gitpadi 2.0.7 → 2.1.1

package/dist/gitlab-agents/mr-review-agent.js

@@ -0,0 +1,200 @@
+#!/usr/bin/env node
+// gitlab-agents/mr-review-agent.ts
+//
+// GitLab Duo External Agent — AI-powered Merge Request Review
+//
+// Triggered when assigned as reviewer on a GitLab MR, or when someone
+// comments "@gitpadi review" on an MR.
+//
+// Uses Claude to provide a detailed, constructive code review covering:
+//   - Code quality and maintainability
+//   - Security concerns
+//   - Test coverage
+//   - Alignment with issue description
+//   - Specific line-level suggestions
+import Anthropic from '@anthropic-ai/sdk';
+const GITLAB_TOKEN = process.env.GITLAB_TOKEN || '';
+const GITLAB_HOST = (process.env.GITLAB_HOST || 'https://gitlab.com').replace(/\/$/, '');
+const GATEWAY_TOKEN = process.env.AI_FLOW_AI_GATEWAY_TOKEN || '';
+const anthropic = GATEWAY_TOKEN
+    ? new Anthropic({ apiKey: GATEWAY_TOKEN, baseURL: `${GITLAB_HOST}/api/v4/ai/llm/v1` })
+    : new Anthropic({ apiKey: process.env.ANTHROPIC_API_KEY });
+const MR_REVIEW_MARKER = '<!-- gitpadi-mr-review -->';
+async function glFetch(method, path, body) {
+    const res = await fetch(`${GITLAB_HOST}/api/v4${path}`, {
+        method,
+        headers: { 'PRIVATE-TOKEN': GITLAB_TOKEN, 'Content-Type': 'application/json' },
+        body: body ? JSON.stringify(body) : undefined,
+    });
+    if (!res.ok) {
+        const text = await res.text();
+        throw new Error(`GitLab ${method} ${path} → ${res.status}: ${text}`);
+    }
+    return res.json();
+}
+async function postOrUpdateMRNote(projectId, mrIid, body) {
+    // Check for existing review note to update
+    const notes = await glFetch('GET', `/projects/${projectId}/merge_requests/${mrIid}/notes?per_page=100`);
+    const existing = notes.find(n => n.body?.includes(MR_REVIEW_MARKER));
+    if (existing) {
+        await glFetch('PUT', `/projects/${projectId}/merge_requests/${mrIid}/notes/${existing.id}`, { body });
+        console.log('✅ Updated existing review note');
+    }
+    else {
+        await glFetch('POST', `/projects/${projectId}/merge_requests/${mrIid}/notes`, { body });
+        console.log('✅ Posted new review note');
+    }
+}
+async function main() {
+    console.log('\n🤖 GitPadi MR Review Agent\n');
+    const contextRaw = process.env.AI_FLOW_CONTEXT || '{}';
+    let context;
+    try {
+        context = JSON.parse(contextRaw);
+    }
+    catch {
+        context = {};
+    }
+    const { project_id, project_path = '', mr_iid, title = '', description = '', source_branch = '', target_branch = 'main', author = '', changes = [], notes = [], } = context;
+    if (!mr_iid) {
+        console.log('⏭️ No MR context — skipping.');
+        return;
+    }
+    console.log(`  Project: ${project_path}`);
+    console.log(`  MR:      !${mr_iid} — ${title}`);
+    console.log(`  Author:  @${author}`);
+    console.log(`  Files:   ${changes.length} changed\n`);
+    // Build a diff summary for Claude (cap at ~4000 chars to stay within context)
+    const diffSummary = changes
+        .slice(0, 20)
+        .map((c) => {
+        const diffLines = (c.diff || '').split('\n').slice(0, 40).join('\n');
+        return `File: ${c.new_path}\n${diffLines}`;
+    })
+        .join('\n\n---\n\n')
+        .substring(0, 4000);
+    const sensitivePatterns = ['.env', 'secret', 'password', 'credential', '.key', '.pem'];
+    const sensitiveFiles = changes
+        .filter((c) => sensitivePatterns.some(p => c.new_path?.toLowerCase().includes(p)))
+        .map((c) => c.new_path);
+    const testFiles = changes.filter((c) => c.new_path?.includes('test') || c.new_path?.includes('spec'));
+    const srcFiles = changes.filter((c) => !c.new_path?.includes('test') && !c.new_path?.includes('spec') &&
+        /\.(ts|js|py|rs|go|java|rb|php)$/.test(c.new_path || ''));
+    const linkedIssues = description?.match(/(fix(es|ed)?|clos(e[sd]?)|resolv(e[sd]?))\s+#\d+/gi) || [];
+    const totalLines = changes.reduce((sum, c) => {
+        const adds = (c.diff?.match(/^\+/gm) || []).length;
+        const dels = (c.diff?.match(/^-/gm) || []).length;
+        return sum + adds + dels;
+    }, 0);
+    // Get Claude's analysis
+    const prompt = `You are GitPadi, an expert AI code reviewer integrated with GitLab.
