pr-prism 1.0.5

package/.github/workflows/ci.yml

@@ -0,0 +1,32 @@
+name: CI
+
+on:
+  push:
+    branches: [main, dev]
+  pull_request:
+    branches: [main]
+
+jobs:
+  typecheck:
+    name: Type Check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 9.15.0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "22"
+          cache: "pnpm"
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Run TypeScript type check
+        run: pnpm run typecheck

package/.github/workflows/delete-branch.yml

@@ -0,0 +1,37 @@
+name: Auto Delete Merged Branch
+
+on:
+  pull_request:
+    types: [closed]
+
+jobs:
+  delete-branch:
+    if: >
+      github.event.pull_request.merged == true &&
+      github.event.pull_request.head.repo.full_name == github.repository
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+      - name: Delete merged branch
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          BRANCH_NAME: ${{ github.event.pull_request.head.ref }}
+          REPO: ${{ github.repository }}
+        run: |
+          PROTECTED_BRANCHES="main master dev develop staging production release"
+
+          for protected in $PROTECTED_BRANCHES; do
+            if [ "$BRANCH_NAME" = "$protected" ]; then
+              echo "⏭️  Skipping protected branch: $BRANCH_NAME"
+              exit 0
+            fi
+          done
+
+          ENCODED_BRANCH=$(printf '%s' "$BRANCH_NAME" | jq -sRr @uri)
+
+          echo "🗑️  Deleting branch: $BRANCH_NAME"
+          gh api -X DELETE "repos/$REPO/git/refs/heads/$ENCODED_BRANCH" \
+            && echo "✅ Branch '$BRANCH_NAME' deleted successfully" \
+            || echo "⚠️  Branch '$BRANCH_NAME' may have already been deleted"

package/.github/workflows/dependabot-auto-merge.yml

@@ -0,0 +1,39 @@
+name: Dependabot Auto-Merge
+
+on:
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  auto-merge:
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Fetch Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Auto-approve minor and patch updates
+        if: >
+          steps.metadata.outputs.update-type == 'version-update:semver-minor' ||
+          steps.metadata.outputs.update-type == 'version-update:semver-patch'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+        run: gh pr review "$PR_URL" --approve
+
+      - name: Auto-merge minor and patch updates
+        if: >
+          steps.metadata.outputs.update-type == 'version-update:semver-minor' ||
+          steps.metadata.outputs.update-type == 'version-update:semver-patch'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+        run: gh pr merge "$PR_URL" --squash --auto

package/.github/workflows/labeler.yml

@@ -0,0 +1,21 @@
+name: Label PRs
+
+on:
+  pull_request_target:
+    types: [opened, synchronize]
+
+jobs:
+  label:
+    name: Auto-label
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Label PR
+        uses: actions/labeler@v5
+        with:
+          configuration-path: .github/labeler.yml

package/.github/workflows/security.yml

@@ -0,0 +1,38 @@
+name: Security Audit
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: '0 9 * * 1'
+
+jobs:
+  audit:
+    name: Dependency Audit
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 9.15.0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "22"
+          cache: "pnpm"
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Run pnpm audit
+        run: pnpm audit --audit-level=high
+        continue-on-error: true
+
+      - name: Run pnpm audit (strict - critical only)
+        run: pnpm audit --audit-level=critical

package/.github/workflows/version-bump.yml

@@ -0,0 +1,35 @@
+name: Version Bump
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  bump:
+    if: "!startsWith(github.event.head_commit.message, 'chore: bump version')"
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "22"
+
+      - name: Configure git
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+      - name: Bump patch version and push
+        run: |
+          npm version patch --no-git-tag-version
+          VERSION=$(node -p "require('./package.json').version")
+          git add package.json
+          git commit -m "chore: bump version to v${VERSION}"
+          git push

