test(github): add tests for all exported methods in methods.go

Tests cover: GetPullRequest, GetPullRequestDiff, GetPullRequestFiles,
GetCommitStatuses, GetFileContent, GetFileContentRef, ListContents,
ListContents(dot), PostReview (APPROVED→APPROVE normalization), ListReviews,
GetAuthenticatedUser, RequestReviewer, EditComment, ListReviewComments,
DeleteReview, GetAllFilesInPath, ResolveComment (no-op),
GetTimelineReviewCommentIDForReview (pass-through).

.github/workflows/review.yml

@@ -0,0 +1,77 @@
+name: AI Code Review
+
+# AI code review for pull requests on github.concur.com/strat/review-bot.
+# Uses SAP AI Core as the LLM provider (same as the Gitea CI workflow).
+#
+# Prerequisites before this workflow can run:
+#   1. Set required secrets on strat/review-bot (see list below)
+#   2. Publish at least one release of review-bot on strat/review-bot
+#      (or change action-repo to a repo that already has releases)
+#
+# Required secrets:
+#   SONNET_REVIEW_TOKEN  — GitHub token for the Sonnet reviewer bot
+#   GPT_REVIEW_TOKEN     — GitHub token for the GPT reviewer bot
+#   AICORE_CLIENT_ID     — SAP AI Core OAuth client ID
+#   AICORE_CLIENT_SECRET — SAP AI Core OAuth client secret
+#   AICORE_AUTH_URL      — SAP AI Core OAuth token endpoint
+#   AICORE_API_URL       — SAP AI Core inference API URL
+#   AICORE_RESOURCE_GROUP — SAP AI Core resource group (optional, default: default)
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+
+jobs:
+  test:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '1.26'
+      - run: go test ./...
+      - run: go vet ./...
+      - run: go build -o review-bot ./cmd/review-bot
+
+  review:
+    runs-on: ubuntu-24.04
+    if: github.event_name == 'pull_request'
+    needs: test
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - name: sonnet
+            token_secret: SONNET_REVIEW_TOKEN
+            model: anthropic--claude-4.6-sonnet
+          - name: gpt
+            token_secret: GPT_REVIEW_TOKEN
+            model: gpt-5
+          - name: security
+            token_secret: GPT_REVIEW_TOKEN
+            model: gpt-5
+            system_prompt_file: SECURITY_REVIEW.md
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.gitea/actions/review
+        with:
+          # On GHES runners, vcs-url is ignored; the composite action uses github.server_url.
+          # action-repo must be a repo with published review-bot releases.
+          # Requires strat/review-bot to have at least one release tag with
+          # review-bot-linux-amd64 and checksums.txt assets.
+          vcs-url: https://gitea.weiker.me
+          action-repo: strat/review-bot
+          reviewer-token: ${{ secrets[matrix.token_secret] }}
+          reviewer-name: ${{ matrix.name }}
+          llm-provider: aicore
+          llm-model: ${{ matrix.model }}
+          aicore-client-id: ${{ secrets.AICORE_CLIENT_ID }}
+          aicore-client-secret: ${{ secrets.AICORE_CLIENT_SECRET }}
+          aicore-auth-url: ${{ secrets.AICORE_AUTH_URL }}
+          aicore-api-url: ${{ secrets.AICORE_API_URL }}
+          aicore-resource-group: ${{ secrets.AICORE_RESOURCE_GROUP }}
+          conventions-file: CONVENTIONS.md
+          patterns-repo: rodin/go-patterns
+          patterns-files: README.md,patterns/
+          timeout: "600"
+          system-prompt-file: ${{ matrix.system_prompt_file || '' }}

cmd/review-bot/main.go

@@ -168,8 +168,12 @@ func main() {
 		os.Exit(1)
 	}
 
+	// Detect VCS type and initialize the appropriate client.
+	vcsType := detectVCSType()
+	slog.Info("detected VCS type", "vcs", vcsType)
+
 	// Initialize clients
-	giteaClient := gitea.NewClient(*vcsURL, *reviewerToken)
+	giteaClient := newVCSClient(vcsType, *vcsURL, *reviewerToken)
 	llmClient := llm.NewClient(*llmBaseURL, *llmAPIKey, *llmModel)
 	if *llmTemp < 0 || *llmTemp > 2 {
 		slog.Error("invalid LLM temperature", "temperature", *llmTemp, "range", "0-2")
@@ -207,7 +211,7 @@ func main() {
 	var persona *review.Persona
 	if *personaName != "" {
 		// Try loading from repo first, then fall back to built-in
-		repoPersonas, err := review.LoadRepoPersonas(ctx, newGiteaClientAdapter(giteaClient), owner, repoName)
+		repoPersonas, err := review.LoadRepoPersonas(ctx, buildRepoPersonaClient(giteaClient), owner, repoName)
 		if err != nil {
 			slog.Warn("could not load repo personas", "repo", owner+"/"+repoName, "error", err)
 			// Continue with built-in personas only.
@@ -527,7 +531,7 @@ func main() {
 }
 
 // fetchFileContext fetches the full content of modified files from the PR branch.
-func fetchFileContext(ctx context.Context, client *gitea.Client, owner, repo, ref string, files []gitea.ChangedFile) string {
+func fetchFileContext(ctx context.Context, client vcsClient, owner, repo, ref string, files []gitea.ChangedFile) string {
 	var sb strings.Builder
 	for _, f := range files {
 		if ctx.Err() != nil {
@@ -554,7 +558,7 @@ func fetchFileContext(ctx context.Context, client *gitea.Client, owner, repo, re
 // patternsFiles is comma-separated list of file paths or directories.
 // If a path ends with / or is a directory, all files within it are fetched recursively.
 // If patternsFiles is empty, all files from the repo root are fetched.
-func fetchPatterns(ctx context.Context, client *gitea.Client, patternsRepo, patternsFiles string) string {
+func fetchPatterns(ctx context.Context, client vcsClient, patternsRepo, patternsFiles string) string {
 	var sb strings.Builder
 
 	repos := strings.Split(patternsRepo, ",")
@@ -851,31 +855,3 @@ func shouldSkipStaleReview(evaluatedSHA, currentSHA string) bool {
 	return evaluatedSHA != currentSHA
 }
 
