plugin-git-manager 1.0.10 → 1.0.12

package/src/server/actions/review.ts

@@ -1,6 +1,7 @@
 import { Context } from '@nocobase/actions';
 import type { Application } from '@nocobase/server';
 import { parseGitLabProject } from '../utils/gitlab-url';
+import { redactPat } from '../utils/redact';
 
 interface TriggerArgs {
   flowId?: number | null;
@@ -15,6 +16,31 @@ interface TriggerArgs {
   userId?: number | string | null;
 }
 
+/**
+ * Per-target mutex to prevent two concurrent calls to
+ * `triggerReviewInternal` for the same MR / commit / branch from racing
+ * `findOne` → `create` and producing two duplicate review rows or
+ * scheduling two `runReview`s.
+ *
+ * Uses `app.lockManager` so the same code path covers both single-node
+ * (in-memory `async-mutex`) and HA cluster (Redis-backed Redlock when
+ * `plugin-cluster-manager` is active and `LOCK_ADAPTER_DEFAULT=redis`).
+ * The locked region only does an upsert + setImmediate (a few ms), so a
+ * 30s TTL is generous and auto-releases if the process crashes.
+ */
+function targetKey(args: TriggerArgs): string {
+  if (args.targetType === 'mr') return `${args.repositoryId}:mr:${args.mrIid}`;
+  if (args.targetType === 'commit') return `${args.repositoryId}:commit:${args.commitSha}`;
+  return `${args.repositoryId}:branch:${args.branch}`;
+}
+
+const TRIGGER_LOCK_TTL_MS = 30_000;
+
+async function withTriggerLock<T>(app: Application, key: string, fn: () => Promise<T>): Promise<T> {
+  const lockKey = `git-review:trigger:${key}`;
+  return app.lockManager.runExclusive(lockKey, fn, TRIGGER_LOCK_TTL_MS);
+}
+
 /**
  * Trigger an AI-driven code review for an MR / commit / branch.
  * The review record is upserted synchronously, then AIEmployee.invoke runs in
@@ -64,6 +90,10 @@ export async function triggerReview(ctx: Context, next: () => Promise<void>) {
  * Returns the reviewId of the upserted record.
  */
 export async function triggerReviewInternal(app: Application, args: TriggerArgs): Promise<number> {
+  return withTriggerLock(app, targetKey(args), () => triggerReviewInternalLocked(app, args));
+}
+
+async function triggerReviewInternalLocked(app: Application, args: TriggerArgs): Promise<number> {
   const db = app.db;
   const flowsRepo = db.getRepository('gitReviewFlows');
 
@@ -128,14 +158,25 @@ export async function triggerReviewInternal(app: Application, args: TriggerArgs)
     latestSha: headSha || existingLatestSha || null,
     triggeredBy: args.triggeredBy || 'manual',
     status: 'pending',
+    // Stamp startedAt synchronously so `recoverStuckReviews` can sweep rows
+    // that get stuck in `pending` (process died before runReview ran).
+    // runReview's own update will refresh this on actual start.
+    startedAt: new Date(),
+    finishedAt: null,
+    durationMs: null,
     postStatus: flow.get('postMode') === 'disabled' ? 'skipped' : 'pending_approval',
     error: null,
   };
 