package/README.md

@@ -0,0 +1,146 @@
+# pr-prism
+
+> Filter the noise. Focus on what matters.
+
+**pr-prism** is a stateful GitHub PR review scraper built for AI agent workflows. It fetches review comments directly via the GitHub GraphQL API, filters out bots and noise, emits only what's actionable — once per comment, forever cached — and can resolve handled threads and tag agents for re-review when fixes are pushed.
+
+---
+
+## The Problem
+
+Running an AI agent in a PR-fix loop has one brutal problem: **statefulness**.
+
+Every re-run, the agent re-reads the same resolved comments, outdated threads, and bot spam — wasting tokens, inflating context, and confusing what actually needs fixing right now.
+
+## The Solution
+
+pr-prism solves this with a two-command workflow:
+
+1. **`pr-review`** — scrapes new comments, caches IDs so re-runs only show what's new
+2. **`pr-resolve`** — resolves handled threads via GraphQL and tags AI agents for re-review
+
+---
+
+## Features
+
+| Feature | What it does |
+|---|---|
+| **ID cache** | `pr-reviews/.scraped-ids.json` — re-runs emit only new comments |
+| **Resolved threads** | Silently skipped via GraphQL `isResolved` |
+| **Outdated threads** | Flagged with `⚠️ OUTDATED` so agents don't chase dead feedback |
+| **Bot filter** | Authors ending in `[bot]` or matching `KNOWN_BOTS` are skipped |
+| **Suggested changes** | ` ```suggestion ` blocks rendered as clean `diff` (REMOVE / ADD) |
+| **File path** | Each inline comment prefixed with `📄 File: path/to/file.ts` |
+| **Noise domains** | Social sharing links (Twitter, Reddit, LinkedIn, CodeAnt) stripped |
+| **Thread resolution** | `pr-resolve` closes threads via `resolveReviewThread` mutation |
+| **Agent tagging** | `--tag-agents` posts a configurable @mention comment after resolving |
+
+---
+
+## Requirements
+
+- Node.js ≥ 20
+- [pnpm](https://pnpm.io) (or npm / yarn)
+- [gh CLI](https://cli.github.com) authenticated: `gh auth login`
+
+---
+
+## Installation
+
+```bash
+git clone https://github.com/YosefHayim/pr-prism
+cd pr-prism
+pnpm install
+```
+
+---
+
+## Usage
+
+### `pr-review` — scrape review comments
+
+```bash
+pnpm run pr-review                        # detect repo, list open PRs, interactive select
+pnpm run pr-review -- 42                  # process PR #42 directly
+pnpm run pr-review -- <url>               # process by full GitHub PR URL
+```
+
+### `pr-resolve` — resolve threads + tag agents
+
+```bash
+pnpm run pr-resolve                       # resolve threads from latest .threads-*.json
+pnpm run pr-resolve -- 42                 # explicit PR number
+pnpm run pr-resolve -- 42 --dry-run       # preview what would be resolved
+pnpm run pr-resolve -- 42 --tag-agents    # resolve + post @mention comment
+pnpm run pr-resolve -- 42 --tag-agents --comment "Fixed in abc123"
+pnpm run pr-resolve -- 42 --unresolve     # re-open threads if needed
+```
+
+---
+
+## Output
+
+| File | Description |
+|---|---|
+| `pr-reviews/new-<timestamp>.md` | New actionable comments since last run |
+| `pr-reviews/.scraped-ids.json` | Persistent ID cache — **commit this file** |
+| `pr-reviews/.threads-<pr>.json` | Thread IDs consumed by `pr-resolve` |
+
+---
+
+## The AI Agent Loop
+
+```
+1.  pnpm run pr-review -- <PR number>
+        → pr-reviews/new-<timestamp>.md  (new comments only)
+        → pr-reviews/.threads-<pr>.json  (thread IDs for resolve)
+
+2.  Agent reads the markdown, implements fixes, commits, pushes
+
+3.  pnpm run pr-resolve -- <PR number> --tag-agents
+        → Resolves all handled threads via GitHub GraphQL
+        → Posts: "All feedback addressed. @cubic-dev-ai please re-review."
+
+4.  Repeat from step 1 — only new reviewer replies appear
+```
+
+---
+
+## Config (`.pr-prism.json`)
+
+Create `.pr-prism.json` in your repo root to customise agent mentions without editing source:
+
+```json
+{
+  "agentMentions": ["cubic-dev-ai", "coderabbitai"]
+}
+```
+
+---
+
+## Extending the bot list
+
+Edit `KNOWN_BOTS` at the top of `scripts/scrape-pr-reviews.ts`:
+
+```ts
+const KNOWN_BOTS = ["github-actions", "dependabot", "coderabbitai", "changeset-bot", "codeantai"];
+```
+
+## Adding noise domains
+
+Edit `NOISE_DOMAINS` in the same file:
+
+```ts
+const NOISE_DOMAINS = [
+  "twitter.com/intent", "x.com/intent",
+  "reddit.com/submit",
+  "linkedin.com/sharing",
+  "app.codeant.ai", "codeant.ai/feedback",
+];
+```
+
+---
+
+## License
+
+MIT

