fix(gitea): guard against empty response in ListContents fallback

Add defensive check for empty Name and Path fields when unmarshaling a single ContentEntry in the fallback path. While Gitea API won't return empty objects for valid file paths, this guard: - Explicitly documents the invariant we expect - Catches potential API behavior changes early - Costs nothing at runtime Addresses [MINOR] from sonnet-review-bot on PR #74.
fix(gitea): handle single-object response in ListContents
2026-05-11 07:47:03 -07:00 · 2026-05-11 07:21:15 -07:00 · 2026-05-11 14:16:22 +00:00 · 2026-05-11 07:12:25 -07:00 · 2026-05-11 06:24:05 -07:00 · 2026-05-11 12:59:50 +00:00
3 changed files with 75 additions and 5 deletions
@@ -38,6 +38,8 @@ jobs:
          - name: security
            token_secret: SECURITY_REVIEW_TOKEN
            model: gpt-5
+            patterns_repo: rodin/security-patterns
+            patterns_files: "."
            system_prompt_file: SECURITY_REVIEW.md
    steps:
      - uses: actions/checkout@v4
@@ -60,8 +62,8 @@ jobs:
          AICORE_API_URL: ${{ secrets.AICORE_API_URL }}
          AICORE_RESOURCE_GROUP: ${{ secrets.AICORE_RESOURCE_GROUP }}
          CONVENTIONS_FILE: "CONVENTIONS.md"
-          PATTERNS_REPO: "rodin/go-patterns"
-          PATTERNS_FILES: "README.md,patterns/"
+          PATTERNS_REPO: ${{ matrix.patterns_repo || 'rodin/go-patterns' }}
+          PATTERNS_FILES: ${{ matrix.patterns_files || 'README.md,patterns/' }}
          LLM_TIMEOUT: "600"
          SYSTEM_PROMPT_FILE: ${{ matrix.system_prompt_file }}
        run: ./review-bot
@@ -434,7 +434,13 @@ type ContentEntry struct {

 // ListContents lists files and directories at a given path in a repo.
 // Pass an empty path to list the repository root.
+// If the path points to a file (not a directory), Gitea returns a single
+// object instead of an array; this method normalizes both cases to a slice.
 func (c *Client) ListContents(ctx context.Context, owner, repo, path string) ([]ContentEntry, error) {
+	// Normalize "." to empty string — Gitea API rejects "." with 500
+	if path == "." {
+		path = ""
+	}
 	var reqURL string
 	if path == "" {
 		reqURL = fmt.Sprintf("%s/api/v1/repos/%s/%s/contents", c.baseURL, url.PathEscape(owner), url.PathEscape(repo))
@@ -447,7 +453,16 @@ func (c *Client) ListContents(ctx context.Context, owner, repo, path string) ([]
 	}
 	var entries []ContentEntry
 	if err := json.Unmarshal(body, &entries); err != nil {
-		return nil, fmt.Errorf("parse contents JSON: %w", err)
+		// Gitea returns a single object (not an array) when path is a file
+		var single ContentEntry
+		if err2 := json.Unmarshal(body, &single); err2 != nil {
+			return nil, fmt.Errorf("parse contents JSON: %w", err)
+		}
+		// Guard against empty/malformed responses
+		if single.Name == "" && single.Path == "" {
+			return nil, fmt.Errorf("parse contents JSON: empty response for path %q", path)
+		}
+		entries = []ContentEntry{single}
 	}
 	return entries, nil
 }
@@ -280,11 +280,64 @@ func TestListContents(t *testing.T) {
 	}
 }