   let reviewId: number;
   if (existing) {
-    if (existing.get('status') === 'running') {
-      // Already in flight — return existing id, do not start another
+    const st = existing.get('status');
+    // Treat `pending` the same as `running`: between this fn returning and
+    // the scheduled `runReview` flipping the row to `running`, a second
+    // caller would otherwise slip past and schedule a duplicate runReview.
+    // Stuck `pending` rows (process died before runReview ran) are swept
+    // by `recoverStuckReviews` on next startup.
+    if (st === 'running' || st === 'pending') {
       return existing.get('id') as number;
     }
     await reviewsRepo.update({
@@ -300,6 +341,7 @@ async function runReview(app: Application, args: RunReviewArgs) {
       db,
       state: { currentUser: args.userId ? { id: args.userId } : null },
       req: { headers: { 'x-timezone': 'UTC', 'x-locale': 'en-US' } },
+      log: app.logger || console,
       get(name: string) {
         return this.req.headers[String(name).toLowerCase()];
       },
@@ -417,11 +459,14 @@ async function runReview(app: Application, args: RunReviewArgs) {
     }
   } catch (err: any) {
     const finishedAt = new Date();
+    // Redact PAT before persisting the error — simple-git / fetch errors
+    // can echo back the authenticated remote URL in their messages.
+    const safeMessage = redactPat(err?.message || String(err));
     await reviewsRepo.update({
       filterByTk: args.reviewId,
       values: {
         status: 'failed',
-        error: err?.message || String(err),
+        error: safeMessage,
         finishedAt,
         durationMs: finishedAt.getTime() - startedAt.getTime(),
       },
@@ -477,18 +522,52 @@ function buildReviewPrompt(args: RunReviewArgs): string {
   return lines.join('\n');
 }
 
+/**
+ * Pick the AI's final reply out of a LangChain-style message list.
+ *
+ * The previous implementation relied solely on `constructor.name`, which is
+ * unsafe under bundling/minification (class names can be mangled to single
+ * letters) and after JSON serialisation (instances become plain objects).
+ * The new logic checks several signals in order: LangChain's `_getType()`,
+ * an explicit `role` field, then the constructor name as a last resort.
+ */
 function extractLastAiMessageContent(result: any): string {
-  if (!result?.messages || !Array.isArray(result.messages)) return '';
-  for (let i = result.messages.length - 1; i >= 0; i--) {
-    const msg = result.messages[i];
-    if (!msg) continue;
-    const className = msg?.constructor?.name;
-    if (className === 'HumanMessage' || className === 'ToolMessage') continue;
+  const messages = result?.messages;
+  if (!Array.isArray(messages)) return '';
+
+  const isAiMessage = (msg: any): boolean => {
+    if (!msg) return false;
+    if (typeof msg._getType === 'function') {
+      try {
+        return msg._getType() === 'ai';
+      } catch {
+        // fall through to other signals
+      }
+    }
+    if (typeof msg.role === 'string') {
+      const r = msg.role.toLowerCase();
+      return r === 'assistant' || r === 'ai';
+    }
+    if (typeof msg.type === 'string' && msg.type.toLowerCase() === 'ai') return true;
+    const name = msg?.constructor?.name;
+    if (name === 'AIMessage' || name === 'AIMessageChunk') return true;
+    return false;
+  };
+
+  const getContent = (msg: any): string => {
     if (typeof msg.content === 'string') return msg.content;
     if (Array.isArray(msg.content)) {
-      const textBlock = msg.content.find((c: any) => c.type === 'text');
-      if (textBlock?.text) return textBlock.text;
+      const textBlock = msg.content.find((c: any) => c?.type === 'text');
+      if (typeof textBlock?.text === 'string') return textBlock.text;
     }
+    return '';
+  };
+
+  for (let i = messages.length - 1; i >= 0; i--) {
+    const msg = messages[i];
+    if (!isAiMessage(msg)) continue;
+    const content = getContent(msg);
+    if (content) return content;
   }
   return '';
 }
@@ -574,18 +653,37 @@ async function postNoteToGitLab(repo: any, mrIid: number, body: string): Promise
 
 /**
  * H-1 fix: guard against ReDoS by limiting regex length and wrapping
- * execution in a try-catch. Overly long patterns are rejected.
+ * execution in a try-catch.
+ *
+ * Fail-closed: an invalid or oversized pattern means "no branch matches".
+ * Reviewing all branches when a user explicitly configured a filter is more
+ * dangerous (auto-posts to GitLab, consumes LLM credits) than skipping a
+ * malformed flow. The poller logs once per process so misconfiguration is
+ * still observable.
  */
 const MAX_BRANCH_FILTER_LENGTH = 200;
+const loggedBadFilters = new Set<string>();
+
+function warnInvalidBranchFilter(filter: string, reason: string) {
+  if (loggedBadFilters.has(filter)) return;
+  loggedBadFilters.add(filter);
+  console.warn(
+    `[plugin-git-manager] branchFilter rejected (${reason}): ${JSON.stringify(filter)}. Flow will not match any branch.`,
+  );
+}
 