package/agents/scrape-pr-reviews.md

@@ -0,0 +1,86 @@
+---
+name: scrape-pr-reviews
+description: >
+  Fetches open PRs from the current repo via gh CLI, lets you pick one interactively,
+  and writes only new/unresolved human review comments to a Markdown file.
+  After fixes, pr-resolve closes handled threads and optionally tags AI agents for re-review.
+  Requires gh CLI authenticated (gh auth login).
+tools: ["Bash", "Read"]
+model: haiku
+---
+
+## Purpose
+
+Auto-detects the GitHub repo from the local git remote, lists open PRs, and
+processes the selected PR into a clean Markdown file. Re-runs skip already-seen
+comment IDs so each file contains only what's new since the last run.
+After fixes are pushed, `pr-resolve` closes handled threads via the GitHub GraphQL
+API and can post a comment tagging AI agents for re-review.
+
+## Prerequisites
+
+- `gh` CLI installed and authenticated: `gh auth login`
+- `pnpm install` (prompts is a devDependency)
+
+## Commands
+
+```bash
+# Scrape new review comments
+pnpm run pr-review                        # list open PRs → interactive select
+pnpm run pr-review -- 42                  # process PR #42 directly
+pnpm run pr-review -- https://github.com/owner/repo/pull/42
+
+# Resolve handled threads + tag agents
+pnpm run pr-resolve -- 42                 # resolve all threads from last scrape
+pnpm run pr-resolve -- 42 --dry-run       # preview without mutating
+pnpm run pr-resolve -- 42 --tag-agents    # resolve + post @mention comment
+pnpm run pr-resolve -- 42 --tag-agents --comment "Fixed in abc123"
+pnpm run pr-resolve -- 42 --unresolve     # re-open threads if needed
+```
+
+## Output files
+
+| File | Description |
+|------|-------------|
+| `pr-reviews/new-<timestamp>.md` | New comments only since last run |
+| `pr-reviews/.scraped-ids.json` | Persistent ID cache — commit this file |
+| `pr-reviews/.threads-<pr>.json` | Thread IDs for `pr-resolve` — auto-generated |
+
+## What gets filtered (pr-review)
+
+| Case | Detection | Behaviour |
+|------|-----------|-----------|
+| Already-seen comment | ID in `.scraped-ids.json` | Silently skipped |
+| Resolved thread | GraphQL `isResolved: true` | Skipped + ID cached |
+| Bot comment | Author ends in `[bot]` or matches `KNOWN_BOTS` | Skipped + ID cached |
+
+## What gets annotated (pr-review)
+
+| Case | Detection | Output annotation |
+|------|-----------|-------------------|
+| Outdated thread | GraphQL `isOutdated: true` | `### ⚠️ OUTDATED / SUPERSEDED` |
+| Suggested change | ` ```suggestion ` block in body | ` ```diff ` with `+` lines |
+| File context | Thread `path` field | `### 📄 File: \`path/to/file.ts\`` |
+| Thread ID | First comment of each thread | `<!-- thread-id: PRRT_xxx -->` |
+
+## Iterative agent workflow
+
+```
+1. pnpm run pr-review -- <PR number>
+2. Agent reads pr-reviews/new-<timestamp>.md
+3. Agent implements fixes, commits, pushes
+4. pnpm run pr-resolve -- <PR number> --tag-agents
+   → Resolves handled threads via GraphQL
+   → Posts comment tagging AI agents for re-review
+5. Repeat from step 1 — only new reviewer replies appear
+```
+
+## Config (.pr-prism.json in repo root)
+
+```json
+{
+  "agentMentions": ["cubic-dev-ai", "coderabbitai"]
+}
+```
+
+Overrides `DEFAULT_AGENT_MENTIONS` in `resolve-pr-threads.ts` without editing source.