+
+Review this Merge Request:
+- Title: "${title}"
+- Author: @${author}
+- Branch: ${source_branch} → ${target_branch}
+- Description: ${description?.substring(0, 500) || 'None provided'}
+- Files changed: ${changes.length} (${totalLines} lines)
+- Test files: ${testFiles.length}
+- Source files: ${srcFiles.length}
+- Linked issues: ${linkedIssues.join(', ') || 'None'}
+${sensitiveFiles.length ? `- ⚠️ SENSITIVE FILES DETECTED: ${sensitiveFiles.join(', ')}` : ''}
+
+Code changes (truncated):
+\`\`\`diff
+${diffSummary || 'No diff available'}
+\`\`\`
+
+Provide a thorough, constructive code review. Be specific, actionable, and encouraging.
+Format your response as JSON:
+{
+  "verdict": "APPROVE|REQUEST_CHANGES|COMMENT",
+  "summary": "2-3 sentence overall assessment",
+  "strengths": ["specific strength 1", "specific strength 2"],
+  "concerns": [
+    { "severity": "critical|warning|suggestion", "file": "filename or null", "issue": "description", "suggestion": "how to fix" }
+  ],
+  "security": { "clean": true/false, "issues": ["issue1"] },
+  "testCoverage": { "adequate": true/false, "comment": "observation" },
+  "overallScore": 0-100
+}`;
+    let review;
+    try {
+        const response = await anthropic.messages.create({
+            model: 'claude-sonnet-4-20250514',
+            max_tokens: 2048,
+            messages: [{ role: 'user', content: prompt }],
+        });
+        const text = response.content[0].type === 'text' ? response.content[0].text : '';
+        const jsonMatch = text.match(/\{[\s\S]*\}/);
+        if (!jsonMatch)
+            throw new Error('No JSON in Claude response');
+        review = JSON.parse(jsonMatch[0]);
+    }
+    catch (e) {
+        console.error(`❌ Claude review failed: ${e.message}`);
+        process.exit(1);
+    }
+    // Build the GitLab comment
+    const verdictIcon = review.verdict === 'APPROVE' ? '✅' : review.verdict === 'REQUEST_CHANGES' ? '❌' : '💬';
+    const scoreEmoji = review.overallScore >= 80 ? '🟢' : review.overallScore >= 60 ? '🟡' : '🔴';
+    let comment = `## 🤖 GitPadi AI Code Review\n\n`;
+    comment += `**MR:** !${mr_iid} — ${title}\n`;
+    comment += `**Verdict:** ${verdictIcon} ${review.verdict?.replace('_', ' ')} | **Score:** ${scoreEmoji} ${review.overallScore}/100\n\n`;
+    comment += `### Summary\n\n${review.summary}\n\n`;
+    if (review.strengths?.length) {
+        comment += `### Strengths\n\n`;
+        review.strengths.forEach((s) => { comment += `- ✅ ${s}\n`; });
+        comment += '\n';
+    }
+    if (review.concerns?.length) {
+        comment += `### Concerns\n\n`;
+        const critical = review.concerns.filter((c) => c.severity === 'critical');
+        const warnings = review.concerns.filter((c) => c.severity === 'warning');
+        const suggestions = review.concerns.filter((c) => c.severity === 'suggestion');
+        const renderConcerns = (items, icon) => items.forEach((c) => {
+            comment += `${icon} **${c.file ? `\`${c.file}\`` : 'General'}:** ${c.issue}\n`;
+            if (c.suggestion)
+                comment += `   > 💡 ${c.suggestion}\n`;
+            comment += '\n';
+        });
+        if (critical.length) {
+            comment += `**Critical:**\n`;
+            renderConcerns(critical, '🔴');
+        }
+        if (warnings.length) {
+            comment += `**Warnings:**\n`;
+            renderConcerns(warnings, '⚠️');
+        }
+        if (suggestions.length) {
+            comment += `**Suggestions:**\n`;
+            renderConcerns(suggestions, '💡');
+        }
+    }
+    if (sensitiveFiles.length) {