 export function branchMatches(flow: any, branch: string): boolean {
   const filter = flow.get('branchFilter') as string | null;
   if (!filter) return true;
-  if (filter.length > MAX_BRANCH_FILTER_LENGTH) return true; // reject overly complex patterns
+  if (filter.length > MAX_BRANCH_FILTER_LENGTH) {
+    warnInvalidBranchFilter(filter, `too long (>${MAX_BRANCH_FILTER_LENGTH} chars)`);
+    return false;
+  }
   try {
     return new RegExp(filter).test(branch);
-  } catch {
-    return true; // invalid regex → don't block
+  } catch (err: any) {
+    warnInvalidBranchFilter(filter, `invalid regex: ${err?.message || err}`);
+    return false;
   }
 }
 
@@ -603,3 +701,52 @@ function throwHttp(status: number, message: string): never {
   err.status = status;
   throw err;
 }
+
+/**
+ * Reviews are launched via `setImmediate` and tracked entirely in process
+ * memory. When the app restarts mid-run, the in-memory promise dies but the
+ * DB record stays in `status='running'` indefinitely. On startup we sweep
+ * any `running` review whose `startedAt` is older than the in-process
+ * timeout (5 min) plus a safety margin and mark it as failed.
+ *
+ * The cutoff is intentionally larger than the runtime timeout so concurrent
+ * reviews running on a *different* node in an HA cluster aren't clobbered.
+ */
+const STUCK_REVIEW_CUTOFF_MS = 10 * 60 * 1000; // 10 minutes
+
+export async function recoverStuckReviews(app: Application): Promise<number> {
+  try {
+    const reviewsRepo = app.db.getRepository('gitCodeReviews');
+    const cutoff = new Date(Date.now() - STUCK_REVIEW_CUTOFF_MS);
+    // Sweep both `running` (interrupted mid-execution) and `pending`
+    // (interrupted between record creation and runReview's first update).
+    // Both have `startedAt` stamped at trigger time so the cutoff applies
+    // consistently.
+    const stuck = await reviewsRepo.find({
+      filter: {
+        status: { $in: ['running', 'pending'] },
+        startedAt: { $lt: cutoff },
+      },
+    });
+    if (!stuck?.length) return 0;
+    const finishedAt = new Date();
+    for (const review of stuck) {
+      const startedAt = review.get('startedAt') as Date | null;
+      const durationMs = startedAt ? finishedAt.getTime() - new Date(startedAt).getTime() : null;
+      await reviewsRepo.update({
+        filterByTk: review.get('id'),
+        values: {
+          status: 'failed',
+          error: 'Review interrupted by application restart',
+          finishedAt,
+          durationMs,
+        },
+      });
+    }
+    app.log?.info?.(`plugin-git-manager: marked ${stuck.length} stuck review(s) as failed after restart`);
+    return stuck.length;
+  } catch (err: any) {
+    app.log?.error?.(`plugin-git-manager: recoverStuckReviews failed: ${err?.message}`);
+    return 0;
+  }
+}

package/src/server/ai-tools.ts

@@ -18,11 +18,46 @@ export function registerGitReviewAiTools(app: Application) {
     return;
   }
 
