Skip to content

fix(github-app): reduce PR review noise#503

Open
Darkroom4364 wants to merge 2 commits into
mainfrom
fix/github-app-pr-noise
Open

fix(github-app): reduce PR review noise#503
Darkroom4364 wants to merge 2 commits into
mainfrom
fix/github-app-pr-noise

Conversation

@Darkroom4364

@Darkroom4364 Darkroom4364 commented Jun 12, 2026
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown
Collaborator

Summary

  • gate GitHub App PR scans to code-changing actions only
  • filter PR findings to added lines only instead of added plus context lines
  • keep dependency/SCA findings out of inline PR comments and check annotations, and summarize them in the check run instead
  • stop creating new submitted foxguard review summaries on every rerun

Testing

  • cargo test --features github-app github_app::review::tests::
  • cargo test --features github-app pull_request_action_filter_matches_code_changing_events

Summary by CodeRabbit

  • New Features

    • Added tighter handling of pull request webhook actions, processing only relevant actions.
    • Updated PR review comment posting to deliver findings as individual, line-specific comments.

  • Bug Fixes

    • Review comments now target newly added lines only (avoiding unchanged context).
    • Check-run summaries and annotations now better reflect changed lines and highlight dependency findings (summary-only) with formatted package/version details.

  • Tests

    • Updated unit tests to cover action filtering, added-line parsing, and summary-only dependency behavior.

@coderabbitai

coderabbitai Bot commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 326dadb5-2ff6-47cd-bee9-645b1d4c7979

📥 Commits

Reviewing files that changed from the base of the PR and between 2cf3a72 and b354170.

📒 Files selected for processing (1)
  • src/github_app/review.rs
📝 Walkthrough

Walkthrough

The PR adds early action filtering to the GitHub webhook handler, constrains PR review comments to added diff lines only, switches from bundled review requests to individual per-comment POST submissions, and introduces summary-only handling for dependency findings in check-run artifacts.

Changes

GitHub Webhook and PR Review Pipeline

Layer / File(s) Summary
Webhook PR action filtering
src/bin/foxguard_github_app.rs		 Webhook handler extracts PR action early and filters via should_process_pull_request_action to spawn processing only for opened, reopened, synchronize, and ready_for_review events; edited, labeled, and other non-scanable actions are ignored.
Added-line scoping for commentable findings
src/report/github_pr.rs, src/github_app/review.rs		 Patch parsing is updated to include only added (+) diff lines in commentable sets, excluding context ( ) lines; commentable_lines_from_patch in github_pr.rs is paralleled by added_lines_from_patch in review.rs; documentation and tests reflect the new added-only behavior.
Per-comment review posting mechanism
src/github_app/review.rs		 Review comment posting switches from bundled POST /reviews to individual POST /pulls/{pr}/comments requests, with commit_id injected into each comment payload; new post_review_comments and review_comment_payloads helpers support the per-comment flow while filtering summary-only findings.
Dependency finding classification and check-run summary enhancement
src/github_app/review.rs		 New is_summary_only_finding classifier marks dependency records as ineligible for inline comments; post_check_run derives effective_findings excluding dependency findings from annotations; check-run summaries append a formatted section listing dependency details with GHSA identifiers and package versions, with truncation and overflow counts when applicable.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

  • 0sec-labs/foxguard#490: Modifies src/report/github_pr.rs to refine how "commentable" review target lines are derived from PR file patch content (diff hunk/added-line filtering).
  • 0sec-labs/foxguard#289: Introduces the /webhook server and routing in src/bin/foxguard_github_app.rs; this PR refines the pull request webhook handler with action filtering and conditional task spawning.
  • 0sec-labs/foxguard#362: Introduces check-run annotation posting capability; this PR modifies the same check-run logic to filter and summarize dependency findings.

Suggested reviewers

  • peaktwilight

Poem

🐰 A rabbit hops through diffs with glee,
Filtering actions, one-two-three!
Added lines only, no context noise,
Per-comment posts bring webhook joys.
Dependencies summarized, complete and right,
The PR review pipeline shines so bright! ✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'fix(github-app): reduce PR review noise' directly captures the main objective of the changeset: reducing unnecessary noise in GitHub PR reviews by filtering to added lines only, excluding dependency findings from inline comments, and gating scans to code-changing actions.
Docstring Coverage ✅ Passed Docstring coverage is 92.50% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/github-app-pr-noise

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed Jun 12, 2026
View reviewed changes

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (2)
src/github_app/review.rs (2)

259-288: 🩺 Stability & Availability | 💤 Low value

Partial comment posting on mid-loop HTTP failure.