package/llms.txt

@@ -0,0 +1,80 @@
+# pr-prism
+
+> Filter the noise. Focus on what matters.
+
+Stateful GitHub PR review scraper for AI agent workflows. Fetches review comments via the GitHub GraphQL API, filters bots and noise, emits only new/unresolved comments — once per ID, forever cached. After fixes are pushed, resolves threads and tags AI agents for re-review.
+
+## Commands
+
+- `pnpm run pr-review` — detect repo, list open PRs, interactive select
+- `pnpm run pr-review -- 42` — process PR #42 directly (non-interactive)
+- `pnpm run pr-review -- <url>` — process by full GitHub PR URL
+- `pnpm run pr-resolve` — resolve threads from latest sidecar (auto-runs pr-review if missing)
+- `pnpm run pr-resolve -- 42` — explicit PR number
+- `pnpm run pr-resolve -- 42 --dry-run` — preview without mutating
+- `pnpm run pr-resolve -- 42 --tag-agents` — resolve + post @mention comment
+- `pnpm run pr-resolve -- 42 --tag-agents --comment "Fixed in abc123"` — custom message
+- `pnpm run pr-resolve -- 42 --unresolve` — re-open resolved threads
+
+## Output Files
+
+- `pr-reviews/new-<timestamp>.md` — new actionable comments since last run
+- `pr-reviews/.scraped-ids.json` — persistent ID cache (commit this file)
+- `pr-reviews/.threads-<pr>.json` — thread IDs consumed by pr-resolve
+
+## Comment Format (in output markdown)
+
+Each comment header includes visible IDs for LLM reference:
+
+```
+## 💬 **author** · thread `PRRT_xxx` · `#databaseId`   ← first comment of an inline thread
+## 💬 **author** · `#databaseId`                        ← subsequent comments / general comments
+```
+
+## What Gets Filtered
+
+- Already-seen comment IDs (in `.scraped-ids.json`) — silently skipped
+- Resolved threads (`isResolved: true`) — skipped and cached
+- Bot authors (ending in `[bot]` or matching `KNOWN_BOTS`) — skipped and cached
+- Outdated threads (`isOutdated: true`) — shown with `### ⚠️ OUTDATED / SUPERSEDED`
+- Social sharing links (Twitter, Reddit, LinkedIn, CodeAnt) — stripped from body
+
+## Config (`.pr-prism.json` in repo root)
+
+Create this file to customise behaviour without editing source:
+
+```json
+{
+  "agentMentions": ["cubic-dev-ai", "coderabbitai"]
+}
+```
+
+`agentMentions` — list of GitHub handles (without `@`) tagged in the post-resolve comment. Defaults to `["cubic-dev-ai"]`.
+
+## The AI Agent Loop
+
+```
+1. pnpm run pr-review -- <PR number>
+        → pr-reviews/new-<timestamp>.md   (new comments only)
+        → pr-reviews/.threads-<pr>.json   (thread IDs for resolve)
+
+2. Agent reads markdown, implements fixes, commits, pushes
+
+3. pnpm run pr-resolve -- <PR number> --tag-agents
+        → Resolves all handled threads via GitHub GraphQL
+        → Posts: "All feedback addressed. @cubic-dev-ai please re-review."
+
+4. Repeat — only new reviewer replies appear
+```
+
+## Requirements
+
+- Node.js ≥ 20
+- gh CLI authenticated (`gh auth login`)
+
+## Source
+
+- [README](./README.md) — full documentation
+- [scripts/scrape-pr-reviews.ts](./scripts/scrape-pr-reviews.ts) — scraper
+- [scripts/resolve-pr-threads.ts](./scripts/resolve-pr-threads.ts) — resolver
+- [agents/scrape-pr-reviews.md](./agents/scrape-pr-reviews.md) — agent skill reference

package/package.json

@@ -0,0 +1,23 @@
+{
+  "name": "pr-prism",
+  "version": "1.0.5",
+  "description": "Stateful GitHub PR review scraper for AI agents — filter noise, cache seen comments, deliver signal",
+  "type": "module",
+  "scripts": {
+    "pr-review": "tsx scripts/scrape-pr-reviews.ts",
+    "pr-resolve": "tsx scripts/resolve-pr-threads.ts",
+    "typecheck": "tsc --noEmit"
+  },
+  "devDependencies": {
+    "@types/node": "^20.10.6",
+    "@types/prompts": "^2.4.9",
+    "prompts": "^2.4.2",
+    "tsx": "^4.7.0",
+    "typescript": "^5.3.3"
+  },
+  "engines": {
+    "node": ">=20.0.0"
+  },
+  "packageManager": "pnpm@9.15.0",
+  "license": "MIT"
+}