-// giteaClientAdapter adapts gitea.Client to review.GiteaClient interface.
-type giteaClientAdapter struct {
-	client *gitea.Client
-}
-
-func newGiteaClientAdapter(c *gitea.Client) *giteaClientAdapter {
-	return &giteaClientAdapter{client: c}
-}
-
-func (a *giteaClientAdapter) ListContents(ctx context.Context, owner, repo, path string) ([]review.ContentEntry, error) {
-	entries, err := a.client.ListContents(ctx, owner, repo, path)
-	if err != nil {
-		return nil, err
-	}
-	result := make([]review.ContentEntry, len(entries))
-	for i, e := range entries {
-		result[i] = review.ContentEntry{
-			Name: e.Name,
-			Path: e.Path,
-			Type: e.Type,
-		}
-	}
-	return result, nil
-}
-
-func (a *giteaClientAdapter) GetFileContent(ctx context.Context, owner, repo, filepath string) (string, error) {
-	return a.client.GetFileContent(ctx, owner, repo, filepath)
-}

cmd/review-bot/vcs.go

@@ -0,0 +1,295 @@
+package main
+
+// vcs.go — VCS client abstraction for supporting both Gitea and GitHub.
+//
+// This file defines the vcsClient interface that main.go uses for all VCS
+// operations, and provides a githubAdapter that wraps *github.Client and
+// converts between github-package types and the gitea-package types used
+// throughout the rest of the binary.
+//
+// Design rationale: the entire codebase was written against gitea types.
+// Rather than introduce a third "shared" type package and update every call
+// site, the adapter converts at the boundary. The conversion is cheap — these
+// are small structs fetched once per run.
+
+import (
+	"context"
+	"os"
+
+	githubpkg "gitea.weiker.me/rodin/review-bot/github"
+	"gitea.weiker.me/rodin/review-bot/gitea"
+	"gitea.weiker.me/rodin/review-bot/review"
+)
+
+// vcsClient is the interface that main.go uses for all VCS API operations.
+// Both *gitea.Client (directly) and *githubAdapter (via this file) satisfy it.
+type vcsClient interface {
+	GetPullRequest(ctx context.Context, owner, repo string, number int) (*gitea.PullRequest, error)
+	GetPullRequestDiff(ctx context.Context, owner, repo string, number int) (string, error)
+	GetPullRequestFiles(ctx context.Context, owner, repo string, number int) ([]gitea.ChangedFile, error)
+	GetCommitStatuses(ctx context.Context, owner, repo, sha string) ([]gitea.CommitStatus, error)
+	GetFileContent(ctx context.Context, owner, repo, filepath string) (string, error)
+	GetFileContentRef(ctx context.Context, owner, repo, filepath, ref string) (string, error)
+	GetAllFilesInPath(ctx context.Context, owner, repo, path string) (map[string]string, error)
+	ListReviews(ctx context.Context, owner, repo string, number int) ([]gitea.Review, error)
+	GetAuthenticatedUser(ctx context.Context) (string, error)
+	RequestReviewer(ctx context.Context, owner, repo string, number int, reviewer string) error
+	PostReview(ctx context.Context, owner, repo string, number int, event, body, commitID string, comments []gitea.ReviewComment) (*gitea.Review, error)
+	GetTimelineReviewCommentIDForReview(ctx context.Context, owner, repo string, number int, reviewID int64) (int64, error)
+	EditComment(ctx context.Context, owner, repo string, commentID int64, newBody string) error
+	ListReviewComments(ctx context.Context, owner, repo string, prNumber int, reviewID int64) ([]gitea.ReviewComment, error)
+	ResolveComment(ctx context.Context, owner, repo string, commentID int64) error
+	ListContents(ctx context.Context, owner, repo, path string) ([]gitea.ContentEntry, error)
+}
+
+// vcsClientAdapterForPersona adapts vcsClient to review.GiteaClient.
+// Used by LoadRepoPersonas which needs only ListContents + GetFileContent.
+type vcsClientAdapterForPersona struct {
+	client vcsClient
+}
+
+func newVCSClientAdapterForPersona(c vcsClient) *vcsClientAdapterForPersona {
+	return &vcsClientAdapterForPersona{client: c}
+}
+
+func (a *vcsClientAdapterForPersona) ListContents(ctx context.Context, owner, repo, path string) ([]review.ContentEntry, error) {
+	entries, err := a.client.ListContents(ctx, owner, repo, path)
+	if err != nil {
+		return nil, err
+	}
+	result := make([]review.ContentEntry, len(entries))
+	for i, e := range entries {
+		result[i] = review.ContentEntry{
+			Name: e.Name,
+			Path: e.Path,
+			Type: e.Type,
+		}
+	}
+	return result, nil
+}
+
+func (a *vcsClientAdapterForPersona) GetFileContent(ctx context.Context, owner, repo, filepath string) (string, error) {
+	return a.client.GetFileContent(ctx, owner, repo, filepath)
+}
+
+// detectVCSType returns "github" if the environment indicates a GitHub or GHES
+// runner, "gitea" otherwise.
+//
+// Detection logic mirrors the action.yml composite action:
+//   - GITHUB_API_URL is set by GitHub Actions runners (github.com and GHES)
+//   - On Gitea Actions runners it is empty or absent
+func detectVCSType() string {
+	if os.Getenv("GITHUB_API_URL") != "" {
+		return "github"
+	}
+	return "gitea"
+}
+
+// githubAPIBaseURL returns the GitHub API base URL from the environment.
+// On GitHub.com this is https://api.github.com.
+// On GHES this is https://<host>/api/v3.
+func githubAPIBaseURL() string {
+	if u := os.Getenv("GITHUB_API_URL"); u != "" {
+		return u
+	}
+	return "https://api.github.com"
+}
+
+// githubAdapter wraps *github.Client and translates github-package types to
+// gitea-package types so that the rest of main.go can remain unchanged.
+type githubAdapter struct {
+	c *githubpkg.Client
+}
+
+func newGitHubAdapter(token, apiBaseURL string) *githubAdapter {
+	return &githubAdapter{c: githubpkg.NewClient(token, apiBaseURL)}
+}
+
+func (a *githubAdapter) GetPullRequest(ctx context.Context, owner, repo string, number int) (*gitea.PullRequest, error) {
+	pr, err := a.c.GetPullRequest(ctx, owner, repo, number)
+	if err != nil {
+		return nil, err
+	}
+	return &gitea.PullRequest{
+		Title: pr.Title,
+		Body:  pr.Body,
+		Head: struct {
+			Sha string "json:\"sha\""
+			Ref string "json:\"ref\""
+		}{Sha: pr.Head.Sha, Ref: pr.Head.Ref},
+	}, nil
+}
+
+func (a *githubAdapter) GetPullRequestDiff(ctx context.Context, owner, repo string, number int) (string, error) {