+        comment += `### ⚠️ Security Alert\n\n`;
+        comment += `The following files may contain sensitive data:\n`;
+        sensitiveFiles.forEach((f) => { comment += `- \`${f}\`\n`; });
+        comment += `\nPlease ensure no secrets are committed.\n\n`;
+    }
+    if (review.testCoverage) {
+        comment += `### Test Coverage\n\n`;
+        comment += `${review.testCoverage.adequate ? '✅' : '⚠️'} ${review.testCoverage.comment}\n\n`;
+    }
+    comment += `### Quick Stats\n\n`;
+    comment += `| Metric | Value |\n|--------|-------|\n`;
+    comment += `| Files changed | ${changes.length} |\n`;
+    comment += `| Lines changed | ~${totalLines} |\n`;
+    comment += `| Test files | ${testFiles.length} |\n`;
+    comment += `| Linked issues | ${linkedIssues.length} |\n`;
+    comment += `\n---\n_🤖 Reviewed by [GitPadi](https://github.com/Netwalls/contributor-agent) using Claude ${review.verdict === 'APPROVE' ? '✅' : ''}_\n\n${MR_REVIEW_MARKER}`;
+    await postOrUpdateMRNote(project_id, mr_iid, comment);
+    // Exit with error code if CI-blocking issues found
+    if (review.verdict === 'REQUEST_CHANGES' && review.concerns?.some((c) => c.severity === 'critical')) {
+        console.log('❌ Critical issues found — blocking merge.');
+        process.exit(1);
+    }
+    console.log(`\n  Verdict: ${review.verdict}`);
+    console.log(`  Score:   ${review.overallScore}/100\n`);
+}
+main().catch(e => { console.error('Fatal:', e.message); process.exit(1); });

package/dist/gitlab-agents/reminder-agent.js

@@ -0,0 +1,164 @@
+#!/usr/bin/env node
+// gitlab-agents/reminder-agent.ts
+//
+// GitLab Duo External Agent — Escalating Contributor Reminders
+//
+// Runs on a schedule (e.g. daily cron). Finds stale open MRs, determines
+// escalation tier, and posts a progressively urgent reminder. Auto-unassigns
+// at 72h if no activity.
+//
+// Escalation:
+//   24h — gentle reminder
+//   48h — warning with context
+//   72h — final notice + auto-unassigns from issue
+import Anthropic from '@anthropic-ai/sdk';
+const GITLAB_TOKEN = process.env.GITLAB_TOKEN || '';
+const GITLAB_HOST = (process.env.GITLAB_HOST || 'https://gitlab.com').replace(/\/$/, '');
+const GATEWAY_TOKEN = process.env.AI_FLOW_AI_GATEWAY_TOKEN || '';
+const PROJECT_PATH = process.env.GITLAB_PROJECT_PATH || '';
+const anthropic = GATEWAY_TOKEN
+    ? new Anthropic({ apiKey: GATEWAY_TOKEN, baseURL: `${GITLAB_HOST}/api/v4/ai/llm/v1` })
+    : new Anthropic({ apiKey: process.env.ANTHROPIC_API_KEY });
+const REMINDER_MARKERS = {
+    h24: '<!-- gitpadi-reminder-24h -->',
+    h48: '<!-- gitpadi-reminder-48h -->',
+    h72: '<!-- gitpadi-reminder-72h -->',
+};
+async function glFetch(method, path, body) {
+    const res = await fetch(`${GITLAB_HOST}/api/v4${path}`, {
+        method,
+        headers: { 'PRIVATE-TOKEN': GITLAB_TOKEN, 'Content-Type': 'application/json' },
+        body: body ? JSON.stringify(body) : undefined,
+    });
+    if (!res.ok)
+        throw new Error(`GitLab ${method} ${path} → ${res.status}`);
+    return res.json();
+}
+function hoursAgo(dateStr) {
+    return (Date.now() - new Date(dateStr).getTime()) / (1000 * 60 * 60);
+}
+async function generateReminderMessage(tier, context) {
+    const tierDescriptions = {
+        '24h': 'gentle first reminder — friendly and encouraging',
+        '48h': 'second reminder — more urgent but still supportive, mention help is available',
+        '72h': 'final notice — professional but firm, this will be unassigned',
+    };
+    const prompt = `You are GitPadi, a friendly contributor management bot on GitLab.