package/scripts/resolve-pr-threads.ts

@@ -0,0 +1,143 @@
+#!/usr/bin/env tsx
+/*
+ * Resolve (or unresolve) PR review threads and optionally tag AI agents.
+ * Reads the sidecar .threads-<prNumber>.json written by pr-review.
+ *
+ * USAGE
+ *   pnpm run pr-resolve                        — latest .threads-*.json
+ *   pnpm run pr-resolve -- 42                  — explicit PR number
+ *   pnpm run pr-resolve -- 42 --dry-run        — preview without mutating
+ *   pnpm run pr-resolve -- 42 --tag-agents     — resolve + post @mention comment
+ *   pnpm run pr-resolve -- 42 --tag-agents --comment "Fixed in abc123"
+ *   pnpm run pr-resolve -- 42 --unresolve      — re-open resolved threads
+ *
+ * CONFIG  (.pr-prism.json in repo root)
+ *   { "agentMentions": ["cubic-dev-ai", "coderabbitai"] }
+ */
+
+import { execSync, spawnSync } from "node:child_process";
+import { readFileSync, writeFileSync, existsSync, readdirSync, unlinkSync } from "node:fs";
+import { join } from "node:path";
+import { tmpdir } from "node:os";
+
+const OUT_DIR = "pr-reviews";
+const CONFIG_FILE = ".pr-prism.json";
+const DEFAULT_AGENT_MENTIONS = ["cubic-dev-ai"];
+
+interface ThreadsSidecar { prNumber: number; owner: string; repo: string; threadIds: string[]; }
+interface PrPrismConfig { agentMentions?: string[]; }
+
+function run(cmd: string): string {
+  return execSync(cmd, { encoding: "utf-8", stdio: "pipe" }).trim();
+}
+
+function loadConfig(): PrPrismConfig {
+  if (!existsSync(CONFIG_FILE)) return {};
+  try { return JSON.parse(readFileSync(CONFIG_FILE, "utf-8")) as PrPrismConfig; } catch { return {}; }
+}
+
+function runScrape(prNumber: number | null): void {
+  const args = ["scripts/scrape-pr-reviews.ts"];
+  if (prNumber !== null) args.push(String(prNumber));
+  const result = spawnSync(join("node_modules", ".bin", "tsx"), args, { stdio: "inherit" });
+  if (result.status !== 0) process.exit(result.status ?? 1);
+}
+
+function findSidecar(prNumber: number | null): string | null {
+  if (!existsSync(OUT_DIR)) return null;
+  if (prNumber !== null) {
+    const f = join(OUT_DIR, `.threads-${prNumber}.json`);
+    return existsSync(f) ? f : null;
+  }
+  const files = readdirSync(OUT_DIR)
+    .filter((f) => f.startsWith(".threads-") && f.endsWith(".json"))
+    .sort()
+    .reverse();
+  return files.length > 0 ? join(OUT_DIR, files[0]) : null;
+}
+
+function mutateThread(threadId: string, unresolve: boolean): boolean {
+  const mutation = unresolve
+    ? `mutation($id:ID!){unresolveReviewThread(input:{threadId:$id}){thread{isResolved}}}`
+    : `mutation($id:ID!){resolveReviewThread(input:{threadId:$id}){thread{isResolved}}}`;
+  const reqFile = join(tmpdir(), ".pr-resolve-req.json");
+  writeFileSync(reqFile, JSON.stringify({ query: mutation, variables: { id: threadId } }), "utf-8");
+  try {