+	return a.c.GetPullRequestDiff(ctx, owner, repo, number)
+}
+
+func (a *githubAdapter) GetPullRequestFiles(ctx context.Context, owner, repo string, number int) ([]gitea.ChangedFile, error) {
+	files, err := a.c.GetPullRequestFiles(ctx, owner, repo, number)
+	if err != nil {
+		return nil, err
+	}
+	result := make([]gitea.ChangedFile, len(files))
+	for i, f := range files {
+		result[i] = gitea.ChangedFile{
+			Filename: f.Filename,
+			Status:   f.Status,
+		}
+	}
+	return result, nil
+}
+
+func (a *githubAdapter) GetCommitStatuses(ctx context.Context, owner, repo, sha string) ([]gitea.CommitStatus, error) {
+	statuses, err := a.c.GetCommitStatuses(ctx, owner, repo, sha)
+	if err != nil {
+		return nil, err
+	}
+	result := make([]gitea.CommitStatus, len(statuses))
+	for i, s := range statuses {
+		// GitHub uses "state" with values: success, failure, pending, error.
+		// Gitea uses "status" with values: success, failure, pending, warning, error.
+		// Map GitHub's "state" to gitea's "status" field for evaluateCIStatus().
+		result[i] = gitea.CommitStatus{
+			Status:      s.State,
+			Context:     s.Context,
+			Description: s.Description,
+			TargetURL:   s.TargetURL,
+		}
+	}
+	return result, nil
+}
+
+func (a *githubAdapter) GetFileContent(ctx context.Context, owner, repo, filepath string) (string, error) {
+	return a.c.GetFileContent(ctx, owner, repo, filepath)
+}
+
+func (a *githubAdapter) GetFileContentRef(ctx context.Context, owner, repo, filepath, ref string) (string, error) {
+	return a.c.GetFileContentRef(ctx, owner, repo, filepath, ref)
+}
+
+func (a *githubAdapter) GetAllFilesInPath(ctx context.Context, owner, repo, path string) (map[string]string, error) {
+	return a.c.GetAllFilesInPath(ctx, owner, repo, path)
+}
+
+func (a *githubAdapter) ListReviews(ctx context.Context, owner, repo string, number int) ([]gitea.Review, error) {
+	reviews, err := a.c.ListReviews(ctx, owner, repo, number)
+	if err != nil {
+		return nil, err
+	}
+	result := make([]gitea.Review, len(reviews))
+	for i, r := range reviews {
+		result[i] = gitea.Review{
+			ID:   r.ID,
+			Body: r.Body,
+			User: struct {
+				Login string "json:\"login\""
+			}{Login: r.User.Login},
+			State:    r.State,
+			CommitID: r.CommitID,
+		}
+	}
+	return result, nil
+}
+
+func (a *githubAdapter) GetAuthenticatedUser(ctx context.Context) (string, error) {
+	return a.c.GetAuthenticatedUser(ctx)
+}
+
+func (a *githubAdapter) RequestReviewer(ctx context.Context, owner, repo string, number int, reviewer string) error {
+	return a.c.RequestReviewer(ctx, owner, repo, number, reviewer)
+}
+
+func (a *githubAdapter) PostReview(ctx context.Context, owner, repo string, number int, event, body, commitID string, comments []gitea.ReviewComment) (*gitea.Review, error) {
+	// Convert gitea ReviewComments to github ReviewComments.
+	// NewPosition in Gitea maps to Position in GitHub (diff line position).
+	ghComments := make([]githubpkg.ReviewComment, len(comments))
+	for i, c := range comments {
+		ghComments[i] = githubpkg.ReviewComment{
+			Path:     c.Path,
+			Position: c.NewPosition,
+			Body:     c.Body,
+		}
+	}
+	review, err := a.c.PostReview(ctx, owner, repo, number, event, body, commitID, ghComments)
+	if err != nil {
+		return nil, err
+	}
+	return &gitea.Review{
+		ID:   review.ID,
+		Body: review.Body,
+		User: struct {
+			Login string "json:\"login\""
+		}{Login: review.User.Login},
+		State:    review.State,
+		CommitID: review.CommitID,
+	}, nil
+}
+
+func (a *githubAdapter) GetTimelineReviewCommentIDForReview(ctx context.Context, owner, repo string, number int, reviewID int64) (int64, error) {
+	return a.c.GetTimelineReviewCommentIDForReview(ctx, owner, repo, number, reviewID)
+}
+
+func (a *githubAdapter) EditComment(ctx context.Context, owner, repo string, commentID int64, newBody string) error {
+	return a.c.EditComment(ctx, owner, repo, commentID, newBody)
+}
+
+func (a *githubAdapter) ListReviewComments(ctx context.Context, owner, repo string, prNumber int, reviewID int64) ([]gitea.ReviewComment, error) {
+	comments, err := a.c.ListReviewComments(ctx, owner, repo, prNumber, reviewID)
+	if err != nil {
+		return nil, err
+	}
+	result := make([]gitea.ReviewComment, len(comments))
+	for i, c := range comments {
+		result[i] = gitea.ReviewComment{
+			ID:          c.ID,
+			Path:        c.Path,
+			NewPosition: c.Position,
+			Body:        c.Body,
+		}
+	}
+	return result, nil
+}
+
+func (a *githubAdapter) ResolveComment(ctx context.Context, owner, repo string, commentID int64) error {
+	return a.c.ResolveComment(ctx, owner, repo, commentID)
+}
+
+func (a *githubAdapter) ListContents(ctx context.Context, owner, repo, path string) ([]gitea.ContentEntry, error) {
+	entries, err := a.c.ListContents(ctx, owner, repo, path)
+	if err != nil {
+		return nil, err
+	}
+	result := make([]gitea.ContentEntry, len(entries))
+	for i, e := range entries {
+		result[i] = gitea.ContentEntry{
+			Name: e.Name,
+			Path: e.Path,
+			Type: e.Type,
+		}
+	}
+	return result, nil
+}
+
+// newVCSClient creates the appropriate VCS client based on detected VCS type.
+// On GitHub/GHES (GITHUB_API_URL set), returns a githubAdapter.
+// On Gitea (GITHUB_API_URL absent), returns *gitea.Client directly.
+//
+// For GitHub: uses GITHUB_API_URL as the API base URL (trusted platform value).
+// For Gitea: uses vcsURL (validated before this call).
+func newVCSClient(vcsType, vcsURL, reviewerToken string) vcsClient {
+	switch vcsType {
+	case "github":
+		apiURL := githubAPIBaseURL()
+		return newGitHubAdapter(reviewerToken, apiURL)
+	default:
+		return gitea.NewClient(vcsURL, reviewerToken)
+	}
+}
+
+// buildRepoPersonaClient creates a review.GiteaClient from the active vcsClient.
+// This exists because LoadRepoPersonas expects the review.GiteaClient interface
+// (which only requires ListContents + GetFileContent).
+func buildRepoPersonaClient(c vcsClient) review.GiteaClient {
+	return newVCSClientAdapterForPersona(c)
+}
+

