codeGROOVE-dev
diff --git a/‎.claude/prompt-reviewers.txt‎
Lines changed: 19 additions & 0 deletions b/‎.claude/prompt-reviewers.txt‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎.claude/prompt.txt‎
Lines changed: 37 additions & 0 deletions b/‎.claude/prompt.txt‎
Lines changed: 37 additions & 0 deletions
diff --git a/‎Makefile‎
Lines changed: 45 additions & 0 deletions b/‎Makefile‎
Lines changed: 45 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 56 additions & 175 deletions b/‎README.md‎
Lines changed: 56 additions & 175 deletions
@@ -0,0 +1,19 @@
+ Logic for finding reviewer candidates should be as follows:
+  - We are lookin for two pairs of people: the primary - with the most author context in the changed lines, and the secondary - who is the most active reviewer other than the primary
+
+To find the primary reviewer, we need to come up with a list of candidates who know this code the best, and track how we decided to make them a candidate. This is the fallback/priority order of who should be considered a great primary:
+  * Examining the same Github blame history for the previously existing files, consider the top 5 PR's in the size of their overlap with the lines editing this file. The authors of these most recent PR's that overlap are the next priority for the primary reviewer, but only if the author_association shows they still have write access to the repository.
+  * The next best reviewer is the most recent author for a merged PR that impacted a file in this directory.
+  * The next best reviewer is the most recent author for a merged PR in this project.
+
+You'll need to look at the author_association for each author candidate to understand if they have write access and are thus a valid reviewer.
+
+To find the secondary reviewer,  we need to come up with a list of candidates who know actively review code, and track how we decided to make them a candidate. This is the fallback/priority order of who should be considered a great secondary:
+
+  * Examining the same Github blame history for the previously existing files, consider the top 5 PR's in the size of their overlap with the lines editing this file. The reviewer of these most recent PR's that overlap are the highest priority for the primary reviewer.
+  * The next best reviewer is the most recent reviewer for a merged PR that impacted a file in this directory.
+  * The next best reviewer is the most recent reviewer for a merged PR in this project.
+
+Every PR should have at least two reviewers. The author of the current PR cannot be a reviewer. The primary and secondary must be different people.
+
+When proposing a reviewer for a PR, be sure to log which of these selection mechanisms the reviewer was selected by.
@@ -0,0 +1,37 @@
+Create a brand new Go program that finds reviewers for GitHub pull requests.
+
+- Go code should be written with best practires in a way that emulates what the Go project itself uses; prioritizing advice mentioned on go.dev, including https://go.dev/wiki/CodeReviewComments and https://go.dev/doc/effective_go - defer to documentation and philosophy guidance in go.dev above all other reference material.
+
+- Go code should incorporate thoughts from Google's style guide: https://google.github.io/styleguide/go/
+
+- Code should be written with tests and unit testing in mind
+
+- Code should use the token stored by the gh command line utility, probably by using `gh auth token`
+- Code should have as few external dependencies as possible
+- Logic for finding reviewer candidates should be as follows:
+  - We are lookin for two pairs of people: the one with the most context in the changed lines, and the one who most recently approved a PR to this file who is more likely to be active.
+  - To find the reviewers with the most context on the changed lines:
+    - For the top 3 files with the largest number of changes within this PR:
+        - Use the GitHub API v4 to fetch blame data for those files
+        - For the lines being changed in each of thone files, look for the top 3 PR's that last changed the lines this PR alters
+        - Look at who approved those PR's
+        - Rank these approvers in terms of how many lines of this new PR they previously reviewed
+  - To find the most active reviewers for these files, look at most recent PR for the top 3 files with the largest number of changes this within this PR. This will be the same fileset as the context list
+    - Rank these in order of how big the PR is that they reviewed
+- If the reviewer with the most context is already a reviewer on this PR, and it's been more than 2 days, add the reviewer with the second most context.
+- If the most active reviewer for these files is already a reviewer on this PR, and it's been more than 2 days, add the reviewer who is the second most active.
+
+- Some example flags this program should support:
+
+		// Target flags (mutually exclusive)
+		prURL   = flag.String("pr", "", "Pull request URL (e.g., https://github.com/owner/repo/pull/123 or owner/repo#123)")
+		project = flag.String("project", "", "GitHub project to monitor (e.g., owner/repo)")
+		org     = flag.String("org", "", "GitHub organization to monitor")
+
+		// Behavior flags
+		poll        = flag.Duration("poll", 0, "Polling interval (e.g., 1h, 30m). If not set, runs once")
+		dryRun      = flag.Bool("dry-run", false, "Run in dry-run mode (no actual approvals)")
+		minOpenTime = flag.Duration("min-age", 1*time.Hour, "Minimum time PR since last commit or review for PR assignment")
+		maxOpenTime = flag.Duration("max-age", 180*24*time.Hour, "Maximum time PR since last commit or review for PR assignment")
+
+- Code should have great logging to better understand the decisions it's making.