+    const result = JSON.parse(run(`gh api https://api.github.com/graphql --input ${reqFile}`));
+    const key = unresolve ? "unresolveReviewThread" : "resolveReviewThread";
+    return result.data?.[key]?.thread != null;
+  } catch {
+    return false;
+  } finally {
+    unlinkSync(reqFile);
+  }
+}
+
+function postComment(prNumber: number, owner: string, repo: string, message: string): void {
+  const bodyFile = join(tmpdir(), ".pr-comment-body.txt");
+  writeFileSync(bodyFile, message, "utf-8");
+  try {
+    run(`gh pr comment ${prNumber} --repo ${owner}/${repo} --body-file ${bodyFile}`);
+  } finally {
+    unlinkSync(bodyFile);
+  }
+}
+
+async function main(): Promise<void> {
+  const args = process.argv.slice(2);
+  const isDryRun = args.includes("--dry-run");
+  const isUnresolve = args.includes("--unresolve");
+  const shouldTag = args.includes("--tag-agents");
+  const commentIdx = args.indexOf("--comment");
+  const customComment = commentIdx !== -1 ? args[commentIdx + 1] : null;
+  const prArg = args.find((a) => /^\d+$/.test(a));
+  const prNumber = prArg != null ? parseInt(prArg, 10) : null;
+
+  let sidecarPath = findSidecar(prNumber);
+  if (!sidecarPath) {
+    console.log("\n⚡ No sidecar found — running pr-review to generate it…\n");
+    runScrape(prNumber);
+    sidecarPath = findSidecar(prNumber);
+    if (!sidecarPath) {
+      console.log("ℹ️  pr-review ran but found no inline review threads to resolve.");
+      process.exit(0);
+    }
+  }
+
+  const sidecar = JSON.parse(readFileSync(sidecarPath, "utf-8")) as ThreadsSidecar;
+  const { threadIds, owner, repo } = sidecar;
+  const resolvedPr = sidecar.prNumber;
+  const action = isUnresolve ? "Unresolve" : "Resolve";
+
+  console.log(`\n${action} ${threadIds.length} thread(s) in ${owner}/${repo} #${resolvedPr}${isDryRun ? " [DRY RUN]" : ""}\n`);
+
+  let ok = 0;
+  let failed = 0;
+
+  for (const id of threadIds) {
+    if (isDryRun) {
+      console.log(`  [dry-run] would ${action.toLowerCase()} ${id}`);
+      ok++;
+      continue;
+    }
+    if (mutateThread(id, isUnresolve)) {
+      console.log(`  ✅ ${id}`);
+      ok++;
+    } else {
+      console.log(`  ⚠️  ${id} — already ${action.toLowerCase()}d or failed`);
+      failed++;
+    }
+  }
+
+  console.log(`\n${ok} ${action.toLowerCase()}d${failed > 0 ? `, ${failed} skipped` : ""}`);
+
+  if (shouldTag && !isDryRun) {
+    const config = loadConfig();
+    const mentions = (config.agentMentions ?? DEFAULT_AGENT_MENTIONS).map((a) => `@${a}`).join(" ");
+    const message = customComment ?? `All feedback addressed. ${mentions} please re-review.`;
+    postComment(resolvedPr, owner, repo, message);
+    console.log(`\n💬 Posted: "${message}"`);
+  }
+}
+
+main().catch((err: unknown) => { console.error((err as Error).message); process.exit(1); });