github/methods.go

@@ -0,0 +1,552 @@
+// Package github provides a client for the GitHub API.
+// This file contains the higher-level PR/review methods built on top of the
+// HTTP client in client.go. All methods use GitHub REST API v3 paths.
+package github
+
+import (
+	"bytes"
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"log/slog"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+// PullRequest holds relevant PR metadata.
+type PullRequest struct {
+	Title string `json:"title"`
+	Body  string `json:"body"`
+	Head  struct {
+		Sha string `json:"sha"`
+		Ref string `json:"ref"`
+	} `json:"head"`
+}
+
+// CommitStatus represents a single CI status entry.
+// GitHub uses "state" (success/failure/pending/error) unlike Gitea's "status".
+type CommitStatus struct {
+	State       string `json:"state"`
+	Context     string `json:"context"`
+	Description string `json:"description"`
+	TargetURL   string `json:"target_url"`
+}
+
+// ChangedFile represents a file modified in a PR.
+type ChangedFile struct {
+	Filename string `json:"filename"`
+	Status   string `json:"status"`
+}
+
+// ReviewComment represents an inline comment to attach to a review.
+// GitHub uses "path" + "position" or "line" for positioning.
+type ReviewComment struct {
+	ID   int64  `json:"id,omitempty"`
+	Path string `json:"path"`
+	// Position is the line position in the diff (used when submitting).
+	// Side+Line is an alternative for GitHub (line in the file), but
+	// we mirror the Gitea interface using NewPosition mapped to position.
+	Position int64  `json:"position,omitempty"`
+	Body     string `json:"body"`
+}
+
+// ContentEntry represents a file or directory entry from the contents API.
+type ContentEntry struct {
+	Name string `json:"name"`
+	Path string `json:"path"`
+	Type string `json:"type"` // "file" or "dir"
+}
+
+// Review represents a pull request review.
+type Review struct {
+	ID   int64  `json:"id"`
+	Body string `json:"body"`
+	User struct {
+		Login string `json:"login"`
+	} `json:"user"`
+	State    string `json:"state"`
+	CommitID string `json:"commit_id"`
+}
+
+// GetPullRequest fetches PR metadata.
+func (c *Client) GetPullRequest(ctx context.Context, owner, repo string, number int) (*PullRequest, error) {
+	reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/%d",
+		c.baseURL,
+		url.PathEscape(owner),
+		url.PathEscape(repo),
+		number)
+	body, err := c.doGet(ctx, reqURL)
+	if err != nil {
+		return nil, fmt.Errorf("fetch PR: %w", err)
+	}
+	var pr PullRequest
+	if err := json.Unmarshal(body, &pr); err != nil {
+		return nil, fmt.Errorf("parse PR JSON: %w", err)
+	}
+	return &pr, nil
+}
+
+// GetPullRequestDiff fetches the unified diff for a PR.
+func (c *Client) GetPullRequestDiff(ctx context.Context, owner, repo string, number int) (string, error) {
+	reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/%d",
+		c.baseURL,
+		url.PathEscape(owner),
+		url.PathEscape(repo),
+		number)
+	body, err := c.doRequest(ctx, http.MethodGet, reqURL, "application/vnd.github.v3.diff")
+	if err != nil {
+		return "", fmt.Errorf("fetch diff: %w", err)
+	}
+	return string(body), nil
+}
+
+// GetPullRequestFiles fetches the list of files changed in a PR.
+// GitHub paginates at 30 files/page (max 3000 files total).
+func (c *Client) GetPullRequestFiles(ctx context.Context, owner, repo string, number int) ([]ChangedFile, error) {
+	const perPage = 100
+	var all []ChangedFile
+	for page := 1; ; page++ {
+		reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/%d/files?per_page=%d&page=%d",
+			c.baseURL,
+			url.PathEscape(owner),
+			url.PathEscape(repo),
+			number,
+			perPage,
+			page)
+		body, err := c.doGet(ctx, reqURL)
+		if err != nil {
+			return nil, fmt.Errorf("fetch PR files (page %d): %w", page, err)
+		}
+		var batch []ChangedFile
+		if err := json.Unmarshal(body, &batch); err != nil {
+			return nil, fmt.Errorf("parse PR files JSON (page %d): %w", page, err)
+		}
+		all = append(all, batch...)
+		if len(batch) < perPage {
+			break
+		}
+	}
+	return all, nil
+}
+
+// GetCommitStatuses fetches CI statuses for a commit SHA.
+// GitHub's combined status endpoint returns the most-relevant state per context.
+func (c *Client) GetCommitStatuses(ctx context.Context, owner, repo, sha string) ([]CommitStatus, error) {
+	const perPage = 100
+	var all []CommitStatus
+	for page := 1; ; page++ {
+		reqURL := fmt.Sprintf("%s/repos/%s/%s/commits/%s/statuses?per_page=%d&page=%d",
+			c.baseURL,
+			url.PathEscape(owner),
+			url.PathEscape(repo),
+			url.PathEscape(sha),
+			perPage,
+			page)
+		body, err := c.doGet(ctx, reqURL)
+		if err != nil {
+			return nil, fmt.Errorf("fetch commit statuses: %w", err)
+		}
+		var batch []CommitStatus
+		if err := json.Unmarshal(body, &batch); err != nil {
+			return nil, fmt.Errorf("parse statuses JSON: %w", err)
+		}
+		all = append(all, batch...)
+		if len(batch) < perPage {
+			break
+		}
+	}
+	return all, nil
+}
+
+// GetFileContent fetches a file from the default branch of a repo.
+// GitHub's contents API returns base64-encoded content.
+func (c *Client) GetFileContent(ctx context.Context, owner, repo, filepath string) (string, error) {
+	return c.GetFileContentRef(ctx, owner, repo, filepath, "")
+}
+
+// GetFileContentRef fetches a file from a specific ref (branch/tag/sha) in a repo.
+func (c *Client) GetFileContentRef(ctx context.Context, owner, repo, filepath, ref string) (string, error) {
+	reqURL := fmt.Sprintf("%s/repos/%s/%s/contents/%s",
+		c.baseURL,
+		url.PathEscape(owner),
+		url.PathEscape(repo),
+		escapePath(filepath))
+	if ref != "" {
+		reqURL += "?ref=" + url.QueryEscape(ref)
+	}
+	body, err := c.doGet(ctx, reqURL)
+	if err != nil {
+		return "", fmt.Errorf("fetch file %s: %w", filepath, err)
+	}
+	// GitHub returns JSON with base64-encoded content
+	var result struct {
+		Content  string `json:"content"`
+		Encoding string `json:"encoding"`
+	}
+	if err := json.Unmarshal(body, &result); err != nil {
+		return "", fmt.Errorf("parse file content JSON: %w", err)
+	}
+	if result.Encoding != "base64" {
