Implement automated tip payments via GitHub Sponsors API

[Copilot]

Updates /tip command to automatically process payments through GitHub Sponsors API instead of generating manual payment links, following the pattern established in OWASP-BLT/BLT#4633.

Changes

Core Implementation

• Replace manual sponsor link generation with GitHub GraphQL API integration
• Query recipient's sponsorable ID and tier list via GraphQL
• Create sponsorship matching exact tip amount, then immediately cancel to achieve one-time payment effect
• Add exponential backoff retry logic (3 attempts) for cancellation failures
• Post critical alerts if cancellation fails to prevent unintended recurring charges

Error Handling

• Validate GitHub Sponsors availability and exact tier match before payment
• Handle GraphQL errors with clear user-facing messages
• Alert on cancellation failures with actionable remediation steps

Testing

• Add 4 test cases covering success path, missing sponsors, no matching tier, and cancellation failures
• All 21 tests passing

Documentation

• Update README with automated payment flow details
• Document GitHub token permission requirements for GraphQL API access

Example Flow

// User comments: /tip @contributor $10

// 1. Query for tiers
const userResponse = await axios.post('https://api.github.com/graphql', {
  query: `query($login: String!) { user(login: $login) { ... sponsorsListing { tiers { nodes { id monthlyPriceInCents } } } } }`
});

// 2. Find exact matching tier (1000 cents = $10)
const matchingTier = tiers.find(t => t.monthlyPriceInCents === 1000);

// 3. Create + immediately cancel for one-time effect
await createSponsorship({ sponsorableId, tierId });
await cancelSponsorship({ sponsorshipId });  // with retries

Note: Requires GitHub token with sponsorship management permissions. Gracefully handles permission errors with clear user feedback.

Original prompt

update /tip to auto send the money using slonsors similar to this OWASP-BLT/BLT#4633

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}