+func TestListContents_DotPath(t *testing.T) {
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// "." should be normalized to empty path, which hits the root contents endpoint
+		if r.URL.Path != "/api/v1/repos/owner/repo/contents" {
+			t.Errorf("expected root contents path, got: %s", r.URL.Path)
+		}
+		w.Header().Set("Content-Type", "application/json")
+		fmt.Fprintf(w, `[{"name":"README.md","path":"README.md","type":"file"}]`)
+	}))
+	defer server.Close()
+
+	client := NewClient(server.URL, "test-token")
+	entries, err := client.ListContents(context.Background(), "owner", "repo", ".")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if len(entries) != 1 {
+		t.Fatalf("expected 1 entry, got %d", len(entries))
+	}
+	if entries[0].Name != "README.md" {
+		t.Errorf("expected README.md, got %s", entries[0].Name)
+	}
+}
+
+func TestListContents_FilePath(t *testing.T) {
+	// Gitea returns a single object (not an array) when path is a file
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path != "/api/v1/repos/owner/repo/contents/README.md" {
+			t.Errorf("unexpected path: %s", r.URL.Path)
+		}
+		w.Header().Set("Content-Type", "application/json")
+		// Single object, not an array
+		fmt.Fprintf(w, `{"name":"README.md","path":"README.md","type":"file"}`)
+	}))
+	defer server.Close()
+
+	client := NewClient(server.URL, "test-token")
+	entries, err := client.ListContents(context.Background(), "owner", "repo", "README.md")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if len(entries) != 1 {
+		t.Fatalf("expected 1 entry, got %d", len(entries))
+	}
+	if entries[0].Name != "README.md" {
+		t.Errorf("expected README.md, got %s", entries[0].Name)
+	}
+	if entries[0].Type != "file" {
+		t.Errorf("expected type file, got %s", entries[0].Type)
+	}
+}
+
 func TestGetAllFilesInPath_File(t *testing.T) {
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if r.URL.Path == "/api/v1/repos/owner/repo/contents/README.md" {
-			// Gitea returns 404 for contents API on files (it's not a dir)
-			http.NotFound(w, r)
+			// Gitea returns a single object (not array) when path is a file
+			w.Header().Set("Content-Type", "application/json")
+			fmt.Fprintf(w, `{"name":"README.md","path":"README.md","type":"file"}`)
 			return
 		}
 		if r.URL.Path == "/api/v1/repos/owner/repo/raw/README.md" {
Author	SHA1	Message	Date
Rodin	c27dfd0f08	fix(gitea): guard against empty response in ListContents fallback PR Ready Gate / clear-labels (pull_request) Successful in 2s Details CI / test (pull_request) Successful in 22s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 26s Details CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 40s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 58s Details Add defensive check for empty Name and Path fields when unmarshaling a single ContentEntry in the fallback path. While Gitea API won't return empty objects for valid file paths, this guard: - Explicitly documents the invariant we expect - Catches potential API behavior changes early - Costs nothing at runtime Addresses [MINOR] from sonnet-review-bot on PR #74.	2026-05-11 07:47:03 -07:00
Rodin	1b6c37605f	fix(gitea): handle single-object response in ListContents CI / test (pull_request) Successful in 17s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 26s Details CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 35s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m9s Details When ListContents is called with a path that points to a file (not a directory), Gitea returns a single JSON object instead of an array. Previously this caused json.Unmarshal to fail with: json: cannot unmarshal object into Go value of type []gitea.ContentEntry Now ListContents tries array unmarshal first, and falls back to single object unmarshal, wrapping it in a slice. This allows patterns-files config to specify individual files like 'README.md' without triggering a parse error. Also updates TestGetAllFilesInPath_File to reflect actual Gitea behavior (single object response, not 404). Fixes #73	2026-05-11 07:21:15 -07:00
aweiker	036e96d9b7	Merge pull request 'fix(gitea): normalize "." path to empty string in ListContents' (#72 ) from issue-70 into main CI / test (push) Successful in 17s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (push) Has been skipped Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (push) Has been skipped Details CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (push) Has been skipped Details Reviewed-on: #72 Reviewed-by: security-review-bot <10+security-review-bot@noreply.gitea.weiker.me> Reviewed-by: Aaron Weiker <aaron@weiker.org>	2026-05-11 14:16:22 +00:00
Rodin	ea74f7e088	ci: use rodin/security-patterns with '.' path for security reviewer PR Ready Gate / clear-labels (pull_request) Successful in 2s Details CI / test (pull_request) Successful in 17s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 23s Details CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 46s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 52s Details Tests the dot path normalization fix end-to-end.	2026-05-11 07:12:25 -07:00
Rodin	e6b1840ffc	fix(gitea): normalize "." path to empty string in ListContents CI / test (pull_request) Successful in 18s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 26s Details CI / review (gpt-5, security, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 34s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 43s Details Gitea API rejects "." with HTTP 500 (malformed path component). When patterns-files is set to ".", normalize it to empty string before making the API call. Fixes #70	2026-05-11 06:24:05 -07:00
aweiker	1ca9250e4a	Merge pull request 'feat(gitea): add retry logic for 5xx errors' (#69 ) from issue-68 into main CI / test (push) Successful in 17s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (push) Has been skipped Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (push) Has been skipped Details CI / review (gpt-5, security, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (push) Has been skipped Details Reviewed-on: #69 Reviewed-by: security-review-bot <10+security-review-bot@noreply.gitea.weiker.me> Reviewed-by: Aaron Weiker <aaron@weiker.org>	2026-05-11 12:59:50 +00:00