@@ -0,0 +1,45 @@
+# BEGIN: lint-install .
+# http://github.com/codeGROOVE-dev/lint-install
+
+.PHONY: lint
+lint: _lint
+
+LINT_ARCH := $(shell uname -m)
+LINT_OS := $(shell uname)
+LINT_OS_LOWER := $(shell echo $(LINT_OS) | tr '[:upper:]' '[:lower:]')
+LINT_ROOT := $(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
+
+# shellcheck and hadolint lack arm64 native binaries: rely on x86-64 emulation
+ifeq ($(LINT_OS),Darwin)
+	ifeq ($(LINT_ARCH),arm64)
+		LINT_ARCH=x86_64
+	endif
+endif
+
+LINTERS :=
+FIXERS :=
+
+GOLANGCI_LINT_CONFIG := $(LINT_ROOT)/.golangci.yml
+GOLANGCI_LINT_VERSION ?= v2.3.1
+GOLANGCI_LINT_BIN := $(LINT_ROOT)/out/linters/golangci-lint-$(GOLANGCI_LINT_VERSION)-$(LINT_ARCH)
+$(GOLANGCI_LINT_BIN):
+	mkdir -p $(LINT_ROOT)/out/linters
+	rm -rf $(LINT_ROOT)/out/linters/golangci-lint-*
+	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(LINT_ROOT)/out/linters $(GOLANGCI_LINT_VERSION)
+	mv $(LINT_ROOT)/out/linters/golangci-lint $@
+
+LINTERS += golangci-lint-lint
+golangci-lint-lint: $(GOLANGCI_LINT_BIN)
+	find . -name go.mod -execdir "$(GOLANGCI_LINT_BIN)" run -c "$(GOLANGCI_LINT_CONFIG)" \;
+
+FIXERS += golangci-lint-fix
+golangci-lint-fix: $(GOLANGCI_LINT_BIN)
+	find . -name go.mod -execdir "$(GOLANGCI_LINT_BIN)" run -c "$(GOLANGCI_LINT_CONFIG)" --fix \;
+
+.PHONY: _lint $(LINTERS)
+_lint: $(LINTERS)
+
+.PHONY: fix $(FIXERS)
+fix: $(FIXERS)
+
+# END: lint-install .
@@ -5,7 +5,7 @@ A Go program that intelligently finds and assigns reviewers for GitHub pull requ
 ## Features
 
 - **Smart reviewer selection**: Context-based matching using code blame analysis and activity patterns
-- **Workload balancing**: Filters out overloaded reviewers (>9 non-stale open PRs) 
+- **Workload balancing**: Filters out overloaded reviewers (>9 non-stale open PRs)
 - **Stale PR filtering**: Only counts PRs updated within 90 days for accurate workload assessment
 - **Resilient API handling**: 25 retry attempts with exponential backoff (5s-20min) and intelligent caching
 - **Bot detection**: Comprehensive filtering of bots, service accounts, and organizations
@@ -25,7 +25,9 @@ go build -o better-reviewers
 
 - Go 1.21 or later
 - **For personal use**: GitHub CLI (`gh`) installed and authenticated
-- **For GitHub App mode**: `GITHUB_APP_TOKEN` environment variable with valid app token
+- **For GitHub App mode**: 
+  - GitHub App ID (found in your app settings)
+  - GitHub App private key file (.pem file downloaded when creating the app)
 - GitHub token with appropriate permissions (repo access)
 
 ## Usage
@@ -54,8 +56,13 @@ go build -o better-reviewers
 Monitor all organizations where your GitHub App is installed:
 
 ```bash
-export GITHUB_APP_TOKEN="your_app_token_here"
-./better-reviewers -app
+# Using command-line flags
+./better-reviewers --app-id "123456" --app-key "/path/to/private-key.pem"
+
+# Using environment variables
+export GITHUB_APP_ID="123456"
+export GITHUB_APP_KEY="/path/to/private-key.pem"
+./better-reviewers --app-id "" --app-key ""  # Flags can be empty to use env vars
 ```
 
 ### Polling Mode
@@ -70,191 +77,65 @@ export GITHUB_APP_TOKEN="your_app_token_here"
 ./better-reviewers -pr "owner/repo#123" -dry-run
 ```
 
-### Advanced Configuration
-
-```bash
-# Custom workload limits and caching
-./better-reviewers -org "myorg" -max-prs 5 -pr-count-cache 12h
-
-# Tight time constraints with extended polling
-./better-reviewers -project "owner/repo" -poll 30m -min-age 30m -max-age 7d
-
-# GitHub App monitoring with polling
-export GITHUB_APP_TOKEN="your_app_token_here"
-./better-reviewers -app -poll 2h -dry-run
-```
+## Configuration Options
 
-## Command Line Options
+### Command-Line Flags
 
-### Target Flags (Mutually Exclusive)
-
-- `-pr`: Pull request URL or shorthand (e.g., `https://github.com/owner/repo/pull/123` or `owner/repo#123`)
