chore: update dev-loop TODO after issue-123 merge (2026-05-14 19:15 UTC)

.github/workflows/review.yml

@@ -1,77 +0,0 @@
-name: AI Code Review
-
-# AI code review for pull requests on github.concur.com/strat/review-bot.
-# Uses SAP AI Core as the LLM provider (same as the Gitea CI workflow).
-#
-# Prerequisites before this workflow can run:
-#   1. Set required secrets on strat/review-bot (see list below)
-#   2. Publish at least one release of review-bot on strat/review-bot
-#      (or change action-repo to a repo that already has releases)
-#
-# Required secrets:
-#   SONNET_REVIEW_TOKEN  — GitHub token for the Sonnet reviewer bot
-#   GPT_REVIEW_TOKEN     — GitHub token for the GPT reviewer bot
-#   AICORE_CLIENT_ID     — SAP AI Core OAuth client ID
-#   AICORE_CLIENT_SECRET — SAP AI Core OAuth client secret
-#   AICORE_AUTH_URL      — SAP AI Core OAuth token endpoint
-#   AICORE_API_URL       — SAP AI Core inference API URL
-#   AICORE_RESOURCE_GROUP — SAP AI Core resource group (optional, default: default)
-
-on:
-  pull_request:
-    types: [opened, synchronize]
-
-jobs:
-  test:
-    runs-on: ubuntu-24.04
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: '1.26'
-      - run: go test ./...
-      - run: go vet ./...
-      - run: go build -o review-bot ./cmd/review-bot
-
-  review:
-    runs-on: ubuntu-24.04
-    if: github.event_name == 'pull_request'
-    needs: test
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - name: sonnet
-            token_secret: SONNET_REVIEW_TOKEN
-            model: anthropic--claude-4.6-sonnet
-          - name: gpt
-            token_secret: GPT_REVIEW_TOKEN
-            model: gpt-5
-          - name: security
-            token_secret: GPT_REVIEW_TOKEN
-            model: gpt-5
-            system_prompt_file: SECURITY_REVIEW.md
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./.gitea/actions/review
-        with:
-          # On GHES runners, vcs-url is ignored; the composite action uses github.server_url.
-          # action-repo must be a repo with published review-bot releases.
-          # Requires strat/review-bot to have at least one release tag with
-          # review-bot-linux-amd64 and checksums.txt assets.
-          vcs-url: https://gitea.weiker.me
-          action-repo: strat/review-bot
-          reviewer-token: ${{ secrets[matrix.token_secret] }}
-          reviewer-name: ${{ matrix.name }}
-          llm-provider: aicore
-          llm-model: ${{ matrix.model }}
-          aicore-client-id: ${{ secrets.AICORE_CLIENT_ID }}
-          aicore-client-secret: ${{ secrets.AICORE_CLIENT_SECRET }}
-          aicore-auth-url: ${{ secrets.AICORE_AUTH_URL }}
-          aicore-api-url: ${{ secrets.AICORE_API_URL }}
-          aicore-resource-group: ${{ secrets.AICORE_RESOURCE_GROUP }}
-          conventions-file: CONVENTIONS.md
-          patterns-repo: rodin/go-patterns
-          patterns-files: README.md,patterns/
-          timeout: "600"
-          system-prompt-file: ${{ matrix.system_prompt_file || '' }}

TODO.md

@@ -1,79 +1,42 @@
-## Dev Loop: review-bot — 2026-05-14 20:10 UTC
+## Dev Loop: review-bot — 2026-05-14 19:15 UTC
 
-### Latest: ✅ STABLE STATE — REPO HEALTH COMPLETE
+### Latest: ✅ issue-123 MERGED
-- **Last action:** health check; verified tests pass, repo clean, no action needed
+- **PR #129:** Merged to main at commit 4440823
-- **Repository:** Clean, all merges complete, no open issues/PRs
+- **Feature:** IP-level SSRF defense with RFC6598 CGN check
-- **Main branch:** Up to date with origin/main
+- **Status:** Complete, all review feedback addressed
-- **Test suite:** All passing (cached)
 
 ---
 
-## Repository Status
+## Review-Bot Current State
 
-### ✅ Merged to main (recent):
+### Merged to main:
-- issue-123 (IP-level SSRF defense) — 6 commits, main at 4440823
+- ✅ issue-123 (SSRF defense) — 5 commits
-- issue-125 (VCS_URL rename + deprecation) — merged
+- ✅ issue-125 (VCS_URL rename + deprecation) 
-- issue-124 (multi-arch binary support) — merged  
+- ✅ issue-124 (multi-arch binary support)
-- issue-120 (GitHub Actions + VCS abstraction) — merged
+- ✅ issue-120 (GitHub Actions + VCS abstraction) — partial merge
-- issue-121 (VCS host type detection for binary download) — merged
+- And 100+ prior completed issues
 
-### 🧹 Cleanup COMPLETE:
+### Open Branches (>0 commits ahead of main):
-- ✅ Removed old worktrees (issue-123, review-bot-issue-125)
+- **issue-120:** 30 commits ahead (GHE release dry-run + extensive VCS abstraction work)
-- ✅ Test suite passes (all packages)
+  - Status: Awaiting human review/decision on integration
-- ✅ No TODO/FIXME in code except expected GitHub client notes
+
-- ✅ No open issues or pull requests
+### Completed Recently:
-- ✅ Dependencies up to date
+- Multiple issue-* and review-bot-issue-* branches
+- All recent work landed in main or merged into feature branches
 
 ---
 
-## Current Feature Completeness
+## Next Actions for Dev-Loop
 
-✅ **Core Capabilities:**
+1. **Check if issue-120 needs human intervention or PR created**
-- Multi-provider LLM support (OpenAI, Anthropic, SAP AI Core)
+2. **Identify next highest-priority open issue to start**
-- Gitea PR integration with structured reviews
+3. **Review any blocked or stalled branches**
-- SSRF defense with IP-level validation
+4. **Perform health check:**
-- VCS abstraction (Gitea/GitHub support)
+   - No orphaned worktrees
-- Multi-architecture binary support
+   - No merge conflicts
-- GitHub Actions composite action
+   - All tests passing on main
-
-✅ **Recent Security Work:**
-- RFC6598 CGN range detection
-- IP fallback dialing for local endpoint rejection
-- URL validation for SSRF prevention
-
-✅ **Code Quality:**
-- Comprehensive test coverage (all packages tested)
-- Consistent error handling with context propagation
-- Secure credential handling (unexported fields)
-- Concurrency-safe designs
 
 ---
 
-## Next Priority Actions
+## Worktrees Active
-
+ worktrees active
-### Phase 2: Feature Exploration (NEXT SESSION)
-- Scan code for potential improvements per REVIEW.md findings
-- Assess performance under load
-- Review REVIEW.md findings for targeted fixes
-- Consider backlog items from design docs
-
-### Phase 3: Optional Enhancements (BACKLOG)
-- Address REVIEW.md context propagation findings (if prioritized)
-- Additional LLM provider support
-- Enhanced context detection
-- Custom report formats
-- Webhook management improvements
-
----
-
-## Worktrees Status
-All old worktrees cleaned up. Ready for new issue work.
-
----
-
-## Dev-Loop Metadata
-- **Repo:** /home/ubuntu/review-bot
-- **Main branch SHA:** ed3a5dd (last commit)
-- **Cron ID:** 5342ac81-4bbc-4e4c-a123-347a7788d50c
-- **Scheduled:** Every 4 hours
-- **Last health check:** 2026-05-14 20:10 UTC (✅ all healthy)

cmd/review-bot/main.go

@@ -168,12 +168,8 @@ func main() {
 		os.Exit(1)
 	}
 
-	// Detect VCS type and initialize the appropriate client.
-	vcsType := detectVCSType()
-	slog.Info("detected VCS type", "vcs", vcsType)
-
 	// Initialize clients
-	giteaClient := newVCSClient(vcsType, *vcsURL, *reviewerToken)
+	giteaClient := gitea.NewClient(*vcsURL, *reviewerToken)
 	llmClient := llm.NewClient(*llmBaseURL, *llmAPIKey, *llmModel)
 	if *llmTemp < 0 || *llmTemp > 2 {
 		slog.Error("invalid LLM temperature", "temperature", *llmTemp, "range", "0-2")
@@ -211,7 +207,7 @@ func main() {
 	var persona *review.Persona
 	if *personaName != "" {
 		// Try loading from repo first, then fall back to built-in
-		repoPersonas, err := review.LoadRepoPersonas(ctx, buildRepoPersonaClient(giteaClient), owner, repoName)
+		repoPersonas, err := review.LoadRepoPersonas(ctx, newGiteaClientAdapter(giteaClient), owner, repoName)
 		if err != nil {
 			slog.Warn("could not load repo personas", "repo", owner+"/"+repoName, "error", err)
 			// Continue with built-in personas only.
@@ -531,7 +527,7 @@ func main() {
 }
 
