plugin-git-manager 1.1.7 → 1.1.10

package/src/client/context/GitManagerContext.tsx

@@ -8,6 +8,8 @@ interface Repository {
   localPath: string;
   defaultBranch: string;
   status: string;
+  autoReview?: boolean;
+  autoReviewFlowId?: number | null;
 }
 
 interface GitManagerContextType {

package/src/client/index.tsx

@@ -1,31 +1,31 @@
-import { Plugin } from '@nocobase/client';
-import React from 'react';
-import {
-  GitRepositoryWorkContext,
-  GitMergeRequestWorkContext,
-  GitCommitWorkContext,
-} from './ai-context';
-
-const GitManagerSettings = React.lazy(() =>
-  import('./components/GitManagerSettings').then((m) => ({ default: m.GitManagerSettings })),
-);
-
-export class PluginGitManagerClient extends Plugin {
-  async load() {
-    this.app.pluginSettingsManager.add('git-manager', {
-      title: this.t('Git Manager'),
-      icon: 'BranchesOutlined',
-      Component: GitManagerSettings,
-      aclSnippet: 'pm.plugin-git-manager',
-    });
-
-    const aiManager = (this.app as any).aiManager;
-    if (aiManager?.registerWorkContext) {
-      aiManager.registerWorkContext('git-repository', GitRepositoryWorkContext);
-      aiManager.registerWorkContext('git-merge-request', GitMergeRequestWorkContext);
-      aiManager.registerWorkContext('git-commit', GitCommitWorkContext);
-    }
-  }
-}
-
-export default PluginGitManagerClient;
+import { Plugin } from '@nocobase/client';
+import React from 'react';
+import {
+  GitRepositoryWorkContext,
+  GitMergeRequestWorkContext,
+  GitCommitWorkContext,
+} from './ai-context';
+
+const GitManagerSettings = React.lazy(() =>
+  import('./components/GitManagerSettings').then((m) => ({ default: m.GitManagerSettings })),
+);
+
+export class PluginGitManagerClient extends Plugin {
+  async load() {
+    (this as any).app.pluginSettingsManager.add('git-manager', {
+      title: (this as any).t('Git Manager'),
+      icon: 'BranchesOutlined',
+      Component: GitManagerSettings,
+      aclSnippet: 'pm.plugin-git-manager',
+    });
+
+    const aiManager = ((this as any).app as any).aiManager;
+    if (aiManager?.registerWorkContext) {
+      aiManager.registerWorkContext('git-repository', GitRepositoryWorkContext);
+      aiManager.registerWorkContext('git-merge-request', GitMergeRequestWorkContext);
+      aiManager.registerWorkContext('git-commit', GitCommitWorkContext);
+    }
+  }
+}
+
+export default PluginGitManagerClient;

package/src/locale/en-US.json

@@ -177,5 +177,12 @@
   "new": "new",
   "Reviewed SHA": "Reviewed SHA",
   "Latest SHA": "Latest SHA",
-  "All triggers": "All triggers"
+  "All triggers": "All triggers",
+  "Search commit title or message": "Search commit title or message",
+  "Primary Auto Flow": "Primary Auto Flow",
+  "Primary Auto Review Flow": "Primary Auto Review Flow",
+  "Only flows with automatic trigger modes are shown": "Only flows with automatic trigger modes are shown",
+  "Fallback": "Fallback",
+  "AI employee not found": "AI employee not found",
+  "Failed to open AI chat": "Failed to open AI chat"
 }

package/src/server/actions/gitlab-api.ts

@@ -1,6 +1,10 @@
 import { Context } from '@nocobase/actions';
 import { parseGitLabProject } from '../utils/gitlab-url';
 
+function getActionParams(ctx: Context) {
+  return { ...ctx.action.params, ...ctx.action.params?.values, ...((ctx as any).request?.body || {}) };
+}
+
 async function gitlabFetch(apiBase: string, endpoint: string, pat: string, params?: Record<string, any>) {
   const url = new URL(`${apiBase}${endpoint}`);
   if (params) {
@@ -33,7 +37,7 @@ async function gitlabFetch(apiBase: string, endpoint: string, pat: string, param
 
 async function getRepoApiContext(ctx: Context) {
   // Fix for POST requests where data might be in ctx.request.body
-  const params = { ...ctx.action.params, ...ctx.action.params?.values, ...( (ctx.request.body as any) || {} ) };
+  const params = getActionParams(ctx);
   const { repositoryId } = params;
   