-- `-project`: GitHub project to monitor (e.g., `owner/repo`)
+- `-pr`: Pull request URL or reference
+- `-project`: GitHub project to monitor
 - `-org`: GitHub organization to monitor
-- `-app`: Monitor all organizations where this GitHub app is installed
-
-### Behavior Flags
-
-- `-poll`: Polling interval (e.g., `1h`, `30m`). If not set, runs once
-- `-dry-run`: Run in dry-run mode (no actual reviewer assignments)
-- `-min-age`: Minimum time since last commit or review for PR assignment (default: 1h)
-- `-max-age`: Maximum time since last commit or review for PR assignment (default: 180 days)
-- `-max-prs`: Maximum non-stale open PRs a candidate can have before being filtered out (default: 9)
-- `-pr-count-cache`: Cache duration for PR count queries to optimize performance (default: 6h)
+- `--app-id`: GitHub App ID for authentication
+- `--app-key`: Path to GitHub App private key file
+- `-poll`: Polling interval (e.g., 1h, 30m)
+- `-dry-run`: Run without making changes
+- `-min-age`: Minimum time since last activity (default: 1h)
+- `-max-age`: Maximum time since last activity (default: 180d)
+- `-max-prs`: Maximum open PRs per reviewer (default: 9)
+- `-pr-count-cache`: Cache duration for PR counts (default: 6h)
+
+### Environment Variables
+
+For GitHub App authentication:
+- `GITHUB_APP_ID`: Your GitHub App's ID
+- `GITHUB_APP_KEY`: Path to your app's private key file
+- `GITHUB_APP_PRIVATE_KEY_PATH`: (Legacy) Alternative to GITHUB_APP_KEY
+
+## GitHub App Setup
+
+1. Create a GitHub App in your organization settings
+2. Required permissions:
+   - Repository: Read & Write (for PR assignments)
+   - Pull requests: Read & Write
+   - Organization members: Read
+3. Download the private key when prompted
+4. Note your App ID from the app settings page
+5. Install the app on your organization(s)
 
 ## How It Works
 
-### Reviewer Selection Algorithm
-
-The program finds exactly two reviewers for each PR: a **primary reviewer** (with author context) and a **secondary reviewer** (who actively reviews code).
-
-#### Primary Reviewer (Author Context)
-
-The primary reviewer is selected based on who knows the code best, in this priority order:
-
-1. **Blame-based Authors**:
-   - Examines GitHub blame history for changed files
-   - Considers the top 5 PRs by overlap with edited lines
-   - Selects authors of these PRs who still have write access
-   - Verifies write access via author_association
-
-2. **Directory Author** (fallback):
-   - Most recent author of a merged PR in the same directory
-
-3. **Project Author** (fallback):
-   - Most recent author of a merged PR in the project
-
-#### Secondary Reviewer (Active Reviewer)
-
-The secondary reviewer is selected based on review activity, in this priority order:
-
-1. **Blame-based Reviewers**:
-   - Examines the same GitHub blame history
-   - Considers the top 5 PRs by overlap with edited lines
-   - Selects reviewers/approvers of these PRs
-
-2. **Directory Reviewer** (fallback):
-   - Most recent reviewer of a merged PR in the same directory
-
-3. **Project Reviewer** (fallback):
-   - Most recent reviewer of a merged PR in the project
-
-### Assignment Rules
+1. **Analysis**: Examines PR changes, file history, and contributor patterns
+2. **Scoring**: Rates candidates based on:
+   - Code overlap with changed files
+   - Recent activity and expertise
+   - Current workload (open PRs)
+3. **Selection**: Chooses optimal reviewers avoiding overloaded contributors
+4. **Assignment**: Adds reviewers to PRs (unless in dry-run mode)
 
-- Always attempts to assign exactly 2 reviewers: primary and secondary
-- The PR author cannot be a reviewer
-- Primary and secondary must be different people
-- Each reviewer selection logs the mechanism used (e.g., "primary-blame-author", "secondary-directory-reviewer")
-- **Draft PRs**: Skips reviewer assignment for draft PRs but logs who would have been assigned