+  /**
+   * Enforce that the AI session has an authenticated user and that this user
+   * is permitted to invoke the underlying resource:action. Without this check,
+   * a prompt-injected AI could pass an arbitrary `repositoryId` to the tools
+   * and read any repository's MRs / commits / file content regardless of the
+   * caller's ACL.
+   */
+  const enforceAcl = (ctx: any, resource: string, action: string) => {
+    const user = ctx?.state?.currentUser;
+    if (!user?.id) {
+      const err: any = new Error('AI tool requires an authenticated user context');
+      err.status = 401;
+      throw err;
+    }
+    const acl = ctx.app?.acl;
+    if (!acl?.can) return; // ACL not available — fail-open is acceptable for legacy contexts
+    const role =
+      ctx?.state?.currentRole ||
+      (Array.isArray(user.roles) && user.roles[0]?.name) ||
+      null;
+    if (!role) {
+      const err: any = new Error('AI tool requires a resolvable role on the current user');
+      err.status = 403;
+      throw err;
+    }
+    const allowed = acl.can({ role, resource, action });
+    if (!allowed) {
+      const err: any = new Error(`Permission denied: ${resource}:${action}`);
+      err.status = 403;
+      throw err;
+    }
+  };
+
   const runResourceAction = async (
     ctx: any,
     handler: (ctx: any, next: () => Promise<void>) => Promise<void>,
     params: Record<string, any>,
+    gate: { resource: string; action: string },
   ) => {
+    enforceAcl(ctx, gate.resource, gate.action);
     const synthCtx: any = {
       ...ctx,
       app: ctx.app,
@@ -55,7 +90,10 @@ export function registerGitReviewAiTools(app: Application) {
         }),
       },
       invoke: async (ctx: any, args: any) => {
-        const body = await runResourceAction(ctx, gitlabApi.mergeRequestDetail, args);
+        const body = await runResourceAction(ctx, gitlabApi.mergeRequestDetail, args, {
+          resource: 'gitManager',
+          action: 'mergeRequestDetail',
+        });
         return body?.data ?? body;
       },
     },
@@ -77,7 +115,10 @@ export function registerGitReviewAiTools(app: Application) {
         }),
       },
       invoke: async (ctx: any, args: any) => {
-        const body = await runResourceAction(ctx, gitlabApi.mergeRequests, args);
+        const body = await runResourceAction(ctx, gitlabApi.mergeRequests, args, {
+          resource: 'gitManager',
+          action: 'mergeRequests',
+        });
         return body?.data ?? body;
       },
     },
@@ -96,7 +137,10 @@ export function registerGitReviewAiTools(app: Application) {
         }),
       },
       invoke: async (ctx: any, args: any) => {
-        const body = await runResourceAction(ctx, gitlabApi.mergeRequestNotes, args);
+        const body = await runResourceAction(ctx, gitlabApi.mergeRequestNotes, args, {
+          resource: 'gitManager',
+          action: 'mergeRequestNotes',
+        });
         return body?.data ?? body;
       },
     },
@@ -115,7 +159,10 @@ export function registerGitReviewAiTools(app: Application) {
         }),
       },
       invoke: async (ctx: any, args: any) => {
-        const body = await runResourceAction(ctx, gitActions.commitDetail, args);
+        const body = await runResourceAction(ctx, gitActions.commitDetail, args, {
+          resource: 'gitManager',
+          action: 'commitDetail',
+        });
         return body?.data ?? body;
       },
     },
@@ -137,7 +184,10 @@ export function registerGitReviewAiTools(app: Application) {
         }),
       },
       invoke: async (ctx: any, args: any) => {
-        const body = await runResourceAction(ctx, gitActions.diff, args);
+        const body = await runResourceAction(ctx, gitActions.diff, args, {
+          resource: 'gitManager',
+          action: 'diff',
+        });
         return body?.data ?? body;
       },
     },
@@ -158,7 +208,10 @@ export function registerGitReviewAiTools(app: Application) {
         }),
       },
       invoke: async (ctx: any, args: any) => {
-        const body = await runResourceAction(ctx, gitActions.fileContent, args);
+        const body = await runResourceAction(ctx, gitActions.fileContent, args, {
+          resource: 'gitManager',
+          action: 'fileContent',
+        });
         return body?.data ?? body;
       },
     },
@@ -174,7 +227,10 @@ export function registerGitReviewAiTools(app: Application) {
         schema: z.object({ repositoryId: z.number() }),
       },
       invoke: async (ctx: any, args: any) => {
-        const body = await runResourceAction(ctx, gitActions.branches, args);
+        const body = await runResourceAction(ctx, gitActions.branches, args, {
+          resource: 'gitManager',
+          action: 'branches',
+        });
         return body?.data ?? body;
       },
     },
@@ -194,7 +250,10 @@ export function registerGitReviewAiTools(app: Application) {
         }),
       },
       invoke: async (ctx: any, args: any) => {
-        const body = await runResourceAction(ctx, gitActions.log, args);
+        const body = await runResourceAction(ctx, gitActions.log, args, {
+          resource: 'gitManager',
+          action: 'log',
+        });
         return body?.data ?? body;
       },
     },