package/scripts/scrape-pr-reviews.ts

@@ -0,0 +1,213 @@
+#!/usr/bin/env tsx
+/*
+ * PR review scraper — auto-detects repo, lists open PRs, processes selected PR.
+ *
+ * REQUIRES: gh CLI authenticated (gh auth login)
+ * FEATURES: ID cache · resolved/outdated skip · bot filter · suggested diff · file path
+ *
+ * USAGE
+ *   pnpm run pr-review              — detect repo, list open PRs, interactive select
+ *   pnpm run pr-review -- 42        — detect repo, process PR #42 directly
+ *   pnpm run pr-review -- <url>     — process by full GitHub PR URL
+ *
+ * OUTPUT
+ *   pr-reviews/new-<timestamp>.md         — new comments only since last run
+ *   pr-reviews/.scraped-ids.json          — persistent ID cache (commit this file)
+ *   pr-reviews/.threads-<prNumber>.json   — thread IDs for pr-resolve
+ */
+
+import { execSync } from "node:child_process";
+import { writeFileSync, readFileSync, existsSync, mkdirSync, unlinkSync } from "node:fs";
+import { join } from "node:path";
+import { tmpdir } from "node:os";
+import prompts from "prompts";
+
+const KNOWN_BOTS = ["github-actions", "dependabot", "coderabbitai", "changeset-bot", "codeantai"];
+const OUT_DIR = "pr-reviews";
+const CACHE_FILE = join(OUT_DIR, ".scraped-ids.json");
+
+const GRAPHQL_QUERY = `
+query($owner: String!, $repo: String!, $prNumber: Int!) {
+  repository(owner: $owner, name: $repo) {
+    pullRequest(number: $prNumber) {
+      reviewThreads(first: 100) {
+        nodes {
+          id isResolved isOutdated
+          comments(first: 20) {
+            nodes { databaseId author { login } body path }
+          }
+        }
+      }
+      reviews(first: 50) {
+        nodes { databaseId author { login } body state }
+      }
+      comments(first: 100) {
+        nodes { databaseId author { login } body }
+      }
+    }
+  }
+}`.trim();
+
+interface GhComment { databaseId: number; author: { login: string }; body: string; path?: string; state?: string; }
+interface ReviewThread { id: string; isResolved: boolean; isOutdated: boolean; comments: { nodes: GhComment[] }; }
+interface ThreadsSidecar { prNumber: number; owner: string; repo: string; threadIds: string[]; }
+interface PrPayload { data: { repository: { pullRequest: { reviewThreads: { nodes: ReviewThread[] }; reviews: { nodes: GhComment[] }; comments: { nodes: GhComment[] }; }; }; }; }
+interface PrListItem { number: number; title: string; author: { login: string }; }
+interface IdCache { seen: string[]; }
+
+function run(cmd: string): string {
+  return execSync(cmd, { encoding: "utf-8", stdio: "pipe" }).trim();
+}
+
+function detectRepo(): { owner: string; repo: string } {
+  try {
+    const remote = run("git remote get-url origin");
+    const m = remote.match(/github\.com[:/]([^/]+)\/([^/\s.]+)/);
+    if (!m) throw new Error();
+    return { owner: m[1], repo: m[2].replace(/\.git$/, "") };
+  } catch {
+    console.error("❌ Could not detect GitHub repo. Run from a GitHub repo or pass a URL.");
+    process.exit(1);
+  }
+}
+
+function parsePrUrl(url: string): { owner: string; repo: string; prNumber: number } {
+  const m = url.match(/github\.com\/([^/]+)\/([^/]+)\/pull\/(\d+)/);
+  if (!m) { console.error(`❌ Invalid GitHub PR URL: ${url}`); process.exit(1); }
+  return { owner: m[1], repo: m[2], prNumber: parseInt(m[3], 10) };
+}
+
+function listOpenPrs(owner: string, repo: string): PrListItem[] {
+  const out = run(`gh pr list --repo ${owner}/${repo} --state open --json number,title,author --limit 50`);
+  return JSON.parse(out) as PrListItem[];
+}
+
+async function selectPr(prs: PrListItem[]): Promise<number> {
+  if (prs.length === 0) { console.log("No open PRs found."); process.exit(0); }
+  const { value } = await prompts({
+    type: "select",
+    name: "value",
+    message: "Select a PR:",
+    choices: prs.map((p) => ({ title: `#${p.number}  ${p.title}  (${p.author.login})`, value: p.number })),
+  });
+  if (value === undefined) process.exit(0);
+  return value as number;
+}
+
+function fetchPr(owner: string, repo: string, prNumber: number): PrPayload {
+  const reqFile = join(tmpdir(), ".pr-review-req.json");
+  writeFileSync(reqFile, JSON.stringify({ query: GRAPHQL_QUERY, variables: { owner, repo, prNumber } }), "utf-8");
+  try {
+    return JSON.parse(run(`gh api https://api.github.com/graphql --input ${reqFile}`)) as PrPayload;
+  } catch (err) {
+    console.error("❌ gh API failed. Is gh authenticated? Run: gh auth login");
+    console.error((err as Error).message);
+    process.exit(1);
+  } finally {
+    unlinkSync(reqFile);
+  }
+}
+
+function loadCache(): Set<string> {