 // fetchFileContext fetches the full content of modified files from the PR branch.
-func fetchFileContext(ctx context.Context, client vcsClient, owner, repo, ref string, files []gitea.ChangedFile) string {
+func fetchFileContext(ctx context.Context, client *gitea.Client, owner, repo, ref string, files []gitea.ChangedFile) string {
 	var sb strings.Builder
 	for _, f := range files {
 		if ctx.Err() != nil {
@@ -558,7 +554,7 @@ func fetchFileContext(ctx context.Context, client vcsClient, owner, repo, ref st
 // patternsFiles is comma-separated list of file paths or directories.
 // If a path ends with / or is a directory, all files within it are fetched recursively.
 // If patternsFiles is empty, all files from the repo root are fetched.
-func fetchPatterns(ctx context.Context, client vcsClient, patternsRepo, patternsFiles string) string {
+func fetchPatterns(ctx context.Context, client *gitea.Client, patternsRepo, patternsFiles string) string {
 	var sb strings.Builder
 
 	repos := strings.Split(patternsRepo, ",")
@@ -855,3 +851,31 @@ func shouldSkipStaleReview(evaluatedSHA, currentSHA string) bool {
 	return evaluatedSHA != currentSHA
 }
 
+// giteaClientAdapter adapts gitea.Client to review.GiteaClient interface.
+type giteaClientAdapter struct {
+	client *gitea.Client
+}
+
+func newGiteaClientAdapter(c *gitea.Client) *giteaClientAdapter {
+	return &giteaClientAdapter{client: c}
+}
+
+func (a *giteaClientAdapter) ListContents(ctx context.Context, owner, repo, path string) ([]review.ContentEntry, error) {
+	entries, err := a.client.ListContents(ctx, owner, repo, path)
+	if err != nil {
+		return nil, err
+	}
+	result := make([]review.ContentEntry, len(entries))
+	for i, e := range entries {
+		result[i] = review.ContentEntry{
+			Name: e.Name,
+			Path: e.Path,
+			Type: e.Type,
+		}
+	}
+	return result, nil
+}
+
+func (a *giteaClientAdapter) GetFileContent(ctx context.Context, owner, repo, filepath string) (string, error) {
+	return a.client.GetFileContent(ctx, owner, repo, filepath)
+}

