decision Author Detection
+
+- What changed: Review decision evidence now recognizes human approvals from live `gh pr view` review events that include only an author login.
+- Why it matters: Maintainers can trust `review_decision`, `human_approved`, and `human_reviewer_count` for zero-thread PRs instead of seeing approved PRs reported as having no human review.
+- Who is affected: Maintainers and contributors running or inspecting live GitHub analysis outputs.
+- Action needed: Re-run affected reports to refresh the corrected review decision evidence.
+- PR: https://github.com/hannasdev/delivery-friction-analyzer/pull/32
+
 ### 2026-06-15 — Optional Narrative Drafting Guidance
 
 - What changed: The README and friction report contract now document how to use `friction-report.json` with curated CSV evidence as sufficient context for optional downstream narrative drafting, without adding a separate model-ready artifact.

package/src/normalize/github-fixture.js

@@ -22,6 +22,15 @@ function flattenThreadComments(reviewThreads = {}) {
   ));
 }
 
+function classifyReviewEventSource(author, { pullRequestAuthorLogin } = {}) {
+  const source = classifyCommentSource(author, { pullRequestAuthorLogin });
+  const login = String(author?.login ?? "").trim();
+  if (source !== "unknown" || !login) {
+    return source;
+  }
+  return "human_reviewer";
+}
+
 function normalizeReview(review, { pullRequestAuthorLogin } = {}) {
   const author = review.author ?? {};
   return {
@@ -29,7 +38,7 @@ function normalizeReview(review, { pullRequestAuthorLogin } = {}) {
     submittedAt: review.submittedAt,
     state: review.state,
     commitOid: review.commitOid ?? review.commit?.oid ?? null,
-    source: classifyCommentSource(author, { pullRequestAuthorLogin }),
+    source: classifyReviewEventSource(author, { pullRequestAuthorLogin }),
     generatedCommentCount: review.generatedCommentCount ?? null,
     failedAttempt: Boolean(review.failedAttempt),
   };
@@ -77,7 +86,7 @@ function summarizeReviewDecision(pr) {
   }
 
   const humanReviews = pr.reviews.filter(review => (
-    classifyCommentSource(review.author, { pullRequestAuthorLogin: pr.author?.login }) === "human_reviewer"
+    classifyReviewEventSource(review.author, { pullRequestAuthorLogin: pr.author?.login }) === "human_reviewer"
   ));
   const humanReviewerKeys = new Set(humanReviews.map(reviewAuthorKey).filter(Boolean));
   const states = new Set(humanReviews.map(reviewState));