Extract only the first tag from Docker metadata output to fix
"could not parse reference" error when multiple tags are present.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Only push Docker images when not in a pull request context. PRs don't have
permission to push to ghcr.io, so we should only build without pushing.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Remove branch prefix from sha-based tags to avoid invalid tag format
when branch name is empty. Tags cannot start with a hyphen.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
The project is written in JavaScript, not TypeScript, so there's no
typecheck script in package.json. Removing this step prevents CI failures.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove unused variables and imports
- Add underscore prefix to intentionally unused caught errors
- Fix ESLint config to recognize underscore pattern for caught errors
- Update test mocks to use underscore prefix for unused parameters
All 12 linting errors resolved, only warnings remain.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Only set base/head parameters for pull requests
- For scheduled runs and pushes, let TruffleHog scan entire repo
- Fixes "BASE and HEAD commits are the same" error
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add GitHub Actions deployment workflow for staging and production
- Add deployment scripts for automated deployments
- Add GitHub runner management scripts
- Add staging docker-compose configuration
- Enable automatic deployments on push to main (staging) and version tags (production)
- Keep structured logging with dockerImageName parameter from fix-docker-command-injection branch
- Merge latest changes from main including CI/CD improvements, Docker Hub setup, and documentation updates
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Clarify that DOCKER_HUB_USERNAME is an environment variable, not a secret
- Add cross-reference to existing docker-ci-cd.md documentation
- Document both build jobs that use Docker Hub authentication
- Update troubleshooting section to reflect actual workflow configuration
This addresses the concerns raised in the automated PR review about
incorrect secret references and documentation overlap.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Document how to create Docker Hub access tokens
- Explain both repository and organization secret setup options
- Include troubleshooting steps for common authentication issues
- Add security best practices for token management
This guide helps contributors set up Docker Hub authentication
correctly to avoid the "Password required" error in CI/CD workflows.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Replace placeholder 'your-org/claude-github-webhook' with actual repository 'intelligence-assist/claude-hub'
- Fix broken CI Pipeline and Security Scans badges in README
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Resolved conflicts:
- Updated PR review prompt to include commit SHA tracking
- Integrated new features from main (PR labels, deduplication)
- Maintained comprehensive GitHub API instructions format
- Replace basic PR review workflow with detailed GitHub API instructions
- Add inline comment creation using gh api commands with proper parameters
- Include commit ID retrieval for line-specific comments
- Add comprehensive review submission with batch comments
- Provide clear guidance on review event types (APPROVE, REQUEST_CHANGES, COMMENT)
- Add file-type specific review focus areas
- Include multi-file output strategies for different PR sizes
- Update tests to match new prompt format and add GitHub service mocks
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Mock @octokit/rest module to prevent ES module import errors in Jest
- Provide mock implementations for all Octokit methods used in tests
- Tests now pass with the new Octokit-based implementation
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Install @octokit/rest package for secure GitHub API access
- Replace manual URL construction with Octokit client methods
- Fix all 6 CodeQL security alerts (3 critical SSRF, 3 medium)
- Update all GitHub API calls to use type-safe Octokit methods
- Maintain backward compatibility with existing tests
This addresses the server-side request forgery vulnerabilities identified
by CodeQL by using GitHub's official client library instead of manually
constructing API URLs.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add hasReviewedPRAtCommit() to check for existing reviews at specific commit SHA
- Add managePRLabels() to manage review status labels (in-progress, complete)
- Remove Combined Status API check that was incompatible with GitHub Actions
- Update PR reviews to include commit SHA for tracking
- Add comprehensive test coverage for deduplication logic
This prevents duplicate PR reviews when multiple check_suite events occur
and provides clear visual indicators of review status through labels.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fix SHA extraction to use PR's actual commit SHA, not check suite SHA
- Add parallel processing for multiple PRs using Promise.allSettled
- Implement detailed status tracking for each PR review attempt
- Fix error handling to properly report failures and skipped reviews
- Add comprehensive unit tests for all edge cases
- Ensure mutually exclusive counting of success/failure/skipped states
This ensures the automated PR review process correctly verifies the right
commit status and provides clear feedback on what happened with each PR.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed missing catch clause in handleWebhook function
- Removed extra closing braces causing syntax errors
- Fixed indentation issues throughout githubController.js
- Updated lint scripts for ESLint 9 flat config
- Applied automatic formatting fixes
- Fixed test data for check-suite tests
All tests now pass and code meets linting standards.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Added detailed workflow diagrams using Mermaid
- Documented the complete automated PR review process
- Included troubleshooting guides and common issues
- Added code examples for key components
- Documented configuration requirements and security considerations
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed issue where PR reviews weren't being triggered when all checks passed
- Corrected logic to process all PRs in a check_suite event
- Fixed test data to include required SHA values for multiple PR handling
- Removed early return that prevented processing multiple PRs
- Cleaned up debugging code
The webhook now correctly:
1. Detects when check_suite completes with success
2. Verifies all status checks have passed using Combined Status API
3. Triggers Claude review for each associated PR
4. Handles multiple PRs in a single check_suite event
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added detailed logging to understand why PR reviews aren't being triggered.