cmd/review-bot/vcs.go

@@ -1,295 +0,0 @@
-package main
-
-// vcs.go — VCS client abstraction for supporting both Gitea and GitHub.
-//
-// This file defines the vcsClient interface that main.go uses for all VCS
-// operations, and provides a githubAdapter that wraps *github.Client and
-// converts between github-package types and the gitea-package types used
-// throughout the rest of the binary.
-//
-// Design rationale: the entire codebase was written against gitea types.
-// Rather than introduce a third "shared" type package and update every call
-// site, the adapter converts at the boundary. The conversion is cheap — these
-// are small structs fetched once per run.
-
-import (
-	"context"
-	"os"
-
-	githubpkg "gitea.weiker.me/rodin/review-bot/github"
-	"gitea.weiker.me/rodin/review-bot/gitea"
-	"gitea.weiker.me/rodin/review-bot/review"
-)
-
-// vcsClient is the interface that main.go uses for all VCS API operations.
-// Both *gitea.Client (directly) and *githubAdapter (via this file) satisfy it.
-type vcsClient interface {
-	GetPullRequest(ctx context.Context, owner, repo string, number int) (*gitea.PullRequest, error)
-	GetPullRequestDiff(ctx context.Context, owner, repo string, number int) (string, error)
-	GetPullRequestFiles(ctx context.Context, owner, repo string, number int) ([]gitea.ChangedFile, error)
-	GetCommitStatuses(ctx context.Context, owner, repo, sha string) ([]gitea.CommitStatus, error)
-	GetFileContent(ctx context.Context, owner, repo, filepath string) (string, error)
-	GetFileContentRef(ctx context.Context, owner, repo, filepath, ref string) (string, error)
-	GetAllFilesInPath(ctx context.Context, owner, repo, path string) (map[string]string, error)
-	ListReviews(ctx context.Context, owner, repo string, number int) ([]gitea.Review, error)
-	GetAuthenticatedUser(ctx context.Context) (string, error)
-	RequestReviewer(ctx context.Context, owner, repo string, number int, reviewer string) error
-	PostReview(ctx context.Context, owner, repo string, number int, event, body, commitID string, comments []gitea.ReviewComment) (*gitea.Review, error)
-	GetTimelineReviewCommentIDForReview(ctx context.Context, owner, repo string, number int, reviewID int64) (int64, error)
-	EditComment(ctx context.Context, owner, repo string, commentID int64, newBody string) error
-	ListReviewComments(ctx context.Context, owner, repo string, prNumber int, reviewID int64) ([]gitea.ReviewComment, error)
-	ResolveComment(ctx context.Context, owner, repo string, commentID int64) error
-	ListContents(ctx context.Context, owner, repo, path string) ([]gitea.ContentEntry, error)
-}
-
-// vcsClientAdapterForPersona adapts vcsClient to review.GiteaClient.
-// Used by LoadRepoPersonas which needs only ListContents + GetFileContent.
-type vcsClientAdapterForPersona struct {
-	client vcsClient
-}
-
-func newVCSClientAdapterForPersona(c vcsClient) *vcsClientAdapterForPersona {
-	return &vcsClientAdapterForPersona{client: c}
-}
-
-func (a *vcsClientAdapterForPersona) ListContents(ctx context.Context, owner, repo, path string) ([]review.ContentEntry, error) {
-	entries, err := a.client.ListContents(ctx, owner, repo, path)
-	if err != nil {
-		return nil, err
-	}
-	result := make([]review.ContentEntry, len(entries))
-	for i, e := range entries {
-		result[i] = review.ContentEntry{
-			Name: e.Name,
-			Path: e.Path,
-			Type: e.Type,
-		}
-	}
-	return result, nil
-}
-
-func (a *vcsClientAdapterForPersona) GetFileContent(ctx context.Context, owner, repo, filepath string) (string, error) {
-	return a.client.GetFileContent(ctx, owner, repo, filepath)
-}
-
-// detectVCSType returns "github" if the environment indicates a GitHub or GHES
-// runner, "gitea" otherwise.
-//
-// Detection logic mirrors the action.yml composite action:
-//   - GITHUB_API_URL is set by GitHub Actions runners (github.com and GHES)
-//   - On Gitea Actions runners it is empty or absent
-func detectVCSType() string {
-	if os.Getenv("GITHUB_API_URL") != "" {
-		return "github"
-	}
-	return "gitea"
-}
-
-// githubAPIBaseURL returns the GitHub API base URL from the environment.
-// On GitHub.com this is https://api.github.com.
-// On GHES this is https://<host>/api/v3.
-func githubAPIBaseURL() string {
-	if u := os.Getenv("GITHUB_API_URL"); u != "" {
-		return u
-	}
-	return "https://api.github.com"
-}
-
-// githubAdapter wraps *github.Client and translates github-package types to
-// gitea-package types so that the rest of main.go can remain unchanged.
-type githubAdapter struct {
-	c *githubpkg.Client
-}
-
-func newGitHubAdapter(token, apiBaseURL string) *githubAdapter {
-	return &githubAdapter{c: githubpkg.NewClient(token, apiBaseURL)}
-}
-
-func (a *githubAdapter) GetPullRequest(ctx context.Context, owner, repo string, number int) (*gitea.PullRequest, error) {
-	pr, err := a.c.GetPullRequest(ctx, owner, repo, number)
-	if err != nil {
-		return nil, err
-	}
-	return &gitea.PullRequest{
-		Title: pr.Title,
-		Body:  pr.Body,
-		Head: struct {
-			Sha string "json:\"sha\""
-			Ref string "json:\"ref\""
-		}{Sha: pr.Head.Sha, Ref: pr.Head.Ref},
-	}, nil
-}
-
-func (a *githubAdapter) GetPullRequestDiff(ctx context.Context, owner, repo string, number int) (string, error) {
-	return a.c.GetPullRequestDiff(ctx, owner, repo, number)
-}
-
-func (a *githubAdapter) GetPullRequestFiles(ctx context.Context, owner, repo string, number int) ([]gitea.ChangedFile, error) {
-	files, err := a.c.GetPullRequestFiles(ctx, owner, repo, number)
-	if err != nil {
-		return nil, err
-	}
-	result := make([]gitea.ChangedFile, len(files))
-	for i, f := range files {