package/src/server/collections/gitRepositories.ts

@@ -32,7 +32,7 @@ export default defineCollection({
       uiSchema: { title: 'Local Path', type: 'string', 'x-component': 'Input' },
     },
     {
-      type: 'password',
+      type: 'string',
       name: 'pat',
       interface: 'password',
       uiSchema: { title: 'Personal Access Token', type: 'string', 'x-component': 'Password' },

package/src/server/plugin.ts

@@ -4,6 +4,7 @@ import * as gitActions from './actions/git-actions';
 import * as gitlabApi from './actions/gitlab-api';
 import * as reviewActions from './actions/review';
 import * as pollerActions from './actions/poller';
+import { recoverStuckReviews } from './actions/review';
 import { registerGitReviewAiTools } from './ai-tools';
 import { startPoller, stopPoller } from './poller';
 
@@ -39,9 +40,32 @@ export class PluginGitManagerServer extends Plugin {
       },
     });
 
+    // Suppress noisy workflow pre-action/post-action warnings for custom resources
+    this.app.use(async (ctx, next) => {
+      if (ctx.logger && ctx.logger.warn) {
+        const originalWarn = ctx.logger.warn.bind(ctx.logger);
+        ctx.logger.warn = (message: any, ...args: any[]) => {
+          if (
+            typeof message === 'string' &&
+            message.includes('[Workflow') &&
+            message.includes('collection') &&
+            message.includes('not found')
+          ) {
+            return ctx.logger;
+          }
+          return originalWarn(message, ...args);
+        };
+      }
+      return next();
+    });
+
     registerGitReviewAiTools(this.app);
 
     this.app.on('afterStart', () => {
+      // Sweep any review left in `running` state from a previous process.
+      recoverStuckReviews(this.app).catch((err) =>
+        this.app.log?.error?.('plugin-git-manager: recoverStuckReviews error', err),
+      );
       startPoller(this.app);
     });
     this.app.on('beforeStop', () => {