If the loop fails partway through (e.g., comment 3 of 5 returns a 4xx/5xx), the function returns an error immediately, but the earlier comments remain posted. The caller then proceeds to delete the old foxguard comments, leaving the PR with a partial set of new comments and no easy way to recover.

Consider either:

  1. Collecting errors and continuing to post remaining comments, returning a partial-success outcome.
  2. Tracking successfully posted comment IDs and deleting them on failure before returning.

Given the existing best-effort semantics and that stale comments get cleaned up on the next successful run, this may be acceptable for now—but worth documenting or revisiting if partial states cause user confusion.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/github_app/review.rs` around lines 259 - 288, The loop in
post_review_comments posts comments one-by-one and aborts on the first HTTP
error, leaving earlier comments posted; update post_review_comments to track
successfully posted comment IDs (parse the POST response JSON for the "id" after
each .send().await?.error_for_status() call) and, if any subsequent POST fails,
iterate those IDs and DELETE each comment via the same GitHub API client (use
the same bearer_auth and headers against
"repos/{owner}/{name}/pulls/comments/{id}" or the appropriate comment delete
endpoint), swallowing/logging deletion errors but attempting best-effort
rollback before returning the original error; ensure commit_id injection and URL
construction logic (RepositoryPath parsing, self.endpoint, and foxguard ignore)
remain unchanged.

451-472: 📐 Maintainability & Code Quality | 💤 Low value

Duplicate patch-parsing logic with src/report/github_pr.rs.

added_lines_from_patch here is nearly identical to commentable_lines_from_patch in github_pr.rs. Consider extracting a shared helper (e.g., in a common module) to avoid divergence over time.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/github_app/review.rs` around lines 451 - 472, Extract the duplicate
patch-parsing logic into a shared helper (e.g., parse_added_lines_from_patch)
and replace both added_lines_from_patch and commentable_lines_from_patch with
calls to that helper; specifically, move the loop that parses hunks, tracks
new_line via hunk_new_start, and collects added line numbers into a common
utility function, keep the same signature semantics (Option<&str> ->
Option<HashSet<usize>>), and update the callers in review.rs
(added_lines_from_patch) and github_pr.rs (commentable_lines_from_patch) to call
the new helper to avoid duplicated code and future drift.
🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/github_app/review.rs`:
- Around line 259-288: The loop in post_review_comments posts comments
one-by-one and aborts on the first HTTP error, leaving earlier comments posted;
update post_review_comments to track successfully posted comment IDs (parse the
POST response JSON for the "id" after each .send().await?.error_for_status()
call) and, if any subsequent POST fails, iterate those IDs and DELETE each
comment via the same GitHub API client (use the same bearer_auth and headers
against "repos/{owner}/{name}/pulls/comments/{id}" or the appropriate comment
delete endpoint), swallowing/logging deletion errors but attempting best-effort
rollback before returning the original error; ensure commit_id injection and URL
construction logic (RepositoryPath parsing, self.endpoint, and foxguard ignore)
remain unchanged.
- Around line 451-472: Extract the duplicate patch-parsing logic into a shared
helper (e.g., parse_added_lines_from_patch) and replace both
added_lines_from_patch and commentable_lines_from_patch with calls to that
helper; specifically, move the loop that parses hunks, tracks new_line via
hunk_new_start, and collects added line numbers into a common utility function,
keep the same signature semantics (Option<&str> -> Option<HashSet<usize>>), and
update the callers in review.rs (added_lines_from_patch) and github_pr.rs
(commentable_lines_from_patch) to call the new helper to avoid duplicated code
and future drift.
ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: a0047492-3c12-4ea2-8ae4-947477b0a83c

📥 Commits

Reviewing files that changed from the base of the PR and between b3d1b44 and 2cf3a72.

📒 Files selected for processing (3)
  • src/bin/foxguard_github_app.rs
  • src/github_app/review.rs
  • src/report/github_pr.rs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Darkroom4364