-		result[i] = gitea.ChangedFile{
-			Filename: f.Filename,
-			Status:   f.Status,
-		}
-	}
-	return result, nil
-}
-
-func (a *githubAdapter) GetCommitStatuses(ctx context.Context, owner, repo, sha string) ([]gitea.CommitStatus, error) {
-	statuses, err := a.c.GetCommitStatuses(ctx, owner, repo, sha)
-	if err != nil {
-		return nil, err
-	}
-	result := make([]gitea.CommitStatus, len(statuses))
-	for i, s := range statuses {
-		// GitHub uses "state" with values: success, failure, pending, error.
-		// Gitea uses "status" with values: success, failure, pending, warning, error.
-		// Map GitHub's "state" to gitea's "status" field for evaluateCIStatus().
-		result[i] = gitea.CommitStatus{
-			Status:      s.State,
-			Context:     s.Context,
-			Description: s.Description,
-			TargetURL:   s.TargetURL,
-		}
-	}
-	return result, nil
-}
-
-func (a *githubAdapter) GetFileContent(ctx context.Context, owner, repo, filepath string) (string, error) {
-	return a.c.GetFileContent(ctx, owner, repo, filepath)
-}
-
-func (a *githubAdapter) GetFileContentRef(ctx context.Context, owner, repo, filepath, ref string) (string, error) {
-	return a.c.GetFileContentRef(ctx, owner, repo, filepath, ref)
-}
-
-func (a *githubAdapter) GetAllFilesInPath(ctx context.Context, owner, repo, path string) (map[string]string, error) {
-	return a.c.GetAllFilesInPath(ctx, owner, repo, path)
-}
-
-func (a *githubAdapter) ListReviews(ctx context.Context, owner, repo string, number int) ([]gitea.Review, error) {
-	reviews, err := a.c.ListReviews(ctx, owner, repo, number)
-	if err != nil {
-		return nil, err
-	}
-	result := make([]gitea.Review, len(reviews))
-	for i, r := range reviews {
-		result[i] = gitea.Review{
-			ID:   r.ID,
-			Body: r.Body,
-			User: struct {
-				Login string "json:\"login\""
-			}{Login: r.User.Login},
-			State:    r.State,
-			CommitID: r.CommitID,
-		}
-	}
-	return result, nil
-}
-
-func (a *githubAdapter) GetAuthenticatedUser(ctx context.Context) (string, error) {
-	return a.c.GetAuthenticatedUser(ctx)
-}
-
-func (a *githubAdapter) RequestReviewer(ctx context.Context, owner, repo string, number int, reviewer string) error {
-	return a.c.RequestReviewer(ctx, owner, repo, number, reviewer)
-}
-
-func (a *githubAdapter) PostReview(ctx context.Context, owner, repo string, number int, event, body, commitID string, comments []gitea.ReviewComment) (*gitea.Review, error) {
-	// Convert gitea ReviewComments to github ReviewComments.
-	// NewPosition in Gitea maps to Position in GitHub (diff line position).
-	ghComments := make([]githubpkg.ReviewComment, len(comments))
-	for i, c := range comments {
-		ghComments[i] = githubpkg.ReviewComment{
-			Path:     c.Path,
-			Position: c.NewPosition,
-			Body:     c.Body,
-		}
-	}
-	review, err := a.c.PostReview(ctx, owner, repo, number, event, body, commitID, ghComments)
-	if err != nil {
-		return nil, err
-	}
-	return &gitea.Review{
-		ID:   review.ID,
-		Body: review.Body,
-		User: struct {
-			Login string "json:\"login\""
-		}{Login: review.User.Login},
-		State:    review.State,
-		CommitID: review.CommitID,
-	}, nil
-}
-
-func (a *githubAdapter) GetTimelineReviewCommentIDForReview(ctx context.Context, owner, repo string, number int, reviewID int64) (int64, error) {
-	return a.c.GetTimelineReviewCommentIDForReview(ctx, owner, repo, number, reviewID)
-}
-
-func (a *githubAdapter) EditComment(ctx context.Context, owner, repo string, commentID int64, newBody string) error {
-	return a.c.EditComment(ctx, owner, repo, commentID, newBody)
-}
-
-func (a *githubAdapter) ListReviewComments(ctx context.Context, owner, repo string, prNumber int, reviewID int64) ([]gitea.ReviewComment, error) {
-	comments, err := a.c.ListReviewComments(ctx, owner, repo, prNumber, reviewID)
-	if err != nil {
-		return nil, err
-	}
-	result := make([]gitea.ReviewComment, len(comments))
-	for i, c := range comments {
-		result[i] = gitea.ReviewComment{
-			ID:          c.ID,
-			Path:        c.Path,
-			NewPosition: c.Position,
-			Body:        c.Body,
-		}
-	}
-	return result, nil
-}
-
-func (a *githubAdapter) ResolveComment(ctx context.Context, owner, repo string, commentID int64) error {
-	return a.c.ResolveComment(ctx, owner, repo, commentID)
-}
-
-func (a *githubAdapter) ListContents(ctx context.Context, owner, repo, path string) ([]gitea.ContentEntry, error) {
-	entries, err := a.c.ListContents(ctx, owner, repo, path)
-	if err != nil {
-		return nil, err
-	}
-	result := make([]gitea.ContentEntry, len(entries))
-	for i, e := range entries {
-		result[i] = gitea.ContentEntry{
-			Name: e.Name,
-			Path: e.Path,
-			Type: e.Type,
-		}
-	}
-	return result, nil
-}
-
-// newVCSClient creates the appropriate VCS client based on detected VCS type.
-// On GitHub/GHES (GITHUB_API_URL set), returns a githubAdapter.
-// On Gitea (GITHUB_API_URL absent), returns *gitea.Client directly.
-//
-// For GitHub: uses GITHUB_API_URL as the API base URL (trusted platform value).
-// For Gitea: uses vcsURL (validated before this call).
-func newVCSClient(vcsType, vcsURL, reviewerToken string) vcsClient {
-	switch vcsType {
-	case "github":
-		apiURL := githubAPIBaseURL()
-		return newGitHubAdapter(reviewerToken, apiURL)
-	default:
-		return gitea.NewClient(vcsURL, reviewerToken)
-	}
-}
-
-// buildRepoPersonaClient creates a review.GiteaClient from the active vcsClient.
-// This exists because LoadRepoPersonas expects the review.GiteaClient interface
-// (which only requires ListContents + GetFileContent).
-func buildRepoPersonaClient(c vcsClient) review.GiteaClient {
-	return newVCSClientAdapterForPersona(c)
-}
-