This will help identify if the issue is with the action type or pull_requests array.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed getCombinedStatus to use githubToken from secure credentials
- Fixed postComment to use consistent token retrieval
- Added missing credential retrieval in addLabelsToIssue and createRepositoryLabels
- Prevents authentication failures that were causing PR reviews to be skipped
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Update workflow descriptions to reflect new CI and deployment structure
- Add note about automated PR reviews when CI jobs complete successfully
- Renumber workflow sections for clarity
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Move build-and-push and deploy jobs to dedicated deploy.yml workflow
- CI workflow now only contains essential PR checks (test, security, docker)
- Prevents skipped deployment jobs from blocking PR review automation
- Fixes issue where PR #36 couldn't trigger automated reviews
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Document the automated PR review system triggered by check_suite events
- Explain Combined Status API validation to prevent duplicate reviews
- Detail the comprehensive review process and focus areas
- Add supported webhook events section
- Clarify configuration requirements
Addresses documentation suggestions from PR #31 review.
The PR review trigger was firing on every individual check_suite completion,
causing 30+ duplicate reviews when multiple CI checks were running. This fix:
- Adds getCombinedStatus() function to query GitHub's Combined Status API
- Validates ALL required status checks pass before triggering review
- Only reviews when combinedStatus.state === 'success'
- Prevents oversensitive triggering while maintaining immediate response
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
This commit improves the AWS credential provider by:
1. Adding proper caching mechanism for credentials
2. Checking for cached credentials before reading from filesystem
3. Fixing the test to properly verify object identity (not just equality)
4. Adding comprehensive documentation for the caching behavior
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Convert .eslintrc.js to eslint.config.js (ESLint v9 format)
- Add global definitions for fetch and URL
- Fix unused variables automatically via ESLint auto-fix
- Configure proper unused variable detection patterns
- All tests passing with good coverage (28 passed, 1 skipped)
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Update CLI command examples in CLAUDE.md to use ./cli/claude-webhook instead of ./claude-webhook now that the script has been moved to the cli/ directory.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove backup Dockerfile and temporary benchmark results
- Organize scripts and documentation into proper directories
- Update CLAUDE.md to reference actual script locations instead of wrappers
- Enhance .gitignore to prevent future root directory clutter
- Move utilities to appropriate locations (cli/, test/, docs/)
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Replace execSync with execFileSync to prevent command injection attacks
- Sanitize container names to only allow safe characters (alphanumeric, dash, underscore)
- Update all Docker command executions to use safe argument arrays
- Remove unused execSync import
- All tests continue to pass
This addresses the CodeQL security alert for uncontrolled command line execution.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed githubController.test.js by adding proper secureCredentials mock
- Fixed githubService.test.js by adding logger and secureCredentials mocks
- Applied code formatting with Prettier across all files
- All tests now pass successfully
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Replaces AWS access key examples (AKIAIOSFODNN7EXAMPLE) and secret keys
with generic EXAMPLE_KEY_ID and EXAMPLE_SECRET_KEY placeholders to prevent
security scanners from flagging them as potential real credentials.
Fixes workflow failure while maintaining test functionality.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove verbose auto-tagging comments that cluttered issues
- Streamline Claude prompt to be more direct and action-oriented
- Auto-tagging now silently applies perfect labels without explanation
- Clean professional experience with satisfying "Claude just knows" feel
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
