feat: per-repo issue tracker, Gitea support, PR review pipeline #10

Merged

sharang merged 7 commits from feat/per-repo-tracker-config into main 2026-03-11 12:14:00 +00:00

Conversation 0 Commits 7 Files Changed 22 +1582 -122

sharang commented 2026-03-11 10:29:57 +00:00

Owner

Copy Link

Summary

• Per-repository issue tracker configuration: configure tracker type (GitHub/GitLab/Gitea/Jira), owner, repo, and token per repository at creation or later via edit modal
• Gitea tracker implementation: full IssueTracker trait impl using Gitea API v1 (issues, PR reviews, dedup search)
• Stage 6 issue creation: scan pipeline now auto-creates issues in the configured tracker for new findings with severity >= Medium, with fingerprint-based deduplication
• PR review pipeline: on PR open/sync webhook, runs incremental semgrep + LLM code review on changed files and posts review comments via tracker
• Webhook infrastructure: per-repo auto-generated secrets, per-repo webhook URLs, dashboard proxies webhooks to agent (agent not exposed publicly)
• Dashboard UI: edit modal with tracker config fields, webhook URL + secret display, Gitea option in tracker type dropdown
• Misc: demote "Parsing file" log from info to debug

Test plan

• Add a repo with Gitea tracker config (type, owner, repo, token)
• Trigger scan and verify issues are created in Gitea for medium+ findings
• Re-scan and verify duplicate issues are not created
• Set up Gitea webhook using URL + secret from edit modal
• Open a PR and verify review comments are posted
• Verify push webhook triggers a scan

## Summary - **Per-repository issue tracker configuration**: configure tracker type (GitHub/GitLab/Gitea/Jira), owner, repo, and token per repository at creation or later via edit modal - **Gitea tracker implementation**: full IssueTracker trait impl using Gitea API v1 (issues, PR reviews, dedup search) - **Stage 6 issue creation**: scan pipeline now auto-creates issues in the configured tracker for new findings with severity >= Medium, with fingerprint-based deduplication - **PR review pipeline**: on PR open/sync webhook, runs incremental semgrep + LLM code review on changed files and posts review comments via tracker - **Webhook infrastructure**: per-repo auto-generated secrets, per-repo webhook URLs, dashboard proxies webhooks to agent (agent not exposed publicly) - **Dashboard UI**: edit modal with tracker config fields, webhook URL + secret display, Gitea option in tracker type dropdown - **Misc**: demote "Parsing file" log from info to debug ## Test plan - [x] Add a repo with Gitea tracker config (type, owner, repo, token) - [x] Trigger scan and verify issues are created in Gitea for medium+ findings - [x] Re-scan and verify duplicate issues are not created - [x] Set up Gitea webhook using URL + secret from edit modal - [x] Open a PR and verify review comments are posted - [x] Verify push webhook triggers a scan

sharang added 5 commits 2026-03-11 10:29:57 +00:00

feat: add per-repository issue tracker config with Gitea support ... a4415dd94c

Add ability to configure issue tracker (GitHub, GitLab, Gitea, Jira) per
repository at creation time and edit later via PATCH endpoint. Includes
new Gitea tracker implementation, edit modal in dashboard, and
tracker_token field on the repository model.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

feat: implement Stage 6 issue creation in scan pipeline ... 570e3c5c9e

After scan findings are persisted, Stage 6 now creates issues in the
configured tracker (GitHub/GitLab/Gitea/Jira) for new findings with
severity >= Medium. Includes fingerprint-based dedup, per-repo token
fallback to global config, and formatted markdown issue bodies.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

fix: Gitea labels as body text, demote parse log to debug ... 9e5342bfd6

Gitea API expects label IDs (integers), not names. Append label names
to the issue body instead. Also lower "Parsing file" log from info to
debug to reduce noise.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

feat: implement PR review pipeline with Gitea/GitHub/GitLab webhooks ... 7a0a53d399

On PR open/sync, webhook triggers incremental scan: runs semgrep on
changed files + LLM code review on the diff, then posts review comments
via the configured tracker. Adds Gitea webhook handler with HMAC-SHA256
verification, and wires up the previously stubbed GitHub/GitLab PR
handlers.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

feat: auto-generated per-repo webhook secrets with dashboard proxy ... 0cb208408e

- Auto-generate webhook_secret on repository creation (UUID-based)
- Webhook routes use per-repo URLs: /webhook/{platform}/{repo_id}
- Verify signatures using per-repo secret (not global env var)
- Dashboard proxies webhooks to agent (agent not exposed publicly)
- Edit modal shows webhook URL + secret for user to copy into Gitea
- Add webhook-config API endpoint to retrieve per-repo secret
- Add Gitea option to edit dialog tracker type dropdown

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

sharang added 1 commit 2026-03-11 11:06:52 +00:00

fix: resolve clippy errors (expect_used, manual strip_prefix) ... f11e6d44cc

Replace expect() calls with let-else returns in SBOM download, use
strip_prefix() instead of manual slicing in extract_base_url, and
suppress too_many_arguments on server function.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

sharang added 1 commit 2026-03-11 11:55:06 +00:00

fix: resolve clippy too_many_arguments errors and upgrade CI to Rust 1.94 ... 71d8f0fd17

Move #[allow(clippy::too_many_arguments)] to module level so it
propagates through Dioxus #[server] macro expansion. Upgrade CI
container from rust:1.89 to rust:1.94 to match local toolchain.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

sharang merged commit 491665559f into main 2026-03-11 12:14:00 +00:00

sharang referenced this issue from a commit 2026-03-11 12:14:02 +00:00

feat: per-repo issue tracker, Gitea support, PR review pipeline (#10)

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

bug

critical

enhancement

high

infrastructure

performance

security

v0.3.0

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

sharang

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: sharang/compliance-scanner-agent#10