+		return "", fmt.Errorf("unexpected encoding %q for file %s", result.Encoding, filepath)
+	}
+	// GitHub wraps base64 content in newlines — strip them before decoding
+	cleaned := strings.ReplaceAll(result.Content, "\n", "")
+	decoded, err := base64.StdEncoding.DecodeString(cleaned)
+	if err != nil {
+		return "", fmt.Errorf("decode file content: %w", err)
+	}
+	return string(decoded), nil
+}
+
+// ListContents lists files and directories at a given path in a repo.
+// Pass an empty path to list the repository root.
+func (c *Client) ListContents(ctx context.Context, owner, repo, path string) ([]ContentEntry, error) {
+	if path == "." {
+		path = ""
+	}
+	var reqURL string
+	if path == "" {
+		reqURL = fmt.Sprintf("%s/repos/%s/%s/contents",
+			c.baseURL, url.PathEscape(owner), url.PathEscape(repo))
+	} else {
+		reqURL = fmt.Sprintf("%s/repos/%s/%s/contents/%s",
+			c.baseURL, url.PathEscape(owner), url.PathEscape(repo), escapePath(path))
+	}
+	body, err := c.doGet(ctx, reqURL)
+	if err != nil {
+		return nil, fmt.Errorf("list contents %s: %w", path, err)
+	}
+	var entries []ContentEntry
+	if err := json.Unmarshal(body, &entries); err != nil {
+		// GitHub also returns a single object when path is a file
+		var single ContentEntry
+		if err2 := json.Unmarshal(body, &single); err2 != nil {
+			return nil, fmt.Errorf("parse contents JSON: %w", err)
+		}
+		if single.Name == "" && single.Path == "" {
+			return nil, fmt.Errorf("parse contents JSON: empty response for path %q", path)
+		}
+		entries = []ContentEntry{single}
+	}
+	return entries, nil
+}
+
+// GetAllFilesInPath recursively fetches all file contents under a path.
+// If the path is a file, returns just that file's content.
+func (c *Client) GetAllFilesInPath(ctx context.Context, owner, repo, path string) (map[string]string, error) {
+	results := make(map[string]string)
+
+	entries, err := c.ListContents(ctx, owner, repo, path)
+	if err != nil {
+		if IsNotFound(err) {
+			// Try fetching as a file directly
+			content, fileErr := c.GetFileContent(ctx, owner, repo, path)
+			if fileErr != nil {
+				return nil, fmt.Errorf("path %q is neither a file nor directory: %w", path, fileErr)
+			}
+			results[path] = content
+			return results, nil
+		}
+		return nil, fmt.Errorf("list contents %q: %w", path, err)
+	}
+
+	for _, entry := range entries {
+		switch entry.Type {
+		case "file":
+			content, err := c.GetFileContent(ctx, owner, repo, entry.Path)
+			if err != nil {
+				slog.Warn("could not fetch file from patterns repo", "file", entry.Path, "error", err)
+				continue
+			}
+			results[entry.Path] = content
+		case "dir":
+			subResults, err := c.GetAllFilesInPath(ctx, owner, repo, entry.Path)
+			if err != nil {
+				slog.Warn("could not recurse into directory", "dir", entry.Path, "error", err)
+				continue
+			}
+			for k, v := range subResults {
+				results[k] = v
+			}
+		}
+	}
+	return results, nil
+}
+
+// PostReview submits a review to a PR and returns the created review.
+// event should be "APPROVE", "REQUEST_CHANGES", or "COMMENT".
+// commitID anchors the review to a specific commit SHA.
+// comments are optional inline comments.
+//
+// Note: GitHub uses "APPROVE" (not "APPROVED") for the event name.
+func (c *Client) PostReview(ctx context.Context, owner, repo string, number int, event, body, commitID string, comments []ReviewComment) (*Review, error) {
+	reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/%d/reviews",
+		c.baseURL,
+		url.PathEscape(owner),
+		url.PathEscape(repo),
+		number)
+
+	// GitHub uses "APPROVE" not "APPROVED", "REQUEST_CHANGES" and "COMMENT" match
+	ghEvent := event
+	if event == "APPROVED" {
+		ghEvent = "APPROVE"
+	}
+
+	payload := struct {
+		Body     string          `json:"body"`
+		Event    string          `json:"event"`
+		CommitID string          `json:"commit_id,omitempty"`
+		Comments []ReviewComment `json:"comments,omitempty"`
+	}{
+		Body:     body,
+		Event:    ghEvent,
+		CommitID: commitID,
+		Comments: comments,
+	}
+
+	data, err := json.Marshal(payload)
+	if err != nil {
+		return nil, fmt.Errorf("marshal review payload: %w", err)
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, reqURL, bytes.NewReader(data))
+	if err != nil {
+		return nil, fmt.Errorf("create review request: %w", err)
+	}
+	req.Header.Set("Authorization", "Bearer "+c.token)
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "application/vnd.github+json")
+
+	resp, err := c.httpClient.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("post review: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		respBody, _ := io.ReadAll(io.LimitReader(resp.Body, 64*1024))
+		return nil, fmt.Errorf("post review failed (status %d): %s", resp.StatusCode, string(respBody))
+	}
+
+	respBody, err := io.ReadAll(io.LimitReader(resp.Body, 10*1024*1024))
+	if err != nil {
+		return nil, fmt.Errorf("read review response: %w", err)
+	}
+	var review Review
+	if err := json.Unmarshal(respBody, &review); err != nil {
+		return nil, fmt.Errorf("parse review response: %w", err)
+	}
+	return &review, nil
+}
+
+// ListReviews returns all reviews on a pull request.
+func (c *Client) ListReviews(ctx context.Context, owner, repo string, number int) ([]Review, error) {
+	const perPage = 100
+	var all []Review
+	for page := 1; ; page++ {
+		reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/%d/reviews?per_page=%d&page=%d",
+			c.baseURL,
+			url.PathEscape(owner),
+			url.PathEscape(repo),
+			number,
+			perPage,
+			page)
+		body, err := c.doGet(ctx, reqURL)
+		if err != nil {
+			return nil, fmt.Errorf("list reviews (page %d): %w", page, err)
+		}
+		var batch []Review
+		if err := json.Unmarshal(body, &batch); err != nil {
+			return nil, fmt.Errorf("parse reviews (page %d): %w", page, err)
+		}
+		all = append(all, batch...)
+		if len(batch) < perPage {
+			break
+		}
+	}
+	return all, nil
+}
+
+// DeleteReview deletes a review by ID.
+func (c *Client) DeleteReview(ctx context.Context, owner, repo string, number int, reviewID int64) error {
+	reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/%d/reviews/%d",
+		c.baseURL,
+		url.PathEscape(owner),