+  if (!existsSync(CACHE_FILE)) return new Set();
+  try { return new Set((JSON.parse(readFileSync(CACHE_FILE, "utf-8")) as IdCache).seen); } catch { return new Set(); }
+}
+function saveCache(seen: Set<string>): void { writeFileSync(CACHE_FILE, JSON.stringify({ seen: [...seen] }, null, 2), "utf-8"); }
+function isBot(login: string): boolean { const l = login.toLowerCase(); return l.endsWith("[bot]") || KNOWN_BOTS.some((b) => l.includes(b)); }
+
+const NOISE_DOMAINS = [
+  "twitter.com/intent", "x.com/intent",
+  "reddit.com/submit",
+  "linkedin.com/sharing",
+  "app.codeant.ai", "codeant.ai/feedback",
+];
+
+function stripNoise(body: string): string {
+  return body
+    .replace(/<a\s[^>]*href=['"]([^'"]+)['"][^>]*>[\s\S]*?<\/a>/gi, (match, url: string) =>
+      NOISE_DOMAINS.some((d) => url.includes(d)) ? "" : match,
+    )
+    .replace(/\[([^\]]*)\]\((https?:\/\/[^)]+)\)/g, (match, _text, url: string) =>
+      NOISE_DOMAINS.some((d) => url.includes(d)) ? "" : match,
+    )
+    .replace(/^[\s·|—\-]+$/gm, "")
+    .replace(/\n{3,}/g, "\n\n")
+    .trim();
+}
+
+function renderSuggestions(body: string): string {
+  return body.replace(/```suggestion\n([\s\S]*?)```/g, (_, code: string) => {
+    const lines = code.trimEnd().split("\n").map((l: string) => `+ ${l}`).join("\n");
+    return `\n**SUGGESTED CHANGE:**\n\`\`\`diff\n${lines}\n\`\`\`\n`;
+  });
+}
+
+function appendComment(out: string, c: GhComment, prefix: string, threadId?: string): string {
+  const body = renderSuggestions(stripNoise(c.body)).trim();
+  if (!body) return out;
+  const meta = threadId
+    ? `thread \`${threadId}\` · \`#${c.databaseId}\``
+    : `\`#${c.databaseId}\``;
+  return out + prefix + `## 💬 **${c.author.login}** · ${meta}\n\n${body}\n\n---\n\n`;
+}
+
+async function main(): Promise<void> {
+  const arg = process.argv[2];
+  let owner: string, repo: string, prNumber: number;
+
+  if (arg?.startsWith("http")) {
+    ({ owner, repo, prNumber } = parsePrUrl(arg));
+  } else if (arg && /^\d+$/.test(arg)) {
+    ({ owner, repo } = detectRepo());
+    prNumber = parseInt(arg, 10);
+  } else {
+    ({ owner, repo } = detectRepo());
+    const prs = listOpenPrs(owner, repo);
+    console.log(`\nFound ${prs.length} open PR(s) in ${owner}/${repo}\n`);
+    prNumber = await selectPr(prs);
+  }
+
+  console.log(`\nFetching PR #${prNumber} from ${owner}/${repo}…`);
+  const pr = fetchPr(owner, repo, prNumber).data.repository.pullRequest;
+
+  mkdirSync(OUT_DIR, { recursive: true });
+  const cache = loadCache();
+  let output = `# PR Review — ${owner}/${repo} #${prNumber}\n\n`;
+  let count = 0;
+  const emittedThreadIds: string[] = [];
+
+  for (const thread of pr.reviewThreads.nodes) {
+    let firstInThread = true;
+    for (const c of thread.comments.nodes) {
+      const key = String(c.databaseId);
+      if (thread.isResolved || isBot(c.author.login)) { cache.add(key); continue; }
+      if (cache.has(key)) continue;
+      const filePrefix = c.path ? `### 📄 File: \`${c.path}\`\n\n` : "";
+      const outdatedPrefix = thread.isOutdated ? `### ⚠️ OUTDATED / SUPERSEDED\n\n` : "";
+      output = appendComment(output, c, filePrefix + outdatedPrefix, firstInThread ? thread.id : undefined);
+      cache.add(key); count++;
+      if (firstInThread) { emittedThreadIds.push(thread.id); firstInThread = false; }
+    }
+  }
+
+  for (const c of [...pr.reviews.nodes, ...pr.comments.nodes]) {
+    const key = String(c.databaseId);
+    if (isBot(c.author.login) || !c.body.trim()) { cache.add(key); continue; }
+    if (cache.has(key)) continue;
+    output = appendComment(output, c, "");
+    cache.add(key); count++;
+  }
+
+  saveCache(cache);
+  const outFile = join(OUT_DIR, `new-${new Date().toISOString().replace(/[:.]/g, "-")}.md`);
+  writeFileSync(outFile, output, "utf-8");
+
+  if (emittedThreadIds.length > 0) {
+    const sidecar: ThreadsSidecar = { prNumber, owner, repo, threadIds: emittedThreadIds };
+    writeFileSync(join(OUT_DIR, `.threads-${prNumber}.json`), JSON.stringify(sidecar, null, 2), "utf-8");
+  }
+
+  console.log(count > 0 ? `\n✅ ${count} new comment(s) → ${outFile}` : `\n✅ No new comments since last run. → ${outFile}`);
+}
+
+main().catch((err: unknown) => { console.error((err as Error).message); process.exit(1); });

package/tsconfig.json

@@ -0,0 +1,15 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "NodeNext",
+    "moduleResolution": "NodeNext",
+    "lib": ["ES2022"],
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "resolveJsonModule": true
+  },
+  "include": ["scripts/**/*"],
+  "exclude": ["node_modules"]
+}