npm - ghreview - Versions diffs - 1.0.0 → 2.0.0 - Mend

ghreview 1.0.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/.github/dependabot.yml +6 -2
package/.github/workflows/test-and-release.yml +11 -9
package/CHANGELOG.md +41 -0
package/README.md +20 -2
package/lib/config.js +72 -25
package/lib/github.js +71 -9
package/package.json +7 -6
package/.claude/settings.local.json +0 -10

package/.github/dependabot.yml CHANGED Viewed

@@ -3,14 +3,18 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
     commit-message:
       prefix: "chore"
       include: "scope"
+    cooldown:
+      default-days: 5
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
     commit-message:
       prefix: "chore"
       include: "scope"
+    cooldown:
+      default-days: 5

package/.github/workflows/test-and-release.yml CHANGED Viewed

@@ -5,14 +5,14 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        node: [22.x, lts/*, current]
+        node: [lts/*, current]
         os: [macos-latest, ubuntu-latest, windows-latest]
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v6.0.1
       - name: Use Node.js ${{ matrix.node }}
-        uses: actions/setup-node@v4.4.0
+        uses: actions/setup-node@v6.1.0
         with:
           node-version: ${{ matrix.node }}
       - name: Install Dependencies
@@ -27,24 +27,26 @@ jobs:
     needs: test
     runs-on: ubuntu-latest
     if: github.event_name == 'push' && github.ref == 'refs/heads/master'
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+      id-token: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v6.0.1
         with:
           fetch-depth: 0
       - name: Setup Node.js
-        uses: actions/setup-node@v4.4.0
+        uses: actions/setup-node@v6.1.0
         with:
           node-version: lts/*
       - name: Install dependencies
         run: |
           npm install --no-progress --no-save
-      - name: Build
-        run: |
-          npm run build
       - name: Release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPM_CONFIG_PROVENANCE: true
         run: npx semantic-release

package/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,41 @@
+## [2.0.0](https://github.com/rvagg/ghreview/compare/v1.0.1...v2.0.0) (2026-01-24)
+### ⚠ BREAKING CHANGES
+* Config location changed from ~/.ghreview/config.json
+to XDG paths (~/.config/ghreview/config.json on Linux). Move your
+existing config to the new location.
+### Features
+* add interactive auth and filter resolved comments ([29a8196](https://github.com/rvagg/ghreview/commit/29a81961b5c9ee636552d048f96cc9d59c7ace81))
+### Trivial Changes
+* **ci:** oidc publishing ([4cef06b](https://github.com/rvagg/ghreview/commit/4cef06b9f64ec067b0363fc230babca74e224395))
+* **deps-dev:** bump @semantic-release/github from 11.0.6 to 12.0.0 ([cef9450](https://github.com/rvagg/ghreview/commit/cef94502b1d00ced4c653b67b0af7b6ff350948b))
+* **deps-dev:** bump @semantic-release/npm from 12.0.2 to 13.1.1 ([c63e419](https://github.com/rvagg/ghreview/commit/c63e419188b913ed866ddf48b7bbbe4c2d2b8f00))
+* **deps-dev:** bump nock from 14.0.7 to 14.0.10 ([a7c98df](https://github.com/rvagg/ghreview/commit/a7c98dfe7840fbd26a5c9c81ed21acd5bfcf7240))
+* **deps:** bump actions/checkout from 4.2.2 to 6.0.1 ([170b48c](https://github.com/rvagg/ghreview/commit/170b48c47bfd6a601037d362b9c3b4e084a83d05))
+* **deps:** bump actions/setup-node from 4.4.0 to 6.1.0 ([61ce2d9](https://github.com/rvagg/ghreview/commit/61ce2d9f083b83562d139de8bcfba985c9017a4a))
+* **deps:** bump chalk from 5.4.1 to 5.6.2 ([948fa9d](https://github.com/rvagg/ghreview/commit/948fa9d78c11b527c4483276e7426b6207084751))
+* **deps:** bump ora from 8.2.0 to 9.0.0 ([8dff5ca](https://github.com/rvagg/ghreview/commit/8dff5ca3d61eb056739422b647d8e7c260967924))
+* fix dependabot config ([4d2b670](https://github.com/rvagg/ghreview/commit/4d2b670cda6b6c975d760ec822f0ce2ca1b337cd))
+## [1.0.1](https://github.com/rvagg/ghreview/compare/v1.0.0...v1.0.1) (2025-07-28)
+### Trivial Changes
+* bump ([ed0f6d9](https://github.com/rvagg/ghreview/commit/ed0f6d9b16c52566b1238f4b5ccdc362f5660d82))
+## 1.0.0 (2025-07-28)
+### Bug Fixes
+* publish ([b405eb4](https://github.com/rvagg/ghreview/commit/b405eb4cff0d13e856da0aeee895d7601d9f3763))
+* update publish perms ([62009ef](https://github.com/rvagg/ghreview/commit/62009ef718d06664efb3ac5a001e5b84fe5364a0))
+### Trivial Changes
+* **docs:** expand workflow description ([5dd5671](https://github.com/rvagg/ghreview/commit/5dd5671f455dfa83bda88a1f8e0fab2fa9d836af))
+* initial release ([2a1891d](https://github.com/rvagg/ghreview/commit/2a1891d9c7661f3bb761a8d2dfa36da1287fcea3))