   const repo = await ctx.db.getRepository('gitRepositories').findOne({
@@ -90,7 +94,7 @@ async function githubFetch(endpoint: string, pat: string, params?: Record<string
 export async function mergeRequests(ctx: Context, next: () => Promise<void>) {
   const { pat, apiBase, encodedProject, projectPath, isGitHub } = await getRepoApiContext(ctx);
   // Merge params from query and body
-  const params = { ...ctx.action.params, ...ctx.action.params?.values, ...( (ctx.request.body as any) || {} ) };
+  const params = getActionParams(ctx);
   const {
     state = 'opened',
     search,
@@ -207,7 +211,7 @@ export async function mergeRequests(ctx: Context, next: () => Promise<void>) {
 
 export async function mergeRequestDetail(ctx: Context, next: () => Promise<void>) {
   const { pat, apiBase, encodedProject, projectPath, isGitHub } = await getRepoApiContext(ctx);
-  const params = { ...ctx.action.params, ...ctx.action.params?.values, ...( (ctx.request.body as any) || {} ) };
+  const params = getActionParams(ctx);
   const { mrIid } = params;
 
   if (!mrIid) {
@@ -321,7 +325,7 @@ export async function mergeRequestDetail(ctx: Context, next: () => Promise<void>
 
 export async function mergeRequestNotes(ctx: Context, next: () => Promise<void>) {
   const { pat, apiBase, encodedProject, projectPath, isGitHub } = await getRepoApiContext(ctx);
-  const params = { ...ctx.action.params, ...ctx.action.params?.values, ...( (ctx.request.body as any) || {} ) };
+  const params = getActionParams(ctx);
   const { mrIid, page = 1, perPage = 50 } = params;
 
   if (!mrIid) {

package/src/server/actions/review.ts

@@ -16,6 +16,10 @@ interface TriggerArgs {
   userId?: number | string | null;
 }
 
+function getActionParams(ctx: Context) {
+  return { ...ctx.action.params, ...ctx.action.params?.values, ...((ctx as any).request?.body || {}) };
+}
+
 /**
  * Per-target mutex to prevent two concurrent calls to
  * `triggerReviewInternal` for the same MR / commit / branch from racing
@@ -47,7 +51,7 @@ async function withTriggerLock<T>(app: Application, key: string, fn: () => Promi
  * the background. The action returns immediately with the reviewId.
  */
 export async function triggerReview(ctx: Context, next: () => Promise<void>) {
-  const params = { ...ctx.action.params, ...ctx.action.params?.values, ...( (ctx.request.body as any) || {} ) };
+  const params = getActionParams(ctx);
   const {
     flowId,
     repositoryId,
@@ -215,7 +219,7 @@ async function triggerReviewInternalLocked(app: Application, args: TriggerArgs):
  * Mark a review as approved and post its content to GitLab as an MR note.
  */
 export async function reviewApprovePost(ctx: Context, next: () => Promise<void>) {
-  const params = { ...ctx.action.params, ...ctx.action.params?.values, ...( (ctx.request.body as any) || {} ) };
+  const params = getActionParams(ctx);
   const { reviewId, editedMarkdown } = params;
   if (!reviewId) ctx.throw(400, 'reviewId is required');
 
@@ -255,7 +259,7 @@ export async function reviewApprovePost(ctx: Context, next: () => Promise<void>)
  * Reject a pending review (do not post to GitLab).
  */
 export async function reviewReject(ctx: Context, next: () => Promise<void>) {
-  const params = { ...ctx.action.params, ...ctx.action.params?.values, ...( (ctx.request.body as any) || {} ) };
+  const params = getActionParams(ctx);
   const { reviewId, reason } = params;
   if (!reviewId) ctx.throw(400, 'reviewId is required');
 
@@ -341,6 +345,8 @@ async function runReview(app: Application, args: RunReviewArgs) {
     const syntheticCtx: any = {
       app,
       db,
+      isBackgroundReview: true,
+      reviewTargetRepositoryId: args.repo.get('id'),
       state: { currentUser: args.userId ? { id: args.userId } : null },
       auth: { user: args.userId ? { id: args.userId } : { id: null } },
       req: { headers: { 'x-timezone': '+00:00', 'x-locale': 'en-US' } },