github/methods.go

@@ -1,552 +0,0 @@
-// Package github provides a client for the GitHub API.
-// This file contains the higher-level PR/review methods built on top of the
-// HTTP client in client.go. All methods use GitHub REST API v3 paths.
-package github
-
-import (
-	"bytes"
-	"context"
-	"encoding/base64"
-	"encoding/json"
-	"fmt"
-	"io"
-	"log/slog"
-	"net/http"
-	"net/url"
-	"strings"
-)
-
-// PullRequest holds relevant PR metadata.
-type PullRequest struct {
-	Title string `json:"title"`
-	Body  string `json:"body"`
-	Head  struct {
-		Sha string `json:"sha"`
-		Ref string `json:"ref"`
-	} `json:"head"`
-}
-
-// CommitStatus represents a single CI status entry.
-// GitHub uses "state" (success/failure/pending/error) unlike Gitea's "status".
-type CommitStatus struct {
-	State       string `json:"state"`
-	Context     string `json:"context"`
-	Description string `json:"description"`
-	TargetURL   string `json:"target_url"`
-}
-
-// ChangedFile represents a file modified in a PR.
-type ChangedFile struct {
-	Filename string `json:"filename"`
-	Status   string `json:"status"`
-}
-
-// ReviewComment represents an inline comment to attach to a review.
-// GitHub uses "path" + "position" or "line" for positioning.
-type ReviewComment struct {
-	ID   int64  `json:"id,omitempty"`
-	Path string `json:"path"`
-	// Position is the line position in the diff (used when submitting).
-	// Side+Line is an alternative for GitHub (line in the file), but
-	// we mirror the Gitea interface using NewPosition mapped to position.
-	Position int64  `json:"position,omitempty"`
-	Body     string `json:"body"`
-}
-
-// ContentEntry represents a file or directory entry from the contents API.
-type ContentEntry struct {
-	Name string `json:"name"`
-	Path string `json:"path"`
-	Type string `json:"type"` // "file" or "dir"
-}
-
-// Review represents a pull request review.
-type Review struct {
-	ID   int64  `json:"id"`
-	Body string `json:"body"`
-	User struct {
-		Login string `json:"login"`
-	} `json:"user"`
-	State    string `json:"state"`
-	CommitID string `json:"commit_id"`
-}
-
-// GetPullRequest fetches PR metadata.
-func (c *Client) GetPullRequest(ctx context.Context, owner, repo string, number int) (*PullRequest, error) {
-	reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/%d",
-		c.baseURL,
-		url.PathEscape(owner),
-		url.PathEscape(repo),
-		number)
-	body, err := c.doGet(ctx, reqURL)
-	if err != nil {
-		return nil, fmt.Errorf("fetch PR: %w", err)
-	}
-	var pr PullRequest
-	if err := json.Unmarshal(body, &pr); err != nil {
-		return nil, fmt.Errorf("parse PR JSON: %w", err)
-	}
-	return &pr, nil
-}
-
-// GetPullRequestDiff fetches the unified diff for a PR.
-func (c *Client) GetPullRequestDiff(ctx context.Context, owner, repo string, number int) (string, error) {
-	reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/%d",
-		c.baseURL,
-		url.PathEscape(owner),
-		url.PathEscape(repo),
-		number)
-	body, err := c.doRequest(ctx, http.MethodGet, reqURL, "application/vnd.github.v3.diff")
-	if err != nil {
-		return "", fmt.Errorf("fetch diff: %w", err)
-	}
-	return string(body), nil
-}
-
-// GetPullRequestFiles fetches the list of files changed in a PR.
-// GitHub paginates at 30 files/page (max 3000 files total).
-func (c *Client) GetPullRequestFiles(ctx context.Context, owner, repo string, number int) ([]ChangedFile, error) {
-	const perPage = 100
-	var all []ChangedFile
-	for page := 1; ; page++ {
-		reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/%d/files?per_page=%d&page=%d",
-			c.baseURL,
-			url.PathEscape(owner),
-			url.PathEscape(repo),
-			number,
-			perPage,
-			page)
-		body, err := c.doGet(ctx, reqURL)
-		if err != nil {
-			return nil, fmt.Errorf("fetch PR files (page %d): %w", page, err)
-		}
-		var batch []ChangedFile
-		if err := json.Unmarshal(body, &batch); err != nil {
-			return nil, fmt.Errorf("parse PR files JSON (page %d): %w", page, err)
-		}
-		all = append(all, batch...)
-		if len(batch) < perPage {
-			break
-		}
-	}
-	return all, nil
-}
-
-// GetCommitStatuses fetches CI statuses for a commit SHA.
-// GitHub's combined status endpoint returns the most-relevant state per context.
-func (c *Client) GetCommitStatuses(ctx context.Context, owner, repo, sha string) ([]CommitStatus, error) {
-	const perPage = 100
-	var all []CommitStatus
-	for page := 1; ; page++ {
-		reqURL := fmt.Sprintf("%s/repos/%s/%s/commits/%s/statuses?per_page=%d&page=%d",
-			c.baseURL,
-			url.PathEscape(owner),
-			url.PathEscape(repo),
-			url.PathEscape(sha),
-			perPage,
-			page)
-		body, err := c.doGet(ctx, reqURL)
-		if err != nil {
-			return nil, fmt.Errorf("fetch commit statuses: %w", err)
-		}
-		var batch []CommitStatus
-		if err := json.Unmarshal(body, &batch); err != nil {
-			return nil, fmt.Errorf("parse statuses JSON: %w", err)
-		}
-		all = append(all, batch...)
-		if len(batch) < perPage {
-			break
-		}
-	}
-	return all, nil
-}
-
-// GetFileContent fetches a file from the default branch of a repo.
-// GitHub's contents API returns base64-encoded content.
-func (c *Client) GetFileContent(ctx context.Context, owner, repo, filepath string) (string, error) {
-	return c.GetFileContentRef(ctx, owner, repo, filepath, "")
-}
-
-// GetFileContentRef fetches a file from a specific ref (branch/tag/sha) in a repo.
-func (c *Client) GetFileContentRef(ctx context.Context, owner, repo, filepath, ref string) (string, error) {
-	reqURL := fmt.Sprintf("%s/repos/%s/%s/contents/%s",
-		c.baseURL,
-		url.PathEscape(owner),
-		url.PathEscape(repo),
-		escapePath(filepath))
-	if ref != "" {
-		reqURL += "?ref=" + url.QueryEscape(ref)
-	}
-	body, err := c.doGet(ctx, reqURL)
-	if err != nil {
-		return "", fmt.Errorf("fetch file %s: %w", filepath, err)
-	}
-	// GitHub returns JSON with base64-encoded content
-	var result struct {
-		Content  string `json:"content"`
-		Encoding string `json:"encoding"`
-	}
-	if err := json.Unmarshal(body, &result); err != nil {
-		return "", fmt.Errorf("parse file content JSON: %w", err)
-	}
-	if result.Encoding != "base64" {
-		return "", fmt.Errorf("unexpected encoding %q for file %s", result.Encoding, filepath)
-	}
-	// GitHub wraps base64 content in newlines — strip them before decoding
-	cleaned := strings.ReplaceAll(result.Content, "\n", "")
-	decoded, err := base64.StdEncoding.DecodeString(cleaned)
-	if err != nil {
-		return "", fmt.Errorf("decode file content: %w", err)
-	}
-	return string(decoded), nil
-}
-
-// ListContents lists files and directories at a given path in a repo.
-// Pass an empty path to list the repository root.
-func (c *Client) ListContents(ctx context.Context, owner, repo, path string) ([]ContentEntry, error) {
-	if path == "." {
-		path = ""
-	}
-	var reqURL string
-	if path == "" {
-		reqURL = fmt.Sprintf("%s/repos/%s/%s/contents",
-			c.baseURL, url.PathEscape(owner), url.PathEscape(repo))
-	} else {
-		reqURL = fmt.Sprintf("%s/repos/%s/%s/contents/%s",
-			c.baseURL, url.PathEscape(owner), url.PathEscape(repo), escapePath(path))
-	}
-	body, err := c.doGet(ctx, reqURL)
-	if err != nil {
-		return nil, fmt.Errorf("list contents %s: %w", path, err)
-	}
-	var entries []ContentEntry
-	if err := json.Unmarshal(body, &entries); err != nil {
-		// GitHub also returns a single object when path is a file
-		var single ContentEntry
-		if err2 := json.Unmarshal(body, &single); err2 != nil {
-			return nil, fmt.Errorf("parse contents JSON: %w", err)
-		}
-		if single.Name == "" && single.Path == "" {
-			return nil, fmt.Errorf("parse contents JSON: empty response for path %q", path)
-		}
-		entries = []ContentEntry{single}
-	}
-	return entries, nil
-}
-
-// GetAllFilesInPath recursively fetches all file contents under a path.
-// If the path is a file, returns just that file's content.
-func (c *Client) GetAllFilesInPath(ctx context.Context, owner, repo, path string) (map[string]string, error) {
-	results := make(map[string]string)
-
-	entries, err := c.ListContents(ctx, owner, repo, path)
-	if err != nil {
-		if IsNotFound(err) {
-			// Try fetching as a file directly
-			content, fileErr := c.GetFileContent(ctx, owner, repo, path)
-			if fileErr != nil {
-				return nil, fmt.Errorf("path %q is neither a file nor directory: %w", path, fileErr)
-			}
-			results[path] = content
-			return results, nil
-		}
-		return nil, fmt.Errorf("list contents %q: %w", path, err)
-	}
-
-	for _, entry := range entries {
-		switch entry.Type {
-		case "file":
-			content, err := c.GetFileContent(ctx, owner, repo, entry.Path)
-			if err != nil {
-				slog.Warn("could not fetch file from patterns repo", "file", entry.Path, "error", err)
-				continue
-			}
-			results[entry.Path] = content
-		case "dir":
-			subResults, err := c.GetAllFilesInPath(ctx, owner, repo, entry.Path)
-			if err != nil {
-				slog.Warn("could not recurse into directory", "dir", entry.Path, "error", err)
-				continue
-			}
-			for k, v := range subResults {
-				results[k] = v
-			}
-		}
-	}
-	return results, nil
-}
-
-// PostReview submits a review to a PR and returns the created review.
-// event should be "APPROVE", "REQUEST_CHANGES", or "COMMENT".
-// commitID anchors the review to a specific commit SHA.