package/src/server/poller.ts

@@ -46,49 +46,94 @@ export function getPollerStatus() {
   };
 }
 
+/**
+ * Handle returned by `tryAcquirePollerLock`. Caller must invoke `release()`
+ * exactly once when done. Returning a handle (rather than a boolean) lets us
+ * pin a Sequelize transaction to a single connection so that
+ * `pg_advisory_unlock` / `RELEASE_LOCK` run on the same connection that
+ * acquired the lock — pool-based queries previously could release on the
+ * wrong connection, leaving the lock held until that connection recycled.
+ */
+interface PollerLockHandle {
+  release: () => Promise<void>;
+}
+
+const ADVISORY_LOCK_KEY = 777_042;
+
 /**
  * Attempt to acquire a DB-level advisory lock so that only one node in an
  * HA cluster runs the poller at any given time.
  *
- * Returns `true` if the lock was acquired, `false` if another node holds it.
- * Falls back to the in-memory flag if the DB doesn't support advisory locks.
+ * Returns a handle when acquired, `null` when another node holds the lock.
+ * Falls back to a no-op handle when the DB doesn't support advisory locks
+ * (SQLite, unknown dialects) or when an unexpected error occurs.
  */
-async function tryAcquirePollerLock(app: Application): Promise<boolean> {
+async function tryAcquirePollerLock(app: Application): Promise<PollerLockHandle | null> {
+  const noop: PollerLockHandle = { release: async () => undefined };
+  const sequelize = (app.db as any).sequelize;
+  if (!sequelize) return noop;
+  const dialect = sequelize.getDialect?.();
+
+  if (dialect !== 'postgres' && dialect !== 'mysql' && dialect !== 'mariadb') {
+    return noop; // SQLite / unknown — no distributed locking, allow
+  }
+
+  // A transaction pins all queries (and the lock) to a single connection.
+  let transaction: any;
   try {
-    const sequelize = (app.db as any).sequelize;
-    if (!sequelize) return true; // can't lock — allow
-    const dialect = sequelize.getDialect?.();
-    // Lock key derived from a fixed identifier for this plugin's poller
-    const lockKey = 777_042; // arbitrary stable int
-    if (dialect === 'postgres') {
-      const [results] = await sequelize.query(`SELECT pg_try_advisory_lock(${lockKey}) AS locked`);
-      return results?.[0]?.locked === true;
-    }
-    // For MySQL / MariaDB
-    if (dialect === 'mysql' || dialect === 'mariadb') {
-      const [results] = await sequelize.query(`SELECT GET_LOCK('git_poller', 0) AS locked`);
-      return results?.[0]?.locked === 1;
-    }
-    // SQLite or unknown — no distributed locking, allow
-    return true;
+    transaction = await sequelize.transaction();
   } catch {
-    return true; // on error, fall back to allowing
+    return noop; // can't open txn — fall back to allowing
   }
-}
 
-async function releasePollerLock(app: Application): Promise<void> {
   try {
-    const sequelize = (app.db as any).sequelize;
-    if (!sequelize) return;
-    const dialect = sequelize.getDialect?.();
-    const lockKey = 777_042;
+    let acquired = false;
     if (dialect === 'postgres') {
-      await sequelize.query(`SELECT pg_advisory_unlock(${lockKey})`);
-    } else if (dialect === 'mysql' || dialect === 'mariadb') {
-      await sequelize.query(`SELECT RELEASE_LOCK('git_poller')`);
+      const [results] = await sequelize.query(
+        `SELECT pg_try_advisory_lock(${ADVISORY_LOCK_KEY}) AS locked`,
+        { transaction },
+      );
+      acquired = (results as any)?.[0]?.locked === true;
+    } else {
+      const [results] = await sequelize.query(
+        `SELECT GET_LOCK('git_poller', 0) AS locked`,
+        { transaction },
+      );
+      const v = (results as any)?.[0]?.locked;
+      acquired = v === 1 || v === '1' || v === true;
     }
+
+    if (!acquired) {
+      try { await transaction.rollback(); } catch { /* ignore */ }
+      return null;
+    }
+
+    return {
+      release: async () => {
+        try {
+          if (dialect === 'postgres') {
+            await sequelize.query(
+              `SELECT pg_advisory_unlock(${ADVISORY_LOCK_KEY})`,
+              { transaction },
+            );
+          } else {
+            await sequelize.query(
+              `SELECT RELEASE_LOCK('git_poller')`,
+              { transaction },
+            );
+          }
+        } catch {
+          // best-effort release — txn close still recycles the connection
+        } finally {
+          try { await transaction.commit(); } catch {
+            try { await transaction.rollback(); } catch { /* ignore */ }
+          }
+        }
+      },
+    };
   } catch {
-    // best-effort release
+    try { await transaction.rollback(); } catch { /* ignore */ }
+    return noop; // on error, fall back to allowing
   }
 }
 
@@ -108,9 +153,10 @@ export async function pollAllRepos(app: Application): Promise<{ scanned: number;
     }
   }
 