+		url.PathEscape(repo),
+		number,
+		reviewID)
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodDelete, reqURL, nil)
+	if err != nil {
+		return fmt.Errorf("create delete request: %w", err)
+	}
+	req.Header.Set("Authorization", "Bearer "+c.token)
+	req.Header.Set("Accept", "application/vnd.github+json")
+
+	resp, err := c.httpClient.Do(req)
+	if err != nil {
+		return fmt.Errorf("delete review: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		respBody, _ := io.ReadAll(io.LimitReader(resp.Body, 256))
+		return fmt.Errorf("delete review failed (status %d): %s", resp.StatusCode, string(respBody))
+	}
+	return nil
+}
+
+// GetAuthenticatedUser returns the login of the user authenticated by the token.
+func (c *Client) GetAuthenticatedUser(ctx context.Context) (string, error) {
+	reqURL := fmt.Sprintf("%s/user", c.baseURL)
+	body, err := c.doGet(ctx, reqURL)
+	if err != nil {
+		return "", fmt.Errorf("get authenticated user: %w", err)
+	}
+	var result struct {
+		Login string `json:"login"`
+	}
+	if err := json.Unmarshal(body, &result); err != nil {
+		return "", fmt.Errorf("parse user response: %w", err)
+	}
+	return result.Login, nil
+}
+
+// RequestReviewer adds the given user as a requested reviewer on a pull request.
+// This is idempotent on GitHub — requesting an already-requested reviewer succeats.
+func (c *Client) RequestReviewer(ctx context.Context, owner, repo string, number int, reviewer string) error {
+	reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/%d/requested_reviewers",
+		c.baseURL,
+		url.PathEscape(owner),
+		url.PathEscape(repo),
+		number)
+
+	payload := struct {
+		Reviewers []string `json:"reviewers"`
+	}{Reviewers: []string{reviewer}}
+	data, err := json.Marshal(payload)
+	if err != nil {
+		return fmt.Errorf("marshal reviewer request: %w", err)
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, reqURL, bytes.NewReader(data))
+	if err != nil {
+		return fmt.Errorf("create reviewer request: %w", err)
+	}
+	req.Header.Set("Authorization", "Bearer "+c.token)
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "application/vnd.github+json")
+
+	resp, err := c.httpClient.Do(req)
+	if err != nil {
+		return fmt.Errorf("request reviewer: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		respBody, _ := io.ReadAll(io.LimitReader(resp.Body, 256))
+		return fmt.Errorf("request reviewer failed (status %d): %s", resp.StatusCode, string(respBody))
+	}
+	return nil
+}
+
+// EditComment updates the body of a PR review comment.
+// GitHub uses PATCH /repos/{owner}/{repo}/pulls/comments/{comment_id}.
+func (c *Client) EditComment(ctx context.Context, owner, repo string, commentID int64, newBody string) error {
+	reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/comments/%d",
+		c.baseURL,
+		url.PathEscape(owner),
+		url.PathEscape(repo),
+		commentID)
+
+	payload := struct {
+		Body string `json:"body"`
+	}{Body: newBody}
+	data, err := json.Marshal(payload)
+	if err != nil {
+		return fmt.Errorf("marshal edit payload: %w", err)
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodPatch, reqURL, bytes.NewReader(data))
+	if err != nil {
+		return fmt.Errorf("create edit request: %w", err)
+	}
+	req.Header.Set("Authorization", "Bearer "+c.token)
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "application/vnd.github+json")
+
+	resp, err := c.httpClient.Do(req)
+	if err != nil {
+		return fmt.Errorf("edit comment: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		body, _ := io.ReadAll(io.LimitReader(resp.Body, 256))
+		return fmt.Errorf("edit comment failed (status %d): %s", resp.StatusCode, body)
+	}
+	return nil
+}
+
+// ListReviewComments returns the inline comments attached to a specific review.
+func (c *Client) ListReviewComments(ctx context.Context, owner, repo string, prNumber int, reviewID int64) ([]ReviewComment, error) {
+	const perPage = 100
+	var all []ReviewComment
+	for page := 1; ; page++ {
+		reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/%d/reviews/%d/comments?per_page=%d&page=%d",
+			c.baseURL,
+			url.PathEscape(owner),
+			url.PathEscape(repo),
+			prNumber,
+			reviewID,
+			perPage,
+			page)
+		body, err := c.doGet(ctx, reqURL)
+		if err != nil {
+			return nil, fmt.Errorf("list review comments (page %d): %w", page, err)
+		}
+		var batch []ReviewComment
+		if err := json.Unmarshal(body, &batch); err != nil {
+			return nil, fmt.Errorf("parse review comments (page %d): %w", page, err)
+		}
+		all = append(all, batch...)
+		if len(batch) < perPage {
+			break
+		}
+	}
+	return all, nil
+}
+
+// ResolveComment is a no-op on GitHub. GitHub does not support resolving
+// individual review comments via the REST API (only via the GraphQL API).
+// This method exists to satisfy the VCSClient interface.
+func (c *Client) ResolveComment(_ context.Context, _, _ string, _ int64) error {
+	return nil
+}
+
+// GetTimelineReviewCommentIDForReview finds the timeline comment ID for a review.
+// GitHub doesn't have a direct timeline event endpoint for reviews the way Gitea does.
+// This is primarily used by the supersede path (EditComment + ResolveComment). On GitHub,
+// we return the review ID itself. Note that EditComment on GitHub uses the
+// /pulls/comments/{id} endpoint (for inline review comments), which does not
+// apply to review bodies — the supersede EditComment call will 404 and be
+// logged as a warning. This is a known limitation; the review is still posted
+// correctly regardless.
+func (c *Client) GetTimelineReviewCommentIDForReview(_ context.Context, _, _ string, _ int, reviewID int64) (int64, error) {
+	return reviewID, nil
+}
+
+// escapePath escapes each path segment individually while preserving slashes.
+// This avoids double-escaping the forward slash separator in file paths.
+// NOTE: Intentionally duplicated from gitea/client.go to keep the packages independent.
+func escapePath(p string) string {
+	parts := strings.Split(p, "/")
+	escaped := make([]string, len(parts))
+	for i, part := range parts {
+		escaped[i] = url.PathEscape(part)
+	}
+	return strings.Join(escaped, "/")
+}