package/README.md CHANGED Viewed

@@ -1,10 +1,28 @@
 # ghreview
+[![NPM](https://nodei.co/npm/ghreview.svg?style=flat&data=n,v)](https://nodei.co/npm/ghreview/)
 GitHub PR-based code review workflow for AI-assisted development.
 ## Overview
-`ghreview` enables you to use GitHub's pull request review interface to review uncommitted code changes, particularly useful when working with AI coding assistants. It pushes your current state and uncommitted changes as a PR, lets you review and comment, then collects that feedback in a format suitable for AI consumption.
+`ghreview` bridges the gap between AI-assisted coding and GitHub's superior code review interface. It allows you to review AI-generated code changes using GitHub's familiar PR review tools while keeping your local repository pristine.
+### Why?
+- **Clean local state**: Your working directory remains exactly as it was - no commits, no branch switches, no git operations visible in your project
+- **Familiar workflow**: Use GitHub's excellent PR review interface with inline comments, suggestions, and discussions
+- **Private reviews**: Use a dedicated private repository for reviews, keeping your AI interactions separate from your main project
+- **Zero footprint**: Creates temporary branches and commits in a separate review repository, immediately cleaning up after pushing
+- **AI-friendly output**: Collects all feedback in a structured format that's easy to paste back to your AI assistant
+### How?
+1. You work with your AI assistant and have uncommitted changes in your project
+2. `ghreview init` pushes your current state to a dedicated review repository without affecting your local git state
+3. You review the changes on GitHub using all the familiar tools
+4. `ghreview collect` gathers your feedback in a format optimized for AI consumption
+5. Your local repository remains untouched throughout - as if git was never involved
 ## Quick Start
@@ -182,4 +200,4 @@ npm test
 ## License
-Apache-2.0
+Apache-2.0