-  // C-1 fix: acquire distributed lock for HA
-  const lockAcquired = await tryAcquirePollerLock(app);
-  if (!lockAcquired) {
+  // C-1 fix: acquire distributed lock for HA — handle pins the connection
+  // so unlock runs on the same connection that acquired the lock.
+  const lock = await tryAcquirePollerLock(app);
+  if (!lock) {
     app.log?.debug?.('poller: another node holds the advisory lock — skipping');
     return { scanned: 0, triggered: 0 };
   }
@@ -141,7 +187,7 @@ export async function pollAllRepos(app: Application): Promise<{ scanned: number;
   } finally {
     isPolling = false;
     pollStartedAt = null;
-    await releasePollerLock(app);
+    await lock.release();
   }
   return { scanned, triggered };
 }
@@ -232,8 +278,48 @@ export async function pollOneRepo(
 async function listMergeRequests(repo: any, updatedAfter: Date | null): Promise<any[]> {
   const repoUrl = repo.get('repoUrl') as string;
   const pat = repo.get('pat') as string;
-  const { apiBase, encodedProject } = parseGitLabProject(repoUrl);
+  const isGitHub = typeof repoUrl === 'string' && repoUrl.includes('github.com');
+
+  if (isGitHub) {
+    // GitHub PRs: list endpoint sorts by updated; GitHub has no `updated_after`,
+    // so we filter client-side after fetching the most recently updated page.
+    const { projectPath } = parseGitLabProject(repoUrl);
+    const params = new URLSearchParams({
+      state: 'open',
+      per_page: String(MR_PAGE_SIZE),
+      sort: 'updated',
+      direction: 'desc',
+    });
+    const headers: Record<string, string> = { Accept: 'application/vnd.github.v3+json' };
+    if (pat) headers['Authorization'] = `Bearer ${pat}`;
 
+    const response = await fetch(
+      `https://api.github.com/repos/${projectPath}/pulls?${params.toString()}`,
+      { headers },
+    );
+    if (!response.ok) {
+      const body = await response.text().catch(() => '');
+      throw new Error(`GitHub API error ${response.status}: ${body}`);
+    }
+    let prs = (await response.json()) as any[];
+    if (Array.isArray(prs) && updatedAfter) {
+      const cutoff = updatedAfter.getTime() - 1000;
+      prs = prs.filter((pr: any) => {
+        const t = pr?.updated_at ? new Date(pr.updated_at).getTime() : 0;
+        return t >= cutoff;
+      });
+    }
+    // Normalise to the GitLab MR shape that pollOneRepo consumes.
+    return (prs || []).map((pr: any) => ({
+      iid: pr.number,
+      sha: pr.head?.sha,
+      source_branch: pr.head?.ref,
+      target_branch: pr.base?.ref,
+    }));
+  }
+
+  // GitLab
+  const { apiBase, encodedProject } = parseGitLabProject(repoUrl);
   const params = new URLSearchParams({
     state: 'opened',
     per_page: String(MR_PAGE_SIZE),

package/src/server/utils/redact.ts

@@ -0,0 +1,24 @@
+/**
+ * Redact embedded credentials from URLs in arbitrary strings.
+ * Matches `scheme://user:password@host` and replaces with `scheme://***:***@host`.
+ * Used to scrub error messages before persisting them to the DB or
+ * returning them to the client, since simple-git often echoes the
+ * authenticated remote URL in stderr.
+ */
+export function redactPat(s: unknown): string {
+  if (typeof s !== 'string') return s == null ? '' : String(s);
+  return s.replace(/(https?:\/\/)([^\/:@\s]+):([^@\s]+)@/g, '$1***:***@');
+}
+
+/**
+ * Mutate `err.message` (and common fields where simple-git stashes stderr)
+ * to remove any embedded PAT before the error propagates further.
+ */
+export function redactError<T>(err: T): T {
+  if (!err || typeof err !== 'object') return err;
+  const e: any = err;
+  if (typeof e.message === 'string') e.message = redactPat(e.message);
+  if (typeof e.stderr === 'string') e.stderr = redactPat(e.stderr);
+  if (typeof e.stdout === 'string') e.stdout = redactPat(e.stdout);
+  return err;
+}