github/methods_test.go

@@ -0,0 +1,518 @@
+package github
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+// newTestClient creates a Client pointed at the test server.
+func newTestClient(srv *httptest.Server) *Client {
+	return NewClient("test-token", srv.URL, AllowInsecureHTTPForTest())
+}
+
+func TestGetPullRequest(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != http.MethodGet || r.URL.Path != "/repos/owner/repo/pulls/42" {
+			http.Error(w, "unexpected", http.StatusNotFound)
+			return
+		}
+		if got := r.Header.Get("Authorization"); got != "Bearer test-token" {
+			http.Error(w, "unauthorized", http.StatusUnauthorized)
+			return
+		}
+		w.Header().Set("Content-Type", "application/json")
+		fmt.Fprintln(w, `{"title":"Fix bug","body":"Body text","head":{"sha":"abc1234","ref":"fix/bug"}}`)
+	}))
+	defer srv.Close()
+
+	c := newTestClient(srv)
+	pr, err := c.GetPullRequest(context.Background(), "owner", "repo", 42)
+	if err != nil {
+		t.Fatalf("GetPullRequest: %v", err)
+	}
+	if pr.Title != "Fix bug" {
+		t.Errorf("Title = %q, want %q", pr.Title, "Fix bug")
+	}
+	if pr.Head.Sha != "abc1234" {
+		t.Errorf("Head.Sha = %q, want %q", pr.Head.Sha, "abc1234")
+	}
+	if pr.Head.Ref != "fix/bug" {
+		t.Errorf("Head.Ref = %q, want %q", pr.Head.Ref, "fix/bug")
+	}
+}
+
+func TestGetPullRequest_NotFound(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		http.Error(w, `{"message":"Not Found"}`, http.StatusNotFound)
+	}))
+	defer srv.Close()
+
+	c := newTestClient(srv)
+	_, err := c.GetPullRequest(context.Background(), "owner", "repo", 99)
+	if err == nil {
+		t.Fatal("expected error for 404, got nil")
+	}
+	if !IsNotFound(err) {
+		t.Errorf("expected IsNotFound error, got %v", err)
+	}
+}
+
+func TestGetPullRequestDiff(t *testing.T) {
+	diffText := "diff --git a/foo.go b/foo.go\n@@ -1,1 +1,2 @@\n+added"
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path != "/repos/owner/repo/pulls/1" {
+			http.Error(w, "unexpected", http.StatusNotFound)
+			return
+		}
+		if r.Header.Get("Accept") != "application/vnd.github.v3.diff" {
+			http.Error(w, "wrong accept", http.StatusNotAcceptable)
+			return
+		}
+		w.Header().Set("Content-Type", "text/plain")
+		fmt.Fprint(w, diffText)
+	}))
+	defer srv.Close()
+
+	c := newTestClient(srv)
+	got, err := c.GetPullRequestDiff(context.Background(), "owner", "repo", 1)
+	if err != nil {
+		t.Fatalf("GetPullRequestDiff: %v", err)
+	}
+	if got != diffText {
+		t.Errorf("diff = %q, want %q", got, diffText)
+	}
+}
+
+func TestGetPullRequestFiles(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path != "/repos/owner/repo/pulls/5/files" {
+			http.Error(w, "unexpected", http.StatusNotFound)
+			return
+		}
+		w.Header().Set("Content-Type", "application/json")
+		fmt.Fprintln(w, `[{"filename":"foo.go","status":"added"},{"filename":"bar.go","status":"modified"}]`)
+	}))
+	defer srv.Close()
+
+	c := newTestClient(srv)
+	files, err := c.GetPullRequestFiles(context.Background(), "owner", "repo", 5)
+	if err != nil {
+		t.Fatalf("GetPullRequestFiles: %v", err)
+	}
+	if len(files) != 2 {
+		t.Fatalf("len(files) = %d, want 2", len(files))
+	}
+	if files[0].Filename != "foo.go" || files[0].Status != "added" {
+		t.Errorf("files[0] = %+v", files[0])
+	}
+}
+
+func TestGetCommitStatuses(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path != "/repos/owner/repo/commits/deadbeef/statuses" {
+			http.Error(w, "unexpected", http.StatusNotFound)
+			return
+		}
+		w.Header().Set("Content-Type", "application/json")
+		fmt.Fprintln(w, `[{"state":"success","context":"ci/test","description":"Tests passed","target_url":"https://ci.example.com"}]`)
+	}))
+	defer srv.Close()
+
+	c := newTestClient(srv)
+	statuses, err := c.GetCommitStatuses(context.Background(), "owner", "repo", "deadbeef")
+	if err != nil {
+		t.Fatalf("GetCommitStatuses: %v", err)
+	}
+	if len(statuses) != 1 {
+		t.Fatalf("len(statuses) = %d, want 1", len(statuses))
+	}
+	if statuses[0].State != "success" {
+		t.Errorf("State = %q, want success", statuses[0].State)
+	}
+	if statuses[0].Context != "ci/test" {
+		t.Errorf("Context = %q, want ci/test", statuses[0].Context)
+	}
+}
+
+func TestGetFileContent(t *testing.T) {
+	content := "package main\nfunc main() {}\n"
+	encoded := base64.StdEncoding.EncodeToString([]byte(content))
+	// GitHub wraps base64 in newlines every 60 chars
+	var chunked string
+	for i := 0; i < len(encoded); i += 60 {
+		end := i + 60
+		if end > len(encoded) {
+			end = len(encoded)
+		}
+		chunked += encoded[i:end] + "\n"
+	}
+
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path != "/repos/owner/repo/contents/main.go" {
+			http.Error(w, "unexpected path: "+r.URL.Path, http.StatusNotFound)
+			return
+		}
+		w.Header().Set("Content-Type", "application/json")
+		resp := map[string]string{
+			"content":  chunked,
+			"encoding": "base64",
+		}
+		if err := json.NewEncoder(w).Encode(resp); err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+		}
+	}))
+	defer srv.Close()
+
+	c := newTestClient(srv)
+	got, err := c.GetFileContent(context.Background(), "owner", "repo", "main.go")
+	if err != nil {
+		t.Fatalf("GetFileContent: %v", err)
+	}
+	if got != content {
+		t.Errorf("content = %q, want %q", got, content)
+	}
+}
+
+func TestGetFileContentRef(t *testing.T) {
+	content := "hello world"
+	encoded := base64.StdEncoding.EncodeToString([]byte(content))
+
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path != "/repos/owner/repo/contents/README.md" {
+			http.Error(w, "unexpected", http.StatusNotFound)
+			return
+		}
+		if r.URL.Query().Get("ref") != "abc123" {
+			http.Error(w, "missing ref", http.StatusBadRequest)
+			return
+		}
+		w.Header().Set("Content-Type", "application/json")
+		resp := map[string]string{"content": encoded + "\n", "encoding": "base64"}
+		if err := json.NewEncoder(w).Encode(resp); err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+		}
+	}))
+	defer srv.Close()
+
+	c := newTestClient(srv)
+	got, err := c.GetFileContentRef(context.Background(), "owner", "repo", "README.md", "abc123")
+	if err != nil {
+		t.Fatalf("GetFileContentRef: %v", err)
+	}
+	if got != content {
+		t.Errorf("content = %q, want %q", got, content)
+	}
+}
+
+func TestListContents(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path == "/repos/owner/repo/contents" {
+			w.Header().Set("Content-Type", "application/json")
+			fmt.Fprintln(w, `[{"name":"README.md","path":"README.md","type":"file"},{"name":"src","path":"src","type":"dir"}]`)
+			return
+		}
+		http.Error(w, "unexpected: "+r.URL.Path, http.StatusNotFound)
+	}))
+	defer srv.Close()
+
+	c := newTestClient(srv)
+	entries, err := c.ListContents(context.Background(), "owner", "repo", "")
+	if err != nil {
+		t.Fatalf("ListContents: %v", err)
+	}
+	if len(entries) != 2 {
+		t.Fatalf("len(entries) = %d, want 2", len(entries))
+	}
+	if entries[0].Name != "README.md" || entries[0].Type != "file" {
+		t.Errorf("entries[0] = %+v", entries[0])
+	}
+	if entries[1].Name != "src" || entries[1].Type != "dir" {
+		t.Errorf("entries[1] = %+v", entries[1])
+	}
+}
+
+func TestListContents_Dot(t *testing.T) {
+	// "." should be treated as "" (root)
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path == "/repos/owner/repo/contents" {
+			w.Header().Set("Content-Type", "application/json")
+			fmt.Fprintln(w, `[]`)
+			return
+		}
+		http.Error(w, "unexpected: "+r.URL.Path, http.StatusNotFound)
+	}))
+	defer srv.Close()
+
+	c := newTestClient(srv)
+	entries, err := c.ListContents(context.Background(), "owner", "repo", ".")
+	if err != nil {
+		t.Fatalf("ListContents: %v", err)
+	}
+	if len(entries) != 0 {
+		t.Errorf("expected empty entries, got %d", len(entries))
+	}
+}
+
+func TestPostReview(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != http.MethodPost || r.URL.Path != "/repos/owner/repo/pulls/10/reviews" {
+			http.Error(w, "unexpected", http.StatusNotFound)