package/lib/config.js CHANGED Viewed

@@ -1,42 +1,89 @@
 import fs from 'fs/promises'
 import path from 'path'
 import os from 'os'
+import ghauth from 'ghauth'
+import { read } from 'read'
-const CONFIG_DIR = path.join(os.homedir(), '.ghreview')
-const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json')
+function getConfigPath () {
+  const home = os.homedir()
+  switch (os.platform()) {
+    case 'darwin':
+      return path.join(home, 'Library', 'Application Support', 'ghreview', 'config.json')
+    case 'win32':
+      return path.join(process.env.APPDATA || path.join(home, 'AppData', 'Roaming'), 'ghreview', 'config.json')
+    default:
+      return path.join(process.env.XDG_CONFIG_HOME || path.join(home, '.config'), 'ghreview', 'config.json')
+  }
+}
-export async function loadConfig () {
+const CONFIG_FILE = getConfigPath()
+const CONFIG_DIR = path.dirname(CONFIG_FILE)
+async function readConfig () {
   try {
     const configData = await fs.readFile(CONFIG_FILE, 'utf8')
-    const config = JSON.parse(configData)
-    // Validate required fields
-    if (!config.reviewRepo) {
-      throw new Error('Missing required config field: reviewRepo')
+    return JSON.parse(configData)
+  } catch (error) {
+    if (error.code === 'ENOENT') {
+      return {}
     }
+    throw error
+  }
+}
-    if (!config.githubToken) {
-      throw new Error('Missing required config field: githubToken\n\nTo create a GitHub token:\n1. Go to https://github.com/settings/tokens/new\n2. Give it a name (e.g., "ghreview")\n3. Select scopes: "repo" (Full control of private repositories)\n4. Click "Generate token"\n5. Copy the token and add it to your config file')
-    }
+async function writeConfig (config) {
+  await fs.mkdir(CONFIG_DIR, { recursive: true, mode: 0o700 })
+  await fs.writeFile(CONFIG_FILE, JSON.stringify(config, null, 2), { mode: 0o600 })
+}
-    // Validate repo format
-    if (!config.reviewRepo.includes('/')) {
-      throw new Error('Invalid reviewRepo format. Expected: owner/repo')
-    }
+export async function loadConfig () {
+  const config = await readConfig()
+  let configChanged = false
-    return config
-  } catch (error) {
-    if (error.code === 'ENOENT') {
-      throw new Error(`Config file not found at ${CONFIG_FILE}\nCreate it with: {"reviewRepo": "owner/repo", "githubToken": "your_github_token"}`)
+  // Check if we need to acquire a token
+  if (!config.githubToken) {
+    console.log('GitHub authentication required.\n')
+    const authData = await ghauth({
+      configName: 'ghreview',
+      scopes: ['repo'],
+      noSave: true,
+      noDeviceFlow: true
+    })
+    config.githubToken = authData.token
+    config.user = authData.user
+    configChanged = true
+  }
+  // Check if we need a reviewRepo
+  if (!config.reviewRepo) {
+    const defaultRepo = config.user ? `${config.user}/reviews` : null
+    const prompt = defaultRepo
+      ? `Review repository (owner/repo) [${defaultRepo}]: `
+      : 'Review repository (owner/repo): '
+    const input = await read({ prompt })
+    config.reviewRepo = input || defaultRepo
+    if (!config.reviewRepo) {
+      throw new Error('Review repository is required')
     }
-    throw error
+    configChanged = true
   }
+  // Validate repo format
+  if (!config.reviewRepo.includes('/')) {
+    throw new Error('Invalid reviewRepo format. Expected: owner/repo')
+  }
+  // Save config if anything changed
+  if (configChanged) {
+    await writeConfig(config)
+    console.log(`\nConfig saved to ${CONFIG_FILE}\n`)
+  }
+  return config
 }
 export async function ensureConfigDir () {
-  try {
-    await fs.mkdir(CONFIG_DIR, { recursive: true })
-  } catch (error) {
-    // Directory might already exist, that's fine
-  }
+  await fs.mkdir(CONFIG_DIR, { recursive: true })
 }