-// comments are optional inline comments.
-//
-// Note: GitHub uses "APPROVE" (not "APPROVED") for the event name.
-func (c *Client) PostReview(ctx context.Context, owner, repo string, number int, event, body, commitID string, comments []ReviewComment) (*Review, error) {
-	reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/%d/reviews",
-		c.baseURL,
-		url.PathEscape(owner),
-		url.PathEscape(repo),
-		number)
-
-	// GitHub uses "APPROVE" not "APPROVED", "REQUEST_CHANGES" and "COMMENT" match
-	ghEvent := event
-	if event == "APPROVED" {
-		ghEvent = "APPROVE"
-	}
-
-	payload := struct {
-		Body     string          `json:"body"`
-		Event    string          `json:"event"`
-		CommitID string          `json:"commit_id,omitempty"`
-		Comments []ReviewComment `json:"comments,omitempty"`
-	}{
-		Body:     body,
-		Event:    ghEvent,
-		CommitID: commitID,
-		Comments: comments,
-	}
-
-	data, err := json.Marshal(payload)
-	if err != nil {
-		return nil, fmt.Errorf("marshal review payload: %w", err)
-	}
-
-	req, err := http.NewRequestWithContext(ctx, http.MethodPost, reqURL, bytes.NewReader(data))
-	if err != nil {
-		return nil, fmt.Errorf("create review request: %w", err)
-	}
-	req.Header.Set("Authorization", "Bearer "+c.token)
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Accept", "application/vnd.github+json")
-
-	resp, err := c.httpClient.Do(req)
-	if err != nil {
-		return nil, fmt.Errorf("post review: %w", err)
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-		respBody, _ := io.ReadAll(io.LimitReader(resp.Body, 64*1024))
-		return nil, fmt.Errorf("post review failed (status %d): %s", resp.StatusCode, string(respBody))
-	}
-
-	respBody, err := io.ReadAll(io.LimitReader(resp.Body, 10*1024*1024))
-	if err != nil {
-		return nil, fmt.Errorf("read review response: %w", err)
-	}
-	var review Review
-	if err := json.Unmarshal(respBody, &review); err != nil {
-		return nil, fmt.Errorf("parse review response: %w", err)
-	}
-	return &review, nil
-}
-
-// ListReviews returns all reviews on a pull request.
-func (c *Client) ListReviews(ctx context.Context, owner, repo string, number int) ([]Review, error) {
-	const perPage = 100
-	var all []Review
-	for page := 1; ; page++ {
-		reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/%d/reviews?per_page=%d&page=%d",
-			c.baseURL,
-			url.PathEscape(owner),
-			url.PathEscape(repo),
-			number,
-			perPage,
-			page)
-		body, err := c.doGet(ctx, reqURL)
-		if err != nil {
-			return nil, fmt.Errorf("list reviews (page %d): %w", page, err)
-		}
-		var batch []Review
-		if err := json.Unmarshal(body, &batch); err != nil {
-			return nil, fmt.Errorf("parse reviews (page %d): %w", page, err)
-		}
-		all = append(all, batch...)
-		if len(batch) < perPage {
-			break
-		}
-	}
-	return all, nil
-}
-
-// DeleteReview deletes a review by ID.
-func (c *Client) DeleteReview(ctx context.Context, owner, repo string, number int, reviewID int64) error {
-	reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/%d/reviews/%d",
-		c.baseURL,
-		url.PathEscape(owner),
-		url.PathEscape(repo),
-		number,
-		reviewID)
-
-	req, err := http.NewRequestWithContext(ctx, http.MethodDelete, reqURL, nil)
-	if err != nil {
-		return fmt.Errorf("create delete request: %w", err)
-	}
-	req.Header.Set("Authorization", "Bearer "+c.token)
-	req.Header.Set("Accept", "application/vnd.github+json")
-
-	resp, err := c.httpClient.Do(req)
-	if err != nil {
-		return fmt.Errorf("delete review: %w", err)
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-		respBody, _ := io.ReadAll(io.LimitReader(resp.Body, 256))
-		return fmt.Errorf("delete review failed (status %d): %s", resp.StatusCode, string(respBody))
-	}
-	return nil
-}
-
-// GetAuthenticatedUser returns the login of the user authenticated by the token.
-func (c *Client) GetAuthenticatedUser(ctx context.Context) (string, error) {
-	reqURL := fmt.Sprintf("%s/user", c.baseURL)
-	body, err := c.doGet(ctx, reqURL)
-	if err != nil {
-		return "", fmt.Errorf("get authenticated user: %w", err)
-	}
-	var result struct {
-		Login string `json:"login"`
-	}
-	if err := json.Unmarshal(body, &result); err != nil {
-		return "", fmt.Errorf("parse user response: %w", err)
-	}
-	return result.Login, nil
-}
-
-// RequestReviewer adds the given user as a requested reviewer on a pull request.
-// This is idempotent on GitHub — requesting an already-requested reviewer succeats.
-func (c *Client) RequestReviewer(ctx context.Context, owner, repo string, number int, reviewer string) error {
-	reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/%d/requested_reviewers",
-		c.baseURL,
-		url.PathEscape(owner),
-		url.PathEscape(repo),
-		number)
-
-	payload := struct {
-		Reviewers []string `json:"reviewers"`
-	}{Reviewers: []string{reviewer}}
-	data, err := json.Marshal(payload)
-	if err != nil {
-		return fmt.Errorf("marshal reviewer request: %w", err)
-	}
-
-	req, err := http.NewRequestWithContext(ctx, http.MethodPost, reqURL, bytes.NewReader(data))
-	if err != nil {
-		return fmt.Errorf("create reviewer request: %w", err)
-	}
-	req.Header.Set("Authorization", "Bearer "+c.token)
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Accept", "application/vnd.github+json")
-
-	resp, err := c.httpClient.Do(req)
-	if err != nil {
-		return fmt.Errorf("request reviewer: %w", err)
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-		respBody, _ := io.ReadAll(io.LimitReader(resp.Body, 256))
-		return fmt.Errorf("request reviewer failed (status %d): %s", resp.StatusCode, string(respBody))
-	}
-	return nil
-}
-
-// EditComment updates the body of a PR review comment.
-// GitHub uses PATCH /repos/{owner}/{repo}/pulls/comments/{comment_id}.
-func (c *Client) EditComment(ctx context.Context, owner, repo string, commentID int64, newBody string) error {
-	reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/comments/%d",
-		c.baseURL,
-		url.PathEscape(owner),
-		url.PathEscape(repo),
-		commentID)
-
-	payload := struct {
-		Body string `json:"body"`
-	}{Body: newBody}
-	data, err := json.Marshal(payload)
-	if err != nil {
-		return fmt.Errorf("marshal edit payload: %w", err)
-	}
-
-	req, err := http.NewRequestWithContext(ctx, http.MethodPatch, reqURL, bytes.NewReader(data))
-	if err != nil {
-		return fmt.Errorf("create edit request: %w", err)
-	}
-	req.Header.Set("Authorization", "Bearer "+c.token)
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Accept", "application/vnd.github+json")
-
-	resp, err := c.httpClient.Do(req)
-	if err != nil {
-		return fmt.Errorf("edit comment: %w", err)
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusOK {
-		body, _ := io.ReadAll(io.LimitReader(resp.Body, 256))
-		return fmt.Errorf("edit comment failed (status %d): %s", resp.StatusCode, body)
-	}
-	return nil
-}
-
-// ListReviewComments returns the inline comments attached to a specific review.
-func (c *Client) ListReviewComments(ctx context.Context, owner, repo string, prNumber int, reviewID int64) ([]ReviewComment, error) {
-	const perPage = 100
-	var all []ReviewComment
-	for page := 1; ; page++ {
-		reqURL := fmt.Sprintf("%s/repos/%s/%s/pulls/%d/reviews/%d/comments?per_page=%d&page=%d",
-			c.baseURL,
-			url.PathEscape(owner),
-			url.PathEscape(repo),
-			prNumber,
-			reviewID,
-			perPage,
-			page)
-		body, err := c.doGet(ctx, reqURL)
-		if err != nil {
-			return nil, fmt.Errorf("list review comments (page %d): %w", page, err)
-		}
-		var batch []ReviewComment
-		if err := json.Unmarshal(body, &batch); err != nil {
-			return nil, fmt.Errorf("parse review comments (page %d): %w", page, err)
-		}
-		all = append(all, batch...)
-		if len(batch) < perPage {
-			break
-		}
-	}
-	return all, nil
-}
-
-// ResolveComment is a no-op on GitHub. GitHub does not support resolving
-// individual review comments via the REST API (only via the GraphQL API).
-// This method exists to satisfy the VCSClient interface.
-func (c *Client) ResolveComment(_ context.Context, _, _ string, _ int64) error {
-	return nil
-}
-
-// GetTimelineReviewCommentIDForReview finds the timeline comment ID for a review.
-// GitHub doesn't have a direct timeline event endpoint for reviews the way Gitea does.
-// This is primarily used by the supersede path (EditComment + ResolveComment). On GitHub,
-// we return the review ID itself. Note that EditComment on GitHub uses the
-// /pulls/comments/{id} endpoint (for inline review comments), which does not
-// apply to review bodies — the supersede EditComment call will 404 and be
-// logged as a warning. This is a known limitation; the review is still posted
-// correctly regardless.
-func (c *Client) GetTimelineReviewCommentIDForReview(_ context.Context, _, _ string, _ int, reviewID int64) (int64, error) {
-	return reviewID, nil
-}
-
-// escapePath escapes each path segment individually while preserving slashes.
-// This avoids double-escaping the forward slash separator in file paths.
-// NOTE: Intentionally duplicated from gitea/client.go to keep the packages independent.
-func escapePath(p string) string {
-	parts := strings.Split(p, "/")
-	escaped := make([]string, len(parts))
-	for i, part := range parts {
-		escaped[i] = url.PathEscape(part)
-	}
-	return strings.Join(escaped, "/")
-}