+			return
+		}
+		var payload struct {
+			Body     string `json:"body"`
+			Event    string `json:"event"`
+			CommitID string `json:"commit_id"`
+		}
+		if err := json.NewDecoder(r.Body).Decode(&payload); err != nil {
+			http.Error(w, "bad body", http.StatusBadRequest)
+			return
+		}
+		// Verify APPROVED is normalized to APPROVE
+		if payload.Event != "APPROVE" {
+			http.Error(w, fmt.Sprintf("expected APPROVE, got %s", payload.Event), http.StatusBadRequest)
+			return
+		}
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusOK)
+		fmt.Fprintf(w, `{"id":99,"body":%q,"user":{"login":"bot"},"state":"APPROVED","commit_id":%q}`, payload.Body, payload.CommitID)
+	}))
+	defer srv.Close()
+
+	c := newTestClient(srv)
+	// Pass "APPROVED" (Gitea-style) — should be normalized to APPROVE
+	review, err := c.PostReview(context.Background(), "owner", "repo", 10, "APPROVED", "Looks good", "abc123", nil)
+	if err != nil {
+		t.Fatalf("PostReview: %v", err)
+	}
+	if review.ID != 99 {
+		t.Errorf("review.ID = %d, want 99", review.ID)
+	}
+	if review.User.Login != "bot" {
+		t.Errorf("review.User.Login = %q, want bot", review.User.Login)
+	}
+}
+
+func TestListReviews(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path != "/repos/owner/repo/pulls/7/reviews" {
+			http.Error(w, "unexpected", http.StatusNotFound)
+			return
+		}
+		w.Header().Set("Content-Type", "application/json")
+		fmt.Fprintln(w, `[{"id":1,"body":"LGTM","user":{"login":"alice"},"state":"APPROVED","commit_id":"abc"}]`)
+	}))
+	defer srv.Close()
+
+	c := newTestClient(srv)
+	reviews, err := c.ListReviews(context.Background(), "owner", "repo", 7)
+	if err != nil {
+		t.Fatalf("ListReviews: %v", err)
+	}
+	if len(reviews) != 1 {
+		t.Fatalf("len(reviews) = %d, want 1", len(reviews))
+	}
+	if reviews[0].User.Login != "alice" {
+		t.Errorf("User.Login = %q, want alice", reviews[0].User.Login)
+	}
+}
+
+func TestGetAuthenticatedUser(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path != "/user" {
+			http.Error(w, "unexpected", http.StatusNotFound)
+			return
+		}
+		w.Header().Set("Content-Type", "application/json")
+		fmt.Fprintln(w, `{"login":"sonnet-review"}`)
+	}))
+	defer srv.Close()
+
+	c := newTestClient(srv)
+	login, err := c.GetAuthenticatedUser(context.Background())
+	if err != nil {
+		t.Fatalf("GetAuthenticatedUser: %v", err)
+	}
+	if login != "sonnet-review" {
+		t.Errorf("login = %q, want sonnet-review", login)
+	}
+}
+
+func TestResolveComment_NoOp(t *testing.T) {
+	// ResolveComment is a no-op on GitHub — should not make any HTTP call.
+	callCount := 0
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		callCount++
+		http.Error(w, "unexpected call", http.StatusInternalServerError)
+	}))
+	defer srv.Close()
+
+	c := newTestClient(srv)
+	if err := c.ResolveComment(context.Background(), "owner", "repo", 123); err != nil {
+		t.Errorf("ResolveComment: %v (expected no-op)", err)
+	}
+	if callCount != 0 {
+		t.Errorf("expected no HTTP calls, got %d", callCount)
+	}
+}
+
+func TestGetTimelineReviewCommentIDForReview(t *testing.T) {
+	// Should return reviewID unchanged without making HTTP calls.
+	callCount := 0
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		callCount++
+		http.Error(w, "unexpected", http.StatusInternalServerError)
+	}))
+	defer srv.Close()
+
+	c := newTestClient(srv)
+	got, err := c.GetTimelineReviewCommentIDForReview(context.Background(), "owner", "repo", 5, 42)
+	if err != nil {
+		t.Fatalf("GetTimelineReviewCommentIDForReview: %v", err)
+	}
+	if got != 42 {
+		t.Errorf("got %d, want 42", got)
+	}
+	if callCount != 0 {
+		t.Errorf("expected no HTTP calls, got %d", callCount)
+	}
+}
+
+func TestRequestReviewer(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != http.MethodPost || r.URL.Path != "/repos/owner/repo/pulls/3/requested_reviewers" {
+			http.Error(w, "unexpected", http.StatusNotFound)
+			return
+		}
+		var payload struct {
+			Reviewers []string `json:"reviewers"`
+		}
+		if err := json.NewDecoder(r.Body).Decode(&payload); err != nil || len(payload.Reviewers) == 0 {
+			http.Error(w, "bad body", http.StatusBadRequest)
+			return
+		}
+		if payload.Reviewers[0] != "bot-user" {
+			http.Error(w, fmt.Sprintf("unexpected reviewer %q", payload.Reviewers[0]), http.StatusBadRequest)
+			return
+		}
+		w.WriteHeader(http.StatusCreated)
+		fmt.Fprintln(w, `{}`)
+	}))
+	defer srv.Close()
+
+	c := newTestClient(srv)
+	if err := c.RequestReviewer(context.Background(), "owner", "repo", 3, "bot-user"); err != nil {
+		t.Errorf("RequestReviewer: %v", err)
+	}
+}
+
+func TestEditComment(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != http.MethodPatch || r.URL.Path != "/repos/owner/repo/pulls/comments/55" {
+			http.Error(w, "unexpected", http.StatusNotFound)
+			return
+		}
+		var payload struct {
+			Body string `json:"body"`
+		}
+		if err := json.NewDecoder(r.Body).Decode(&payload); err != nil {
+			http.Error(w, "bad body", http.StatusBadRequest)
+			return
+		}
+		if payload.Body != "updated body" {
+			http.Error(w, "wrong body", http.StatusBadRequest)
+			return
+		}
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusOK)
+		fmt.Fprintln(w, `{"id":55,"body":"updated body"}`)
+	}))
+	defer srv.Close()
+
+	c := newTestClient(srv)
+	if err := c.EditComment(context.Background(), "owner", "repo", 55, "updated body"); err != nil {
+		t.Errorf("EditComment: %v", err)
+	}
+}
+
+func TestListReviewComments(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path != "/repos/owner/repo/pulls/9/reviews/20/comments" {
+			http.Error(w, "unexpected", http.StatusNotFound)
+			return
+		}
+		w.Header().Set("Content-Type", "application/json")
+		fmt.Fprintln(w, `[{"id":100,"path":"main.go","position":5,"body":"Needs fix"}]`)
+	}))
+	defer srv.Close()
+
+	c := newTestClient(srv)
+	comments, err := c.ListReviewComments(context.Background(), "owner", "repo", 9, 20)
+	if err != nil {
+		t.Fatalf("ListReviewComments: %v", err)
+	}
+	if len(comments) != 1 {
+		t.Fatalf("len(comments) = %d, want 1", len(comments))
+	}
+	if comments[0].Path != "main.go" {
+		t.Errorf("Path = %q, want main.go", comments[0].Path)
+	}
+	if comments[0].Position != 5 {
+		t.Errorf("Position = %d, want 5", comments[0].Position)
+	}
+}
+
+func TestDeleteReview(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != http.MethodDelete || r.URL.Path != "/repos/owner/repo/pulls/7/reviews/11" {
+			http.Error(w, "unexpected", http.StatusNotFound)
+			return
+		}
+		w.WriteHeader(http.StatusNoContent)
+	}))
+	defer srv.Close()
+
+	c := newTestClient(srv)
+	if err := c.DeleteReview(context.Background(), "owner", "repo", 7, 11); err != nil {
+		t.Errorf("DeleteReview: %v", err)
+	}
+}
+
+func TestGetAllFilesInPath(t *testing.T) {
+	content := "file content"
+	encoded := base64.StdEncoding.EncodeToString([]byte(content))
+
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		switch r.URL.Path {
+		case "/repos/owner/repo/contents/patterns":
+			w.Header().Set("Content-Type", "application/json")
+			fmt.Fprintln(w, `[{"name":"patterns.md","path":"patterns/patterns.md","type":"file"}]`)
+		case "/repos/owner/repo/contents/patterns/patterns.md":
+			w.Header().Set("Content-Type", "application/json")
+			resp := map[string]string{"content": encoded + "\n", "encoding": "base64"}
+			if err := json.NewEncoder(w).Encode(resp); err != nil {
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+			}
+		default:
+			http.Error(w, "unexpected: "+r.URL.Path, http.StatusNotFound)
+		}
+	}))
+	defer srv.Close()
+
+	c := newTestClient(srv)
+	files, err := c.GetAllFilesInPath(context.Background(), "owner", "repo", "patterns")
+	if err != nil {
+		t.Fatalf("GetAllFilesInPath: %v", err)
+	}
+	if len(files) != 1 {
+		t.Fatalf("len(files) = %d, want 1", len(files))
+	}
+	if files["patterns/patterns.md"] != content {
+		t.Errorf("content = %q, want %q", files["patterns/patterns.md"], content)
+	}
+}