+## Security Notes
 
-### Error Handling
-
-- If after exhausting all fallback mechanisms, the only candidate found is the PR author, the program will error with a clear message
-- This ensures that the PR author is never assigned as their own reviewer
-- The error message will indicate that all candidates have been exhausted
-
-### GitHub API Usage
-
-The program uses:
-- **GitHub REST API v3** for PR data, file changes, and reviews
-- **GitHub GraphQL API v4** for blame data and efficient directory/project searches  
-- **GitHub Search API** for PR count queries with workload balancing
-- **Intelligent caching**: 6-hour cache for PR counts, 20-day cache for PR data, failure caching
-- **Robust retry logic**: 25 attempts with exponential backoff (5s initial, 20min max delay)
-- **Timeout management**: 30-second timeouts for search queries, 120-second for other calls
-- **Graceful degradation**: Continues operation when non-critical APIs fail
-- **Flexible authentication**: `gh auth token` for personal use or `GITHUB_APP_TOKEN` for app installations
-
-## Architecture
-
-The codebase is organized into several key files:
-
-- `main.go`: Command-line interface and main program logic
-- `github.go`: GitHub API client implementation
-- `reviewer.go`: Core reviewer finding and assignment logic
-- `analysis.go`: Blame data analysis and PR relationship detection
-- `main_test.go`: Unit tests for core functionality
+- Private keys should have restricted permissions (not world-readable)
+- JWT tokens are automatically refreshed before expiry
+- All API responses are sanitized in logs
+- Token validation ensures only valid GitHub tokens are accepted
 
 ## Testing
 
-Run the test suite:
+Run in dry-run mode to preview reviewer assignments:
 
 ```bash
-go test -v
+./better-reviewers --dry-run --pr https://github.com/owner/repo/pull/123
 ```
 
-## Example Output
-
-### Workload Balancing in Action
-```
-2024/01/15 10:30:45 Processing PR owner/repo#123: Add new feature
-2024/01/15 10:30:45 [CACHE] User type cache hit for alice: User
-2024/01/15 10:30:45     📊 User alice has 3 non-stale open PRs in org myorg (2 assigned, 1 for review)
-2024/01/15 10:30:45 [CACHE] User type cache hit for bob: User  
-2024/01/15 10:30:45     📊 User bob has 12 non-stale open PRs in org myorg (8 assigned, 4 for review)
-2024/01/15 10:30:45     Filtered (too many open PRs 12 > 9 in org myorg): bob
-2024/01/15 10:30:45 [CACHE] User type cache hit for charlie: User
-2024/01/15 10:30:45     📊 User charlie has 5 non-stale open PRs in org myorg (3 assigned, 2 for review)
-2024/01/15 10:30:45 Found 2 reviewer candidates for PR 123
-2024/01/15 10:30:45 Adding reviewers [alice charlie] to PR owner/repo#123
-2024/01/15 10:30:46 Successfully added reviewers [alice charlie] to PR 123
-```
-
-### Fallback Mechanism in Action
-```
-2024/01/15 10:31:00 Processing PR owner/repo#124: Fix minor bug
-2024/01/15 10:31:00 Analyzing 3 changed files for PR 124
-2024/01/15 10:31:01 === Finding PRIMARY reviewer (author context) ===
-2024/01/15 10:31:01 Checking blame-based authors for primary reviewer
-2024/01/15 10:31:01 No blame-based authors found, checking directory authors
-2024/01/15 10:31:02 PRIMARY reviewer selected: charlie (method: primary-directory-author)
-2024/01/15 10:31:02 === Finding SECONDARY reviewer (active reviewer) ===
-2024/01/15 10:31:02 Checking blame-based reviewers for secondary reviewer
-2024/01/15 10:31:02 No blame-based reviewers found, checking directory reviewers
-2024/01/15 10:31:03 No directory reviewers found, checking project reviewers
-2024/01/15 10:31:03 SECONDARY reviewer selected: dave (method: secondary-project-reviewer)
-2024/01/15 10:31:03 Found 2 reviewer candidates for PR 124
-2024/01/15 10:31:03 Adding reviewers [charlie dave] to PR owner/repo#124
-2024/01/