package/lib/github.js CHANGED Viewed

@@ -60,12 +60,73 @@ All comments will be collected with line numbers and context for AI consumption.
 export async function fetchReviewComments (owner, repo, prNumber, token) {
   const octokit = createOctokit(token)
-  // Fetch inline comments
-  const { data: comments } = await octokit.rest.pulls.listReviewComments({
-    owner,
-    repo,
-    pull_number: prNumber
-  })
+  // Use GraphQL to fetch review threads with resolution status
+  const query = `
+    query($owner: String!, $repo: String!, $prNumber: Int!, $cursor: String) {
+      repository(owner: $owner, name: $repo) {
+        pullRequest(number: $prNumber) {
+          reviewThreads(first: 100, after: $cursor) {
+            pageInfo {
+              hasNextPage
+              endCursor
+            }
+            nodes {
+              isResolved
+              isOutdated
+              path
+              line
+              startLine
+              comments(first: 100) {
+                nodes {
+                  id
+                  body
+                  path
+                  line: originalLine
+                  startLine: originalStartLine
+                  position: originalPosition
+                  user: author {
+                    login
+                  }
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  `
+  // Fetch all review threads with pagination
+  const allThreads = []
+  let cursor = null
+  let hasNextPage = true
+  while (hasNextPage) {
+    const result = await octokit.graphql(query, {
+      owner,
+      repo,
+      prNumber,
+      cursor
+    })
+    const threads = result.repository.pullRequest.reviewThreads
+    allThreads.push(...threads.nodes)
+    hasNextPage = threads.pageInfo.hasNextPage
+    cursor = threads.pageInfo.endCursor
+  }
+  // Filter to only unresolved threads and flatten comments
+  const unresolvedComments = allThreads
+    .filter(thread => !thread.isResolved)
+    .flatMap(thread => thread.comments.nodes.map(comment => ({
+      ...comment,
+      path: thread.path,
+      line: comment.line || thread.line,
+      start_line: comment.startLine || thread.startLine,
+      original_line: comment.line || thread.line,
+      original_start_line: comment.startLine || thread.startLine,
+      position: comment.position
+    })))
   // Fetch PR reviews (general comments)
   const { data: reviews } = await octokit.rest.pulls.listReviews({
@@ -82,7 +143,7 @@ export async function fetchReviewComments (owner, repo, prNumber, token) {
   })
   return {
-    inline: comments,
+    inline: unresolvedComments,
     reviews: reviews.filter(r => r.body), // Only reviews with comments
     discussion: issueComments
   }
@@ -93,10 +154,11 @@ export function formatFeedback (comments, filterBots = true) {
   // Filter out bot comments if requested
   const isBot = (comment) => {
+    const login = comment.user?.login || comment.author?.login
     return filterBots && (
       comment.user?.type === 'Bot' ||
-      comment.user?.login?.includes('[bot]') ||
-      comment.user?.login?.includes('-bot')
+      login?.includes('[bot]') ||
+      login?.includes('-bot')
     )
   }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "ghreview",
-  "version": "1.0.0",
+  "version": "2.0.0",
   "description": "GitHub PR-based code review workflow for AI-assisted development",
   "type": "module",
   "main": "lib/index.js",
@@ -25,8 +25,9 @@
   "license": "Apache-2.0",
   "dependencies": {
     "@octokit/rest": "^22.0.0",
-    "chalk": "^5.4.1",
-    "ora": "^8.2.0",
+    "chalk": "^5.6.2",
+    "ghauth": "^7.0.0",
+    "ora": "^9.0.0",
     "simple-git": "^3.28.0",
     "yargs": "^18.0.0"
   },
@@ -34,11 +35,11 @@
     "@semantic-release/changelog": "^6.0.3",
     "@semantic-release/commit-analyzer": "^13.0.1",
     "@semantic-release/git": "^10.0.1",
-    "@semantic-release/github": "^11.0.3",
-    "@semantic-release/npm": "^12.0.2",
+    "@semantic-release/github": "^12.0.0",
+    "@semantic-release/npm": "^13.1.1",
     "@semantic-release/release-notes-generator": "^14.0.3",
     "conventional-changelog-conventionalcommits": "^9.0.0",
-    "nock": "^14.0.7",
+    "nock": "^14.0.10",
     "standard": "^17.1.2",
     "vitest": "^3.2.4"
   },

package/.claude/settings.local.json DELETED Viewed

@@ -1,10 +0,0 @@
-{
-  "permissions": {
-    "allow": [
-      "Bash(npm run lint)",
-      "Bash(npm test)",
-      "Bash(npm run lint:*)"
-    ],
-    "deny": []
-  }
-}