feat(commands): wire @gittensory explain to echo a review finding rationale (#2169)#4052
Conversation
…ationale (JSONbored#2169) Add maybeProcessExplainCommand so a contributor/maintainer can ask for more detail on a specific posted review finding. Mirrors the `resolve` command's classify -> authorize -> normalizeResolveFindingRef -> selectWarningsForResolve lookup over the PR's current advisory, but instead of mutating it echoes the finding's already-generated, public-safe rationale via sanitizePublicComment. It runs no model (echo only, per JSONbored#2169's contributor scope) and mutates nothing, so — like the read-only `configuration` command — it posts regardless of the agent action mode. A specific finding must be named: an absent argument (which normalizeResolveFindingRef reads as whole_pr) is a skip, not "explain everything"; an unknown id gets a public-safe not-found note rather than a silent no-op. Every disposition records a github_app.finding_explained[_denied|_skipped] audit event. Part of JSONbored#1960.
|
Superagent didn't find any vulnerabilities or security issues in this PR. |
|
Tip 🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩 ✅ Gittensory review result - approve/merge recommendedReview updated: 2026-07-07 15:10:05 UTC
✅ Suggested Action - Approve/Merge
Review summary Nits — 5 non-blocking
Review context
Contributor next steps
Signal definitions
🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed 💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →. Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #4052 +/- ##
=======================================
Coverage 93.57% 93.58%
=======================================
Files 378 378
Lines 35487 35532 +45
Branches 13017 13028 +11
=======================================
+ Hits 33207 33252 +45
Misses 1618 1618
Partials 662 662
🚀 New features to boost your workflow:
|
Summary
Wires
@gittensory explain <finding>so a contributor or maintainer can ask for more detail on a specific posted review finding. Theexplainverb was already registered as an argument-taking command (src/github/commands.ts) and documented in the command reference, but had no dispatch handler — this addsmaybeProcessExplainCommand.It mirrors the existing
resolvecommand's lookup —classifyPrCommandRequest→authorizePrActionActor→normalizeResolveFindingRef→selectWarningsForResolveover the PR's current advisory — but instead of mutating anything it echoes the finding's already-generated, public-safe rationale viasanitizePublicComment. Per the issue's contributor scope it runs no model (echo only) and mutates nothing, so — like the read-onlyconfigurationcommand — it posts regardless of the agent action mode. A specific finding must be named: an absent argument (whichnormalizeResolveFindingRefreads aswhole_pr) is a skip, not "explain everything"; an unknown id gets a public-safe not-found note rather than a silent no-op. Every disposition records agithub_app.finding_explained/_denied/_skippedaudit event.Closes #2169. Part of #1960.
Scope
type(scope): short summaryConventional Commit format.CONTRIBUTING.mdand does not reintroduce GitHub Pages, VitePress,site/, orCNAME.Closes #2169).Validation
git diff --check— clean.npm run typecheck— clean.npm run test:coveragelocally (full, unsharded) — no logic failures;codecov/patchpredicted 100% of the changed lines AND branches (46/46 changedsrc/**statements + both sides of thefinding.actionconditional). The only failing suites locally are the known Windowsspawn claude/codex/docker ENOENTenv families, which pass on Linux CI.If any required check was skipped, explain why:
test:workers/build:mcp/test:mcp-pack/ui:*/actionlint/npm auditwere not run locally — this change is a self-contained backend queue-processor handler that touches no worker entrypoint, MCP package, UI, GitHub workflow, or dependency, so none of those surfaces are affected; CI covers them.Safety
sanitizePublicComment, the same public-safe filter every other command comment uses.> [!NOTE]card with the finding's stored title/detail/action.evaluateCommandAuthorization("explain")over the real repo permission); the unauthorized path has a negative-path test.explain).UI Evidence
N/A — backend-only change (no visible UI, frontend, docs, or extension surface).
Notes
explainnever posts or patches the Gate check-run (asserted in the echo test) and never calls the model — new AI generation is a separate maintainer-owned budget concern per feat(commands): @gittensory explain <finding> command — parse + classify + echo a finding's rationale (dispatch scaffold) #2169.