`mcp/checkout.test.ts` and `mcp/reviewComments.test.ts` previously hit
live GitHub on every run via `acquireNewToken()`, requiring `GH_TOKEN`
or `GITHUB_APP_ID` + `GITHUB_PRIVATE_KEY` in the env. that made them:
- cred-gated — the action runtime filters `_KEY$` / `_TOKEN$` from
subprocess env, so the husky pre-push hook (which runs
`pnpm -r test`) blocked Pullfrog agents from pushing branches. issues
#562, #563, #564, #566 all hit this exact blocker and never got their
fixes pushed.
- non-deterministic and slow (network round-trips for a snapshot test).
both tests are really snapshot tests of pure formatters
(`formatFilesWithLineNumbers`, plus `parseFilePatches` /
`buildThreadBlocks` / `formatReviewThreads` for review data). the live
fetches were just an inefficient way to obtain fixtures.
changes:
1. extract a pure `formatReviewData({ review, threads, prFiles, ... })`
from `getReviewData` in `mcp/reviewComments.ts`. `getReviewData`
becomes thin orchestration: fetch + call formatter. preserves the
"skip listFiles when no threads" perf optimization.
2. add `action/mcp/__fixtures__/` with checked-in JSON captures for the
three fixture test cases (pullfrog/test-repo#1 listFiles,
pullfrog/scratch#49 review 3485940013, pullfrog/scratch#64 review
3531000326). ~14KB total. fixtures store only the fields the
formatter reads — volatile fields (sha, blob_url, etc.) are dropped.
3. rewrite both test files to load the fixtures and call the pure
formatters directly. snapshot keys updated; snapshot content
unchanged (verified by running existing snapshots against the
refactored tests).
4. add `action/scripts/refresh-test-fixtures.ts` to re-fetch the
fixtures from live GitHub on demand:
`node action/scripts/refresh-test-fixtures.ts` (with creds in
`.env` or env). re-run when the GitHub API response shape changes
and review the snapshot diff.
trade-off: a silent change to GitHub's `pulls.listFiles` /
`pulls.getReview` / GraphQL `reviewThreads` response shape would no
longer break this test on every push. that tradeoff is worth it: shape
drift on those endpoints is rare (years between changes), and a
dedicated cron that runs the refresh script and opens a PR on diff is
a far better signal than a flaky cred-gated pre-push hook.
Co-authored-by: Cursor <cursoragent@cursor.com>
the postinstall script referenced scripts/generate-proxies.ts which isn't
included in the published npm package, silently breaking every npx install.
replaced the proxy stub approach with turbopack resolveAlias and webpack
conditionNames so both bundlers resolve pullfrog imports to TypeScript
source directly — matching what tsc already does via customConditions.
also moves PR summary format from handleWebhook into modes.ts so the
summarize mode prompt includes it directly.
Made-with: Cursor
the inline `node -e` + `TOKEN=$(...)` approach broke because
`core.getIDToken()` in @actions/core writes `::debug::` and
`::add-mask::` to stdout, polluting the captured value.
`node cli.ts gha token` uses `core.setOutput()` which writes to
the $GITHUB_OUTPUT file instead of stdout.
Made-with: Cursor