package/src/server/ai-tools.ts

@@ -25,7 +25,15 @@ export function registerGitReviewAiTools(app: Application) {
    * and read any repository's MRs / commits / file content regardless of the
    * caller's ACL.
    */
-  const enforceAcl = (ctx: any, resource: string, action: string) => {
+  const enforceAcl = (ctx: any, resource: string, action: string, params: any) => {
+    if (ctx.isBackgroundReview) {
+      if (params.repositoryId && params.repositoryId !== ctx.reviewTargetRepositoryId) {
+        const err: any = new Error('Permission denied: AI cannot access other repositories');
+        err.status = 403;
+        throw err;
+      }
+      return; // Authorized for this specific repository in background context
+    }
     const user = ctx?.state?.currentUser;
     if (!user?.id) {
       const err: any = new Error('AI tool requires an authenticated user context');
@@ -51,18 +59,38 @@ export function registerGitReviewAiTools(app: Application) {
     }
   };
 
+  const sanitizeForDb = (obj: any): any => {
+    if (typeof obj === 'string') {
+      // Remove null bytes \u0000 which crash Postgres jsonb/text fields
+      // eslint-disable-next-line no-control-regex
+      return obj.replace(/\u0000/g, '');
+    }
+    if (Array.isArray(obj)) {
+      return obj.map(sanitizeForDb);
+    }
+    if (obj && typeof obj === 'object') {
+      const sanitized: any = {};
+      for (const [key, value] of Object.entries(obj)) {
+        sanitized[key] = sanitizeForDb(value);
+      }
+      return sanitized;
+    }
+    return obj;
+  };
+
   const runResourceAction = async (
     ctx: any,
     handler: (ctx: any, next: () => Promise<void>) => Promise<void>,
     params: Record<string, any>,
     gate: { resource: string; action: string },
   ) => {
-    enforceAcl(ctx, gate.resource, gate.action);
+    enforceAcl(ctx, gate.resource, gate.action, params);
     const synthCtx: any = {
       ...ctx,
       app: ctx.app,
       db: ctx.db,
       action: { params },
+      request: { ...(ctx.request || {}), body: ctx.request?.body || {} },
       throw: (status: number, message: string) => {
         const err: any = new Error(message);
         err.status = status;
@@ -70,7 +98,7 @@ export function registerGitReviewAiTools(app: Application) {
       },
     };
     await handler(synthCtx, async () => undefined);
-    return synthCtx.body;
+    return sanitizeForDb(synthCtx.body);
   };
 
   aiManager.toolsManager.registerTools([

package/src/server/collections/gitRepositories.ts

@@ -57,6 +57,18 @@ export default defineCollection({
       interface: 'checkbox',
       uiSchema: { title: 'Auto Review', type: 'boolean', 'x-component': 'Checkbox' },
     },
+    {
+      type: 'belongsTo',
+      name: 'autoReviewFlow',
+      target: 'gitReviewFlows',
+      foreignKey: 'autoReviewFlowId',
+      interface: 'm2o',
+      uiSchema: {
+        title: 'Primary Auto Review Flow',
+        'x-component': 'AssociationField',
+        'x-component-props': { fieldNames: { label: 'name', value: 'id' } },
+      },
+    },
     {
       type: 'date',
       name: 'lastPolledAt',

package/src/server/migrations/20260508000000-add-auto-review-flow-id.ts

@@ -0,0 +1,29 @@
+import { Migration } from '@nocobase/server';
+import { DataTypes } from 'sequelize';
+
+export default class AddAutoReviewFlowIdMigration extends Migration {
+  on = 'afterLoad';
+
+  async up() {
+    const queryInterface = (this as any).db.sequelize.getQueryInterface();
+    const tablePrefix = (this as any).db.options?.tablePrefix || '';
+    const tableName = `${tablePrefix}gitRepositories`;
+    const tableInfo = await queryInterface.describeTable(tableName).catch(() => null);
+    if (!tableInfo || tableInfo.autoReviewFlowId) return;
+
+    await queryInterface.addColumn(tableName, 'autoReviewFlowId', {
+      type: DataTypes.INTEGER,
+      allowNull: true,
+    });
+  }
+
+  async down() {
+    const queryInterface = (this as any).db.sequelize.getQueryInterface();
+    const tablePrefix = (this as any).db.options?.tablePrefix || '';
+    const tableName = `${tablePrefix}gitRepositories`;
+    const tableInfo = await queryInterface.describeTable(tableName).catch(() => null);
+    if (!tableInfo?.autoReviewFlowId) return;
+
+    await queryInterface.removeColumn(tableName, 'autoReviewFlowId');
+  }
+}