github/methods_test.go

@@ -1,518 +0,0 @@
-package github
-
-import (
-	"context"
-	"encoding/base64"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-)
-
-// newTestClient creates a Client pointed at the test server.
-func newTestClient(srv *httptest.Server) *Client {
-	return NewClient("test-token", srv.URL, AllowInsecureHTTPForTest())
-}
-
-func TestGetPullRequest(t *testing.T) {
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.Method != http.MethodGet || r.URL.Path != "/repos/owner/repo/pulls/42" {
-			http.Error(w, "unexpected", http.StatusNotFound)
-			return
-		}
-		if got := r.Header.Get("Authorization"); got != "Bearer test-token" {
-			http.Error(w, "unauthorized", http.StatusUnauthorized)
-			return
-		}
-		w.Header().Set("Content-Type", "application/json")
-		fmt.Fprintln(w, `{"title":"Fix bug","body":"Body text","head":{"sha":"abc1234","ref":"fix/bug"}}`)
-	}))
-	defer srv.Close()
-
-	c := newTestClient(srv)
-	pr, err := c.GetPullRequest(context.Background(), "owner", "repo", 42)
-	if err != nil {
-		t.Fatalf("GetPullRequest: %v", err)
-	}
-	if pr.Title != "Fix bug" {
-		t.Errorf("Title = %q, want %q", pr.Title, "Fix bug")
-	}
-	if pr.Head.Sha != "abc1234" {
-		t.Errorf("Head.Sha = %q, want %q", pr.Head.Sha, "abc1234")
-	}
-	if pr.Head.Ref != "fix/bug" {
-		t.Errorf("Head.Ref = %q, want %q", pr.Head.Ref, "fix/bug")
-	}
-}
-
-func TestGetPullRequest_NotFound(t *testing.T) {
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		http.Error(w, `{"message":"Not Found"}`, http.StatusNotFound)
-	}))
-	defer srv.Close()
-
-	c := newTestClient(srv)
-	_, err := c.GetPullRequest(context.Background(), "owner", "repo", 99)
-	if err == nil {
-		t.Fatal("expected error for 404, got nil")
-	}
-	if !IsNotFound(err) {
-		t.Errorf("expected IsNotFound error, got %v", err)
-	}
-}
-
-func TestGetPullRequestDiff(t *testing.T) {
-	diffText := "diff --git a/foo.go b/foo.go\n@@ -1,1 +1,2 @@\n+added"
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.URL.Path != "/repos/owner/repo/pulls/1" {
-			http.Error(w, "unexpected", http.StatusNotFound)
-			return
-		}
-		if r.Header.Get("Accept") != "application/vnd.github.v3.diff" {
-			http.Error(w, "wrong accept", http.StatusNotAcceptable)
-			return
-		}
-		w.Header().Set("Content-Type", "text/plain")
-		fmt.Fprint(w, diffText)
-	}))
-	defer srv.Close()
-
-	c := newTestClient(srv)
-	got, err := c.GetPullRequestDiff(context.Background(), "owner", "repo", 1)
-	if err != nil {
-		t.Fatalf("GetPullRequestDiff: %v", err)
-	}
-	if got != diffText {
-		t.Errorf("diff = %q, want %q", got, diffText)
-	}
-}
-
-func TestGetPullRequestFiles(t *testing.T) {
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.URL.Path != "/repos/owner/repo/pulls/5/files" {
-			http.Error(w, "unexpected", http.StatusNotFound)
-			return
-		}
-		w.Header().Set("Content-Type", "application/json")
-		fmt.Fprintln(w, `[{"filename":"foo.go","status":"added"},{"filename":"bar.go","status":"modified"}]`)
-	}))
-	defer srv.Close()
-
-	c := newTestClient(srv)
-	files, err := c.GetPullRequestFiles(context.Background(), "owner", "repo", 5)
-	if err != nil {
-		t.Fatalf("GetPullRequestFiles: %v", err)
-	}
-	if len(files) != 2 {
-		t.Fatalf("len(files) = %d, want 2", len(files))
-	}
-	if files[0].Filename != "foo.go" || files[0].Status != "added" {
-		t.Errorf("files[0] = %+v", files[0])
-	}
-}
-
-func TestGetCommitStatuses(t *testing.T) {
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.URL.Path != "/repos/owner/repo/commits/deadbeef/statuses" {
-			http.Error(w, "unexpected", http.StatusNotFound)
-			return
-		}
-		w.Header().Set("Content-Type", "application/json")
-		fmt.Fprintln(w, `[{"state":"success","context":"ci/test","description":"Tests passed","target_url":"https://ci.example.com"}]`)
-	}))
-	defer srv.Close()
-
-	c := newTestClient(srv)
-	statuses, err := c.GetCommitStatuses(context.Background(), "owner", "repo", "deadbeef")
-	if err != nil {
-		t.Fatalf("GetCommitStatuses: %v", err)
-	}
-	if len(statuses) != 1 {
-		t.Fatalf("len(statuses) = %d, want 1", len(statuses))
-	}
-	if statuses[0].State != "success" {
-		t.Errorf("State = %q, want success", statuses[0].State)
-	}
-	if statuses[0].Context != "ci/test" {
-		t.Errorf("Context = %q, want ci/test", statuses[0].Context)
-	}
-}
-
-func TestGetFileContent(t *testing.T) {
-	content := "package main\nfunc main() {}\n"
-	encoded := base64.StdEncoding.EncodeToString([]byte(content))
-	// GitHub wraps base64 in newlines every 60 chars
-	var chunked string
-	for i := 0; i < len(encoded); i += 60 {
-		end := i + 60
-		if end > len(encoded) {
-			end = len(encoded)
-		}
-		chunked += encoded[i:end] + "\n"
-	}
-
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.URL.Path != "/repos/owner/repo/contents/main.go" {
-			http.Error(w, "unexpected path: "+r.URL.Path, http.StatusNotFound)
-			return
-		}
-		w.Header().Set("Content-Type", "application/json")
-		resp := map[string]string{
-			"content":  chunked,
-			"encoding": "base64",
-		}
-		if err := json.NewEncoder(w).Encode(resp); err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-		}
-	}))
-	defer srv.Close()
-
-	c := newTestClient(srv)
-	got, err := c.GetFileContent(context.Background(), "owner", "repo", "main.go")
-	if err != nil {
-		t.Fatalf("GetFileContent: %v", err)
-	}
-	if got != content {
-		t.Errorf("content = %q, want %q", got, content)
-	}
-}
-
-func TestGetFileContentRef(t *testing.T) {
-	content := "hello world"
-	encoded := base64.StdEncoding.EncodeToString([]byte(content))
-
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.URL.Path != "/repos/owner/repo/contents/README.md" {
-			http.Error(w, "unexpected", http.StatusNotFound)
-			return
-		}
-		if r.URL.Query().Get("ref") != "abc123" {
-			http.Error(w, "missing ref", http.StatusBadRequest)
-			return
-		}
-		w.Header().Set("Content-Type", "application/json")
-		resp := map[string]string{"content": encoded + "\n", "encoding": "base64"}
-		if err := json.NewEncoder(w).Encode(resp); err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-		}
-	}))
-	defer srv.Close()
-
-	c := newTestClient(srv)
-	got, err := c.GetFileContentRef(context.Background(), "owner", "repo", "README.md", "abc123")
-	if err != nil {
-		t.Fatalf("GetFileContentRef: %v", err)
-	}
-	if got != content {
-		t.Errorf("content = %q, want %q", got, content)
-	}
-}
-
-func TestListContents(t *testing.T) {
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.URL.Path == "/repos/owner/repo/contents" {
-			w.Header().Set("Content-Type", "application/json")
-			fmt.Fprintln(w, `[{"name":"README.md","path":"README.md","type":"file"},{"name":"src","path":"src","type":"dir"}]`)
-			return
-		}
-		http.Error(w, "unexpected: "+r.URL.Path, http.StatusNotFound)
-	}))
-	defer srv.Close()
-
-	c := newTestClient(srv)
-	entries, err := c.ListContents(context.Background(), "owner", "repo", "")
-	if err != nil {
-		t.Fatalf("ListContents: %v", err)
-	}
-	if len(entries) != 2 {
-		t.Fatalf("len(entries) = %d, want 2", len(entries))
-	}
-	if entries[0].Name != "README.md" || entries[0].Type != "file" {
-		t.Errorf("entries[0] = %+v", entries[0])
-	}
-	if entries[1].Name != "src" || entries[1].Type != "dir" {
-		t.Errorf("entries[1] = %+v", entries[1])
-	}
-}
-
-func TestListContents_Dot(t *testing.T) {
-	// "." should be treated as "" (root)
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.URL.Path == "/repos/owner/repo/contents" {
-			w.Header().Set("Content-Type", "application/json")
-			fmt.Fprintln(w, `[]`)
-			return
-		}
-		http.Error(w, "unexpected: "+r.URL.Path, http.StatusNotFound)
-	}))
-	defer srv.Close()
-
-	c := newTestClient(srv)
-	entries, err := c.ListContents(context.Background(), "owner", "repo", ".")
-	if err != nil {
-		t.Fatalf("ListContents: %v", err)
-	}
-	if len(entries) != 0 {
-		t.Errorf("expected empty entries, got %d", len(entries))
-	}
-}
-
-func TestPostReview(t *testing.T) {
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.Method != http.MethodPost || r.URL.Path != "/repos/owner/repo/pulls/10/reviews" {
-			http.Error(w, "unexpected", http.StatusNotFound)
