Chore/octokit app upgrade

[afuhflynn]

Summary by CodeRabbit

• Refactor
  • Improved account handling in pull request processing to use authenticated session information, eliminating the need for explicit account parameter passing. The system now automatically resolves account context from user authentication data.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR refactors account resolution in generatePullRequestSummary by removing the accountId parameter from the function signature and instead deriving it internally from the authenticated session's linked GitHub account. The webhook handler call site is updated to match the new signature.

Changes

Cohort / File(s)

Summary

Webhook Handler & Account Resolution Refactor app/api/webhooks/github/route.ts, lib/ai/actions/index.ts

Removed accountId parameter from generatePullRequestSummary function signature. Added session-based account resolution to the function using auth and headers to retrieve and validate the API session, look up the GitHub-linked account for the user, ensure a valid GitHub access token exists, and derive accountId from account.accountId. Updated webhook handler to invoke the function without the accountId argument. Includes error handling for unauthorized access and missing tokens.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• PR #40: Modifies the same generatePullRequestSummary function and call site in the webhook handler; this PR removes the accountId argument to align with the function's new internal account resolution.
• PR #38: Follows the same refactor pattern of moving account/installation resolution into session-authenticated code paths by adding auth and headers imports and removing externally passed IDs.

Poem

🐰 A session so secure, a token well-found,
No more passing accounts when auth is around—
The function now knows who's calling its name,
With GitHub so linked, refactoring's the game!

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Title check	❓ Inconclusive	The title 'Chore/octokit app upgrade' is vague and does not clearly convey the main technical change: removing accountId parameter from generatePullRequestSummary and refactoring authentication logic.	Provide a more descriptive title that reflects the core change, such as 'Refactor generatePullRequestSummary to derive accountId from authenticated session' or 'Move accountId resolution from callers to generatePullRequestSummary function'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/octokit-app-upgrade

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e19ee2d and c7e0381.

📒 Files selected for processing (2)

• app/api/webhooks/github/route.ts
• lib/ai/actions/index.ts

💤 Files with no reviewable changes (1)

• app/api/webhooks/github/route.ts

🧰 Additional context used

🧬 Code graph analysis (1)

lib/ai/actions/index.ts (1)

lib/auth.ts (1)

• auth (6-24)

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Session-based auth breaks webhook-triggered calls.

According to the AI summary, this function is called from a webhook handler when a PR is opened. Webhook requests from GitHub are server-to-server calls that don't carry user session cookies. The auth.api.getSession() call will return null for all webhook-triggered invocations, causing every PR summary request to fail with "Unauthorized".

The previous design (passing accountId as a parameter) allowed the webhook handler to resolve the account from webhook payload data (e.g., installationId). Consider one of:

1. Restore the accountId parameter for webhook contexts and keep session auth only for user-initiated calls.
2. Resolve account from installationId within this function instead of relying on user session.
3. Create separate functions for webhook-triggered vs. user-triggered flows.

🔎 Example: Resolve account from installationId instead

 export async function generatePullRequestSummary(
   owner: string,
   repoName: string,
   prNumber: number,
   title: string,
   description: string,
   installationId: number,
   baseSha: string,
   headSha: string,
   changedFiles: number,
   additions: number,
-  deletions: number
+  deletions: number,
+  accountId?: string // Optional: passed by webhook handler
 ) {
   try {
-    const session = await auth.api.getSession({ headers: await headers() });
-
-    if (!session) throw new Error("Unauthorized");
-    const account = await prisma.account.findFirst({
-      where: {
-        userId: session.user.id,
-        providerId: "github",
-      },
-    });
-
-    if (!account?.accessToken) throw new Error("No GitHub access token found");
+    let resolvedAccountId = accountId;
+    
+    // If no accountId provided, try to resolve from session (user-initiated)
+    if (!resolvedAccountId) {
+      const session = await auth.api.getSession({ headers: await headers() });
+      if (!session) throw new Error("Unauthorized");
+      
+      const account = await prisma.account.findFirst({
+        where: {
+          userId: session.user.id,
+          providerId: "github",
+        },
+      });
+      if (!account?.accessToken) throw new Error("No GitHub access token found");
+      resolvedAccountId = account.accountId;
+    }

     await inngest.send({
       name: "pr.summary.requested",
       data: {
         owner,
         repo: repoName,
         prNumber,
         title: title ?? "",
         description: description ?? "",
-        accountId: account.accountId,
+        accountId: resolvedAccountId,
         installationId: installationId ?? null,

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In lib/ai/actions/index.ts around lines 155-165, session-based auth via
auth.api.getSession() breaks webhook-triggered calls (no cookies) and causes
"Unauthorized"; restore support for an explicit accountId parameter (or
installationId) so the caller can pass the account context for server-to-server
webhooks, and keep the session-based path as a fallback: first try to use a
provided accountId/installationId to look up the account (resolve installationId
-> account if needed), and only if none provided, use auth.api.getSession() to
derive the user and then fetch the account; ensure error messages reflect which
lookup failed.