+
+Write a ${tierDescriptions[tier]} for a stale Merge Request:
+- MR Title: "${context.mrTitle}"
+- Author: @${context.author}
+- Hours since last activity: ${Math.round(context.hoursStale)}
+- Branch: ${context.branchName}
+${context.linkedIssue ? `- Linked issue: ${context.linkedIssue}` : ''}
+
+Requirements:
+- Keep it under 100 words
+- Be human, warm, and specific to the situation
+- ${tier === '72h' ? 'Mention this is the final notice and the issue will be unassigned' : 'Do NOT mention unassignment'}
+- Start with a relevant emoji
+- Do NOT use generic corporate language
+
+Return just the message text, no JSON, no explanation.`;
+    try {
+        const response = await anthropic.messages.create({
+            model: 'claude-haiku-4-5-20251001',
+            max_tokens: 256,
+            messages: [{ role: 'user', content: prompt }],
+        });
+        return response.content[0].type === 'text' ? response.content[0].text.trim() : getFallbackMessage(tier, context.author);
+    }
+    catch {
+        return getFallbackMessage(tier, context.author);
+    }
+}
+function getFallbackMessage(tier, author) {
+    const messages = {
+        '24h': `👋 @${author} — just a friendly nudge! Your MR has been open for about 24 hours. Any updates or blockers we can help with?`,
+        '48h': `⚠️ @${author} — your MR has been idle for 48 hours. If you're blocked or need help, please comment so the team can assist. Otherwise, please push an update!`,
+        '72h': `🚨 @${author} — final notice. This MR has been inactive for 72 hours. We'll need to unassign the linked issue to allow other contributors to pick it up. Please comment if you're still working on this.`,
+    };
+    return messages[tier];
+}
+async function processMR(mr, projectId) {
+    const hoursStale = hoursAgo(mr.updated_at);
+    // Skip drafts — they're not ready
+    if (mr.draft) {
+        console.log(`  ⏭️ !${mr.iid} — Draft, skipping`);
+        return;
+    }
+    // Determine escalation tier
+    let tier = null;
+    if (hoursStale >= 72)
+        tier = '72h';
+    else if (hoursStale >= 48)
+        tier = '48h';
+    else if (hoursStale >= 24)
+        tier = '24h';
+    else
+        return; // Not stale enough
+    // Check for existing reminders
+    const notes = await glFetch('GET', `/projects/${projectId}/merge_requests/${mr.iid}/notes?per_page=100`);
+    const hasMarker = (marker) => notes.some(n => n.body?.includes(marker));
+    // Don't double-post the same tier
+    if (tier === '24h' && hasMarker(REMINDER_MARKERS.h24))
+        return;
+    if (tier === '48h' && hasMarker(REMINDER_MARKERS.h48))
+        return;
+    if (tier === '72h' && hasMarker(REMINDER_MARKERS.h72))
+        return;
+    // Detect linked issue from description
+    const issueMatch = mr.description?.match(/(?:fixes|closes|resolves)\s+#(\d+)/i);
+    const linkedIssue = issueMatch ? `#${issueMatch[1]}` : undefined;
+    console.log(`  📬 MR !${mr.iid} — Tier ${tier} (${Math.round(hoursStale)}h stale)`);
+    const message = await generateReminderMessage(tier, {
+        mrTitle: mr.title,
+        author: mr.author.username,
+        hoursStale,
+        branchName: mr.source_branch,
+        linkedIssue,
+    });
+    // Post reminder
+    const body = `${message}\n\n---\n_⏰ GitPadi Reminder — ${tier} | [Dismiss by pushing a commit](https://github.com/Netwalls/contributor-agent)_\n\n${REMINDER_MARKERS[`h${tier.replace('h', '')}`]}`;
+    await glFetch('POST', `/projects/${projectId}/merge_requests/${mr.iid}/notes`, { body });
+    // Auto-unassign at 72h
+    if (tier === '72h' && linkedIssue) {
+        const issueNum = parseInt(issueMatch[1]);
