ghreview 1.0.1 → 2.0.1

package/.github/dependabot.yml

@@ -3,14 +3,18 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
     commit-message:
       prefix: "chore"
       include: "scope"
+    cooldown:
+      default-days: 5
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
     commit-message:
       prefix: "chore"
       include: "scope"
+    cooldown:
+      default-days: 5

package/.github/workflows/test-and-release.yml

@@ -5,14 +5,14 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        node: [22.x, lts/*, current]
+        node: [lts/*, current]
         os: [macos-latest, ubuntu-latest, windows-latest]
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v6.0.1
       - name: Use Node.js ${{ matrix.node }}
-        uses: actions/setup-node@v4.4.0
+        uses: actions/setup-node@v6.1.0
         with:
           node-version: ${{ matrix.node }}
       - name: Install Dependencies
@@ -31,13 +31,14 @@ jobs:
       contents: write
       issues: write
       pull-requests: write
+      id-token: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v6.0.1
         with:
           fetch-depth: 0
       - name: Setup Node.js
-        uses: actions/setup-node@v4.4.0
+        uses: actions/setup-node@v6.1.0
         with:
           node-version: lts/*
       - name: Install dependencies
@@ -46,6 +47,6 @@ jobs:
       - name: Release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPM_CONFIG_PROVENANCE: true
         run: npx semantic-release
 

package/CHANGELOG.md

@@ -1,3 +1,33 @@
+## [2.0.1](https://github.com/rvagg/ghreview/compare/v2.0.0...v2.0.1) (2026-01-24)
+
+### Trivial Changes
+
+* **deps-dev:** bump nock from 14.0.7 to 14.0.10 ([#5](https://github.com/rvagg/ghreview/issues/5)) ([b979aba](https://github.com/rvagg/ghreview/commit/b979abaad70a259a0d01eb6d8b89eeb0a7707dc6))
+
+## [2.0.0](https://github.com/rvagg/ghreview/compare/v1.0.1...v2.0.0) (2026-01-24)
+
+### ⚠ BREAKING CHANGES
+
+* Config location changed from ~/.ghreview/config.json
+to XDG paths (~/.config/ghreview/config.json on Linux). Move your
+existing config to the new location.
+
+### Features
+
+* add interactive auth and filter resolved comments ([29a8196](https://github.com/rvagg/ghreview/commit/29a81961b5c9ee636552d048f96cc9d59c7ace81))
+
+### Trivial Changes
+
+* **ci:** oidc publishing ([4cef06b](https://github.com/rvagg/ghreview/commit/4cef06b9f64ec067b0363fc230babca74e224395))
+* **deps-dev:** bump @semantic-release/github from 11.0.6 to 12.0.0 ([cef9450](https://github.com/rvagg/ghreview/commit/cef94502b1d00ced4c653b67b0af7b6ff350948b))
+* **deps-dev:** bump @semantic-release/npm from 12.0.2 to 13.1.1 ([c63e419](https://github.com/rvagg/ghreview/commit/c63e419188b913ed866ddf48b7bbbe4c2d2b8f00))
+* **deps-dev:** bump nock from 14.0.7 to 14.0.10 ([a7c98df](https://github.com/rvagg/ghreview/commit/a7c98dfe7840fbd26a5c9c81ed21acd5bfcf7240))
+* **deps:** bump actions/checkout from 4.2.2 to 6.0.1 ([170b48c](https://github.com/rvagg/ghreview/commit/170b48c47bfd6a601037d362b9c3b4e084a83d05))
+* **deps:** bump actions/setup-node from 4.4.0 to 6.1.0 ([61ce2d9](https://github.com/rvagg/ghreview/commit/61ce2d9f083b83562d139de8bcfba985c9017a4a))
+* **deps:** bump chalk from 5.4.1 to 5.6.2 ([948fa9d](https://github.com/rvagg/ghreview/commit/948fa9d78c11b527c4483276e7426b6207084751))
+* **deps:** bump ora from 8.2.0 to 9.0.0 ([8dff5ca](https://github.com/rvagg/ghreview/commit/8dff5ca3d61eb056739422b647d8e7c260967924))
+* fix dependabot config ([4d2b670](https://github.com/rvagg/ghreview/commit/4d2b670cda6b6c975d760ec822f0ce2ca1b337cd))
+
 ## [1.0.1](https://github.com/rvagg/ghreview/compare/v1.0.0...v1.0.1) (2025-07-28)
 
 ### Trivial Changes

package/lib/config.js

@@ -1,42 +1,89 @@
 import fs from 'fs/promises'
 import path from 'path'
 import os from 'os'
+import ghauth from 'ghauth'
+import { read } from 'read'
 
-const CONFIG_DIR = path.join(os.homedir(), '.ghreview')
-const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json')
+function getConfigPath () {
+  const home = os.homedir()
+  switch (os.platform()) {
+    case 'darwin':
+      return path.join(home, 'Library', 'Application Support', 'ghreview', 'config.json')
+    case 'win32':
+      return path.join(process.env.APPDATA || path.join(home, 'AppData', 'Roaming'), 'ghreview', 'config.json')
+    default:
+      return path.join(process.env.XDG_CONFIG_HOME || path.join(home, '.config'), 'ghreview', 'config.json')
+  }
+}
 
-export async function loadConfig () {
+const CONFIG_FILE = getConfigPath()
+const CONFIG_DIR = path.dirname(CONFIG_FILE)
+
+async function readConfig () {
   try {
     const configData = await fs.readFile(CONFIG_FILE, 'utf8')
-    const config = JSON.parse(configData)
-
-    // Validate required fields
-    if (!config.reviewRepo) {
-      throw new Error('Missing required config field: reviewRepo')
+    return JSON.parse(configData)
+  } catch (error) {
+    if (error.code === 'ENOENT') {
+      return {}
     }
+    throw error
+  }
+}
 
-    if (!config.githubToken) {
-      throw new Error('Missing required config field: githubToken\n\nTo create a GitHub token:\n1. Go to https://github.com/settings/tokens/new\n2. Give it a name (e.g., "ghreview")\n3. Select scopes: "repo" (Full control of private repositories)\n4. Click "Generate token"\n5. Copy the token and add it to your config file')
-    }
+async function writeConfig (config) {
+  await fs.mkdir(CONFIG_DIR, { recursive: true, mode: 0o700 })
+  await fs.writeFile(CONFIG_FILE, JSON.stringify(config, null, 2), { mode: 0o600 })
+}
 
-    // Validate repo format
-    if (!config.reviewRepo.includes('/')) {
-      throw new Error('Invalid reviewRepo format. Expected: owner/repo')
-    }
+export async function loadConfig () {
+  const config = await readConfig()
+  let configChanged = false
 
-    return config
-  } catch (error) {
-    if (error.code === 'ENOENT') {
-      throw new Error(`Config file not found at ${CONFIG_FILE}\nCreate it with: {"reviewRepo": "owner/repo", "githubToken": "your_github_token"}`)
+  // Check if we need to acquire a token
+  if (!config.githubToken) {
+    console.log('GitHub authentication required.\n')
+    const authData = await ghauth({
+      configName: 'ghreview',
+      scopes: ['repo'],
+      noSave: true,
+      noDeviceFlow: true
+    })
+    config.githubToken = authData.token
+    config.user = authData.user
+    configChanged = true
+  }
+
+  // Check if we need a reviewRepo
+  if (!config.reviewRepo) {
+    const defaultRepo = config.user ? `${config.user}/reviews` : null
+    const prompt = defaultRepo
+      ? `Review repository (owner/repo) [${defaultRepo}]: `
+      : 'Review repository (owner/repo): '
+
+    const input = await read({ prompt })
+    config.reviewRepo = input || defaultRepo
+
+    if (!config.reviewRepo) {
+      throw new Error('Review repository is required')
     }
-    throw error
+    configChanged = true
   }
+
+  // Validate repo format
+  if (!config.reviewRepo.includes('/')) {
+    throw new Error('Invalid reviewRepo format. Expected: owner/repo')
+  }
+
+  // Save config if anything changed
+  if (configChanged) {
+    await writeConfig(config)
+    console.log(`\nConfig saved to ${CONFIG_FILE}\n`)
+  }
+
+  return config
 }
 
 export async function ensureConfigDir () {
-  try {
-    await fs.mkdir(CONFIG_DIR, { recursive: true })
-  } catch (error) {
-    // Directory might already exist, that's fine
-  }
+  await fs.mkdir(CONFIG_DIR, { recursive: true })
 }

package/lib/github.js

@@ -60,12 +60,73 @@ All comments will be collected with line numbers and context for AI consumption.
 export async function fetchReviewComments (owner, repo, prNumber, token) {
   const octokit = createOctokit(token)
 
-  // Fetch inline comments
-  const { data: comments } = await octokit.rest.pulls.listReviewComments({
-    owner,
-    repo,
-    pull_number: prNumber
-  })
+  // Use GraphQL to fetch review threads with resolution status
+  const query = `
+    query($owner: String!, $repo: String!, $prNumber: Int!, $cursor: String) {
+      repository(owner: $owner, name: $repo) {
+        pullRequest(number: $prNumber) {
+          reviewThreads(first: 100, after: $cursor) {
+            pageInfo {
+              hasNextPage
+              endCursor
+            }
+            nodes {
+              isResolved
+              isOutdated
+              path
+              line
+              startLine
+              comments(first: 100) {
+                nodes {
+                  id
+                  body
+                  path
+                  line: originalLine
+                  startLine: originalStartLine
+                  position: originalPosition
+                  user: author {
+                    login
+                  }
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  `
+
+  // Fetch all review threads with pagination
+  const allThreads = []
+  let cursor = null
+  let hasNextPage = true
+
+  while (hasNextPage) {
+    const result = await octokit.graphql(query, {
+      owner,
+      repo,
+      prNumber,
+      cursor
+    })
+
+    const threads = result.repository.pullRequest.reviewThreads
+    allThreads.push(...threads.nodes)
+    hasNextPage = threads.pageInfo.hasNextPage
+    cursor = threads.pageInfo.endCursor
+  }
+
+  // Filter to only unresolved threads and flatten comments
+  const unresolvedComments = allThreads
+    .filter(thread => !thread.isResolved)
+    .flatMap(thread => thread.comments.nodes.map(comment => ({
+      ...comment,
+      path: thread.path,
+      line: comment.line || thread.line,
+      start_line: comment.startLine || thread.startLine,
+      original_line: comment.line || thread.line,
+      original_start_line: comment.startLine || thread.startLine,
+      position: comment.position
+    })))
 
   // Fetch PR reviews (general comments)
   const { data: reviews } = await octokit.rest.pulls.listReviews({
@@ -82,7 +143,7 @@ export async function fetchReviewComments (owner, repo, prNumber, token) {
   })
 
   return {
-    inline: comments,
+    inline: unresolvedComments,
     reviews: reviews.filter(r => r.body), // Only reviews with comments
     discussion: issueComments
   }
@@ -93,10 +154,11 @@ export function formatFeedback (comments, filterBots = true) {
 
   // Filter out bot comments if requested
   const isBot = (comment) => {
+    const login = comment.user?.login || comment.author?.login
     return filterBots && (
       comment.user?.type === 'Bot' ||
-      comment.user?.login?.includes('[bot]') ||
-      comment.user?.login?.includes('-bot')
+      login?.includes('[bot]') ||
+      login?.includes('-bot')
     )
   }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ghreview",
-  "version": "1.0.1",
+  "version": "2.0.1",
   "description": "GitHub PR-based code review workflow for AI-assisted development",
   "type": "module",
   "main": "lib/index.js",
@@ -25,8 +25,9 @@
   "license": "Apache-2.0",
   "dependencies": {
     "@octokit/rest": "^22.0.0",
-    "chalk": "^5.4.1",
-    "ora": "^8.2.0",
+    "chalk": "^5.6.2",
+    "ghauth": "^7.0.0",
+    "ora": "^9.0.0",
     "simple-git": "^3.28.0",
     "yargs": "^18.0.0"
   },
@@ -34,11 +35,11 @@
     "@semantic-release/changelog": "^6.0.3",
     "@semantic-release/commit-analyzer": "^13.0.1",
     "@semantic-release/git": "^10.0.1",
-    "@semantic-release/github": "^11.0.3",
-    "@semantic-release/npm": "^12.0.2",
+    "@semantic-release/github": "^12.0.0",
+    "@semantic-release/npm": "^13.1.1",
     "@semantic-release/release-notes-generator": "^14.0.3",
     "conventional-changelog-conventionalcommits": "^9.0.0",
-    "nock": "^14.0.7",
+    "nock": "^14.0.10",
     "standard": "^17.1.2",
     "vitest": "^3.2.4"
   },