-			return
-		}
-		var payload struct {
-			Body     string `json:"body"`
-			Event    string `json:"event"`
-			CommitID string `json:"commit_id"`
-		}
-		if err := json.NewDecoder(r.Body).Decode(&payload); err != nil {
-			http.Error(w, "bad body", http.StatusBadRequest)
-			return
-		}
-		// Verify APPROVED is normalized to APPROVE
-		if payload.Event != "APPROVE" {
-			http.Error(w, fmt.Sprintf("expected APPROVE, got %s", payload.Event), http.StatusBadRequest)
-			return
-		}
-		w.Header().Set("Content-Type", "application/json")
-		w.WriteHeader(http.StatusOK)
-		fmt.Fprintf(w, `{"id":99,"body":%q,"user":{"login":"bot"},"state":"APPROVED","commit_id":%q}`, payload.Body, payload.CommitID)
-	}))
-	defer srv.Close()
-
-	c := newTestClient(srv)
-	// Pass "APPROVED" (Gitea-style) — should be normalized to APPROVE
-	review, err := c.PostReview(context.Background(), "owner", "repo", 10, "APPROVED", "Looks good", "abc123", nil)
-	if err != nil {
-		t.Fatalf("PostReview: %v", err)
-	}
-	if review.ID != 99 {
-		t.Errorf("review.ID = %d, want 99", review.ID)
-	}
-	if review.User.Login != "bot" {
-		t.Errorf("review.User.Login = %q, want bot", review.User.Login)
-	}
-}
-
-func TestListReviews(t *testing.T) {
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.URL.Path != "/repos/owner/repo/pulls/7/reviews" {
-			http.Error(w, "unexpected", http.StatusNotFound)
-			return
-		}
-		w.Header().Set("Content-Type", "application/json")
-		fmt.Fprintln(w, `[{"id":1,"body":"LGTM","user":{"login":"alice"},"state":"APPROVED","commit_id":"abc"}]`)
-	}))
-	defer srv.Close()
-
-	c := newTestClient(srv)
-	reviews, err := c.ListReviews(context.Background(), "owner", "repo", 7)
-	if err != nil {
-		t.Fatalf("ListReviews: %v", err)
-	}
-	if len(reviews) != 1 {
-		t.Fatalf("len(reviews) = %d, want 1", len(reviews))
-	}
-	if reviews[0].User.Login != "alice" {
-		t.Errorf("User.Login = %q, want alice", reviews[0].User.Login)
-	}
-}
-
-func TestGetAuthenticatedUser(t *testing.T) {
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.URL.Path != "/user" {
-			http.Error(w, "unexpected", http.StatusNotFound)
-			return
-		}
-		w.Header().Set("Content-Type", "application/json")
-		fmt.Fprintln(w, `{"login":"sonnet-review"}`)
-	}))
-	defer srv.Close()
-
-	c := newTestClient(srv)
-	login, err := c.GetAuthenticatedUser(context.Background())
-	if err != nil {
-		t.Fatalf("GetAuthenticatedUser: %v", err)
-	}
-	if login != "sonnet-review" {
-		t.Errorf("login = %q, want sonnet-review", login)
-	}
-}
-
-func TestResolveComment_NoOp(t *testing.T) {
-	// ResolveComment is a no-op on GitHub — should not make any HTTP call.
-	callCount := 0
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		callCount++
-		http.Error(w, "unexpected call", http.StatusInternalServerError)
-	}))
-	defer srv.Close()
-
-	c := newTestClient(srv)
-	if err := c.ResolveComment(context.Background(), "owner", "repo", 123); err != nil {
-		t.Errorf("ResolveComment: %v (expected no-op)", err)
-	}
-	if callCount != 0 {
-		t.Errorf("expected no HTTP calls, got %d", callCount)
-	}
-}
-
-func TestGetTimelineReviewCommentIDForReview(t *testing.T) {
-	// Should return reviewID unchanged without making HTTP calls.
-	callCount := 0
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		callCount++
-		http.Error(w, "unexpected", http.StatusInternalServerError)
-	}))
-	defer srv.Close()
-
-	c := newTestClient(srv)
-	got, err := c.GetTimelineReviewCommentIDForReview(context.Background(), "owner", "repo", 5, 42)
-	if err != nil {
-		t.Fatalf("GetTimelineReviewCommentIDForReview: %v", err)
-	}
-	if got != 42 {
-		t.Errorf("got %d, want 42", got)
-	}
-	if callCount != 0 {
-		t.Errorf("expected no HTTP calls, got %d", callCount)
-	}
-}
-
-func TestRequestReviewer(t *testing.T) {
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.Method != http.MethodPost || r.URL.Path != "/repos/owner/repo/pulls/3/requested_reviewers" {
-			http.Error(w, "unexpected", http.StatusNotFound)
-			return
-		}
-		var payload struct {
-			Reviewers []string `json:"reviewers"`
-		}
-		if err := json.NewDecoder(r.Body).Decode(&payload); err != nil || len(payload.Reviewers) == 0 {
-			http.Error(w, "bad body", http.StatusBadRequest)
-			return
-		}
-		if payload.Reviewers[0] != "bot-user" {
-			http.Error(w, fmt.Sprintf("unexpected reviewer %q", payload.Reviewers[0]), http.StatusBadRequest)
-			return
-		}
-		w.WriteHeader(http.StatusCreated)
-		fmt.Fprintln(w, `{}`)
-	}))
-	defer srv.Close()
-
-	c := newTestClient(srv)
-	if err := c.RequestReviewer(context.Background(), "owner", "repo", 3, "bot-user"); err != nil {
-		t.Errorf("RequestReviewer: %v", err)
-	}
-}
-
-func TestEditComment(t *testing.T) {
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.Method != http.MethodPatch || r.URL.Path != "/repos/owner/repo/pulls/comments/55" {
-			http.Error(w, "unexpected", http.StatusNotFound)
-			return
-		}
-		var payload struct {
-			Body string `json:"body"`
-		}
-		if err := json.NewDecoder(r.Body).Decode(&payload); err != nil {
-			http.Error(w, "bad body", http.StatusBadRequest)
-			return
-		}
-		if payload.Body != "updated body" {
-			http.Error(w, "wrong body", http.StatusBadRequest)
-			return
-		}
-		w.Header().Set("Content-Type", "application/json")
-		w.WriteHeader(http.StatusOK)
-		fmt.Fprintln(w, `{"id":55,"body":"updated body"}`)
-	}))
-	defer srv.Close()
-
-	c := newTestClient(srv)
-	if err := c.EditComment(context.Background(), "owner", "repo", 55, "updated body"); err != nil {
-		t.Errorf("EditComment: %v", err)
-	}
-}
-
-func TestListReviewComments(t *testing.T) {
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.URL.Path != "/repos/owner/repo/pulls/9/reviews/20/comments" {
-			http.Error(w, "unexpected", http.StatusNotFound)
-			return
-		}
-		w.Header().Set("Content-Type", "application/json")
-		fmt.Fprintln(w, `[{"id":100,"path":"main.go","position":5,"body":"Needs fix"}]`)
-	}))
-	defer srv.Close()
-
-	c := newTestClient(srv)
-	comments, err := c.ListReviewComments(context.Background(), "owner", "repo", 9, 20)
-	if err != nil {
-		t.Fatalf("ListReviewComments: %v", err)
-	}
-	if len(comments) != 1 {
-		t.Fatalf("len(comments) = %d, want 1", len(comments))
-	}
-	if comments[0].Path != "main.go" {
-		t.Errorf("Path = %q, want main.go", comments[0].Path)
-	}
-	if comments[0].Position != 5 {
-		t.Errorf("Position = %d, want 5", comments[0].Position)
-	}
-}
-
-func TestDeleteReview(t *testing.T) {
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.Method != http.MethodDelete || r.URL.Path != "/repos/owner/repo/pulls/7/reviews/11" {
-			http.Error(w, "unexpected", http.StatusNotFound)
-			return
-		}
-		w.WriteHeader(http.StatusNoContent)
-	}))
-	defer srv.Close()
-
-	c := newTestClient(srv)
-	if err := c.DeleteReview(context.Background(), "owner", "repo", 7, 11); err != nil {
-		t.Errorf("DeleteReview: %v", err)
-	}
-}
-
-func TestGetAllFilesInPath(t *testing.T) {
-	content := "file content"
-	encoded := base64.StdEncoding.EncodeToString([]byte(content))
-
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		switch r.URL.Path {
-		case "/repos/owner/repo/contents/patterns":
-			w.Header().Set("Content-Type", "application/json")
-			fmt.Fprintln(w, `[{"name":"patterns.md","path":"patterns/patterns.md","type":"file"}]`)
-		case "/repos/owner/repo/contents/patterns/patterns.md":
-			w.Header().Set("Content-Type", "application/json")
-			resp := map[string]string{"content": encoded + "\n", "encoding": "base64"}
-			if err := json.NewEncoder(w).Encode(resp); err != nil {
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-			}
-		default:
-			http.Error(w, "unexpected: "+r.URL.Path, http.StatusNotFound)
-		}
-	}))
-	defer srv.Close()
-
-	c := newTestClient(srv)
-	files, err := c.GetAllFilesInPath(context.Background(), "owner", "repo", "patterns")
-	if err != nil {
-		t.Fatalf("GetAllFilesInPath: %v", err)
-	}
-	if len(files) != 1 {
-		t.Fatalf("len(files) = %d, want 1", len(files))
-	}
-	if files["patterns/patterns.md"] != content {
-		t.Errorf("content = %q, want %q", files["patterns/patterns.md"], content)
-	}
-}