+        try {
+            await glFetch('PUT', `/projects/${projectId}/issues/${issueNum}`, { assignee_ids: [] });
+            console.log(`    ✓ Unassigned issue ${linkedIssue}`);
+            // Also post on the issue
+            await glFetch('POST', `/projects/${projectId}/issues/${issueNum}/notes`, {
+                body: `⏰ **GitPadi:** @${mr.author.username}'s MR !${mr.iid} has been inactive for 72 hours. The issue has been unassigned and is now open for other contributors.\n\n<!-- gitpadi-unassign -->`,
+            });
+        }
+        catch (e) {
+            console.log(`    ⚠️ Could not unassign issue: ${e.message}`);
+        }
+    }
+}
+async function main() {
+    console.log('\n🤖 GitPadi Reminder Agent\n');
+    if (!PROJECT_PATH) {
+        console.error('❌ GITLAB_PROJECT_PATH required (e.g. "mygroup/myproject")');
+        process.exit(1);
+    }
+    const encodedPath = encodeURIComponent(PROJECT_PATH);
+    const project = await glFetch(`GET`, `/projects/${encodedPath}`);
+    console.log(`  Project: ${project.path_with_namespace}\n`);
+    // Get all open MRs
+    const mrs = await glFetch('GET', `/projects/${project.id}/merge_requests?state=opened&per_page=100`);
+    console.log(`  Found ${mrs.length} open MR(s)\n`);
+    let reminded = 0;
+    for (const mr of mrs) {
+        try {
+            await processMR(mr, project.id);
+            reminded++;
+        }
+        catch (e) {
+            console.log(`  ⚠️ Error processing MR !${mr.iid}: ${e.message}`);
+        }
+    }
+    console.log(`\n✅ Reminder cycle complete — ${reminded} MR(s) processed`);
+}
+main().catch(e => { console.error('Fatal:', e.message); process.exit(1); });

package/dist/grade-assignment.js

@@ -0,0 +1,262 @@
+#!/usr/bin/env node
+// grade-assignment.ts — Automated assignment grading for GitPadi
+//
+// Triggered on pull_request events. Grades student submissions against
+// linked assignment issues, posts a grade card, and auto-merges passing work.
+//
+// Usage via Action:  action: grade-assignment
+import { Octokit } from '@octokit/rest';
+import chalk from 'chalk';
+const TOKEN = process.env.GITHUB_TOKEN || '';
+const OWNER = process.env.GITHUB_OWNER || '';
+const REPO = process.env.GITHUB_REPO || '';
+const PR_NUMBER = parseInt(process.env.PR_NUMBER || '0');
+const PASS_THRESHOLD = parseInt(process.env.PASS_THRESHOLD || '40');
+const octokit = new Octokit({ auth: TOKEN });
+const GRADE_SIGNATURE = '<!-- gitpadi-grade -->';
+function getLetterGrade(score) {
+    if (score >= 80)
+        return { letter: 'A', emoji: '🟢' };
+    if (score >= 60)
+        return { letter: 'B', emoji: '🔵' };
+    if (score >= 40)
+        return { letter: 'C', emoji: '🟡' };
+    if (score >= 20)
+        return { letter: 'D', emoji: '🟠' };
+    return { letter: 'F', emoji: '🔴' };
+}
+// Extract assignment issue number from PR body or branch name
+function detectAssignment(prBody, branchName) {
+    // Check PR body: "Fixes #N", "Closes #N", "Assignment #N"
+    const bodyMatch = prBody.match(/(?:fixes|closes|resolves|assignment)\s*#(\d+)/i);
+    if (bodyMatch)
+        return parseInt(bodyMatch[1]);
+    // Check branch: "assignment-3", "hw-3", "task-3"
+    const branchMatch = branchName.match(/(?:assignment|hw|task|fix\/issue)-(\d+)/i);
+    if (branchMatch)
+        return parseInt(branchMatch[1]);
+    return null;
+}
+// Extract keywords from assignment issue body for relevance matching
+function extractKeywords(issueBody) {
+    const words = issueBody.toLowerCase()
+        .replace(/[#*`\[\]()]/g, ' ')
+        .split(/\s+/)
+        .filter(w => w.length > 3);
+    // Remove common stop words
+    const stopWords = new Set(['this', 'that', 'with', 'from', 'have', 'will', 'should', 'your', 'must',
+        'need', 'make', 'using', 'create', 'please', 'assignment', 'task', 'following', 'requirements']);
+    return [...new Set(words.filter(w => !stopWords.has(w)))];
+}
+async function main() {
+    if (!PR_NUMBER) {
+        console.error('❌ PR_NUMBER is required');
+        process.exit(1);
+    }
+    console.log(`\n📝 GitPadi Assignment Grader — ${OWNER}/${REPO} #${PR_NUMBER}\n`);
+    // Get PR details
+    const { data: pr } = await octokit.pulls.get({ owner: OWNER, repo: REPO, pull_number: PR_NUMBER });
+    const student = pr.user?.login || 'unknown';
+    const branchName = pr.head.ref;
+    const prBody = pr.body || '';
+    console.log(`  Student: @${student}`);
+    console.log(`  Branch:  ${branchName}`);
+    // Detect linked assignment
+    const assignmentNumber = detectAssignment(prBody, branchName);
+    if (!assignmentNumber) {
+        console.log(chalk.yellow('⚠️ No assignment issue detected. Skipping grading.'));
+        await octokit.issues.createComment({
+            owner: OWNER, repo: REPO, issue_number: PR_NUMBER,
+            body: `⚠️ **GitPadi Grader:** Could not detect which assignment this PR is for.\n\nPlease include \`Fixes #N\` in your PR description or name your branch \`assignment-N\`.\n\n${GRADE_SIGNATURE}`
+        });
+        return;
+    }
+    console.log(`  Assignment: #${assignmentNumber}\n`);
+    // Fetch assignment issue
+    let issueTitle = '';
+    let issueBody = '';
+    let issueLabels = [];
+    try {
+        const { data: issue } = await octokit.issues.get({ owner: OWNER, repo: REPO, issue_number: assignmentNumber });
+        issueTitle = issue.title;
+        issueBody = issue.body || '';
+        issueLabels = issue.labels.map((l) => typeof l === 'string' ? l : l.name || '');
+    }
+    catch {
+        console.log(chalk.red(`❌ Assignment issue #${assignmentNumber} not found.`));
+        return;
+    }
+    // Fetch PR files
+    const { data: files } = await octokit.pulls.listFiles({ owner: OWNER, repo: REPO, pull_number: PR_NUMBER });
+    const totalChanges = files.reduce((sum, f) => sum + f.additions + f.deletions, 0);
+    const filenames = files.map(f => f.filename.toLowerCase());
+    // Fetch commits
+    const { data: commits } = await octokit.pulls.listCommits({ owner: OWNER, repo: REPO, pull_number: PR_NUMBER });
+    const checks = [];
+    // ── 1. CI Passing (25 points) ──────────────────────────────────────
+    const sha = pr.head.sha;
+    const { data: ciChecks } = await octokit.checks.listForRef({ owner: OWNER, repo: REPO, ref: sha });
+    const { data: statuses } = await octokit.repos.getCombinedStatusForRef({ owner: OWNER, repo: REPO, ref: sha });
+    const ciPassed = statuses.state === 'success' || (ciChecks.total_count > 0 && ciChecks.check_runs.every(c => c.conclusion === 'success'));
+    const ciPending = statuses.state === 'pending' || ciChecks.check_runs.some(c => c.status !== 'completed');
+    const ciFailed = statuses.state === 'failure' || ciChecks.check_runs.some(c => c.conclusion === 'failure');
+    if (ciPassed) {
+        checks.push({ criteria: 'CI Passing', score: 25, max: 25, detail: 'All checks green' });
+    }
+    else if (ciPending) {
+        checks.push({ criteria: 'CI Passing', score: 10, max: 25, detail: 'Still running — will re-grade when complete' });
+    }
+    else {
+        const failedNames = ciChecks.check_runs.filter(c => c.conclusion === 'failure').map(c => c.name).join(', ');
+        checks.push({ criteria: 'CI Passing', score: 0, max: 25, detail: `Failed: ${failedNames || 'status checks'}` });
+    }
+    // ── 2. Assignment Relevance (25 points) ────────────────────────────
+    const keywords = extractKeywords(issueBody);
+    const allFileContent = filenames.join(' ');
+    const keywordHits = keywords.filter(kw => allFileContent.includes(kw) || prBody.toLowerCase().includes(kw));
+    const relevanceRatio = keywords.length > 0 ? keywordHits.length / Math.min(keywords.length, 15) : 0;
+    const relevanceScore = Math.min(25, Math.round(relevanceRatio * 25));
+    checks.push({
+        criteria: 'Assignment Relevance',
+        score: relevanceScore,
+        max: 25,
+        detail: relevanceScore >= 20 ? 'Matches assignment scope' : relevanceScore >= 10 ? 'Partial match — some expected files/topics missing' : 'Low relevance to assignment requirements'
+    });
+    // ── 3. Test Coverage (20 points) ───────────────────────────────────
+    const srcFiles = files.filter(f => !f.filename.includes('test') && !f.filename.includes('spec') && (f.filename.endsWith('.ts') || f.filename.endsWith('.js') || f.filename.endsWith('.rs') || f.filename.endsWith('.py') || f.filename.endsWith('.jsx') || f.filename.endsWith('.tsx')));
+    const testFiles = files.filter(f => f.filename.includes('test') || f.filename.includes('spec'));
+    let testScore = 0;
+    if (testFiles.length > 0 && srcFiles.length > 0) {
+        const testRatio = testFiles.length / srcFiles.length;
+        testScore = testRatio >= 0.5 ? 20 : testRatio >= 0.25 ? 15 : 10;
+    }
+    else if (testFiles.length > 0) {
+        testScore = 15;
+    }
+    else if (srcFiles.length === 0) {
+        testScore = 10; // No source files changed, might be docs-only
+    }
+    checks.push({
+        criteria: 'Test Coverage',
+        score: testScore,
+        max: 20,
+        detail: testFiles.length > 0 ? `${testFiles.length} test file(s) included` : 'No test files in submission'
+    });
+    // ── 4. Code Quality (15 points) ────────────────────────────────────
+    let qualityScore = 15;
+    const qualityNotes = [];
+    // PR size
+    if (totalChanges > 1000) {
+        qualityScore -= 5;
+        qualityNotes.push('Very large PR');
+    }
+    else if (totalChanges > 500) {
+        qualityScore -= 2;
+        qualityNotes.push('Large PR');
+    }
+    // Commit messages — check for conventional format
+    const badCommits = commits.filter(c => {
+        const msg = c.commit.message.toLowerCase();
+        return msg.startsWith('update') || (msg.startsWith('fix') && msg.length < 10) || msg === 'wip';
+    });
+    if (badCommits.length > commits.length / 2) {
+        qualityScore -= 3;
+        qualityNotes.push('Vague commit messages');
+    }
+    // Sensitive files
+    const sensitivePatterns = ['.env', 'secret', 'password', 'key', 'credential'];
+    const hasSensitive = filenames.some(f => sensitivePatterns.some(p => f.includes(p)));
+    if (hasSensitive) {
+        qualityScore -= 5;
+        qualityNotes.push('Sensitive files detected');
+    }
+    qualityScore = Math.max(0, qualityScore);
+    checks.push({
+        criteria: 'Code Quality',
+        score: qualityScore,
+        max: 15,
+        detail: qualityNotes.length > 0 ? qualityNotes.join(', ') : 'Clean submission'
+    });
+    // ── 5. Submission Format (15 points) ────────────────────────────────
+    let formatScore = 0;
+    // Branch naming
+    const goodBranch = /^(assignment|hw|task|fix\/issue)-\d+/i.test(branchName);
+    if (goodBranch) {
+        formatScore += 5;
+    }
+    else if (branchName !== 'main' && branchName !== 'master') {
+        formatScore += 2;
+    }
+    // Issue linked
+    const hasIssueRef = /(?:fixes|closes|resolves)\s+#\d+/i.test(prBody);
+    if (hasIssueRef)
+        formatScore += 5;
+    // PR body not empty
+    if (prBody.trim().length > 20)
+        formatScore += 5;
+    else if (prBody.trim().length > 0)
+        formatScore += 2;
+    checks.push({
+        criteria: 'Submission Format',
+        score: formatScore,
+        max: 15,
+        detail: formatScore >= 12 ? 'Well-formatted submission' : formatScore >= 7 ? 'Acceptable format' : 'Missing branch naming, issue reference, or PR description'
+    });
+    // ── Calculate Final Grade ──────────────────────────────────────────
+    const totalScore = checks.reduce((sum, c) => sum + c.score, 0);
+    const { letter, emoji } = getLetterGrade(totalScore);
+    const passed = totalScore >= PASS_THRESHOLD;
+    console.log(`\n  Total: ${totalScore}/100 — Grade ${letter} ${emoji}\n`);
+    checks.forEach(c => console.log(`  ${c.score >= c.max * 0.7 ? '✅' : c.score >= c.max * 0.4 ? '⚠️' : '❌'} ${c.criteria}: ${c.score}/${c.max}`));
+    // ── Build Grade Card ───────────────────────────────────────────────
+    let body = `## ${emoji} GitPadi Assignment Grade — PR #${PR_NUMBER}\n\n`;
+    body += `**Student:** @${student}\n`;
+    body += `**Assignment:** ${issueTitle} (#${assignmentNumber})\n\n`;
+    body += `| Criteria | Score | Max |\n|----------|-------|-----|\n`;
+    checks.forEach(c => { body += `| ${c.criteria} | ${c.score} | ${c.max} |\n`; });
+    body += `| **Total** | **${totalScore}** | **100** |\n\n`;
+    body += `**Grade: ${letter}** ${emoji}\n\n`;
+    if (passed) {
+        body += `> ✅ **Passed** (threshold: ${PASS_THRESHOLD}/100). Auto-merging.\n`;
+    }
+    else {
+        body += `> ❌ **Did not pass** (need ${PASS_THRESHOLD}/100). Please review the feedback above and re-submit.\n`;
+    }
+    // Feedback per check
+    body += `\n### Feedback\n\n`;
+    checks.forEach(c => {
+        const icon = c.score >= c.max * 0.7 ? '✅' : c.score >= c.max * 0.4 ? '⚠️' : '❌';
+        body += `- ${icon} **${c.criteria}** (${c.score}/${c.max}): ${c.detail}\n`;
+    });
+    body += `\n---\n_Graded by [GitPadi](https://github.com/Netwalls/contributor-agent) 📝_\n\n${GRADE_SIGNATURE}`;
+    // ── Post or Update Grade Card ──────────────────────────────────────
+    const { data: existingComments } = await octokit.issues.listComments({ owner: OWNER, repo: REPO, issue_number: PR_NUMBER });
+    const existingGrade = existingComments.find(c => c.body?.includes(GRADE_SIGNATURE));
+    if (existingGrade) {
+        await octokit.issues.updateComment({ owner: OWNER, repo: REPO, comment_id: existingGrade.id, body });
+        console.log('✅ Updated existing grade card');
+    }
+    else {
+        await octokit.issues.createComment({ owner: OWNER, repo: REPO, issue_number: PR_NUMBER, body });
+        console.log('✅ Posted grade card');
+    }
+    // ── Auto-merge if passed ───────────────────────────────────────────
+    if (passed && ciPassed) {
+        try {
+            await octokit.pulls.merge({
+                owner: OWNER, repo: REPO, pull_number: PR_NUMBER,
+                merge_method: 'squash',
+                commit_title: `[Grade ${letter}] ${pr.title} (#${PR_NUMBER})`,
+            });
+            console.log(chalk.green(`✅ PR #${PR_NUMBER} merged (Grade ${letter}).`));
+        }
+        catch (e) {
+            console.log(chalk.yellow(`⚠️ Auto-merge failed: ${e.message}`));
+        }
+    }
+    else if (!passed) {
+        console.log(chalk.red(`❌ Grade ${letter} — below threshold. Not merging.`));
+        process.exit(1);
+    }
+}
+main().catch((e) => { console.error('Fatal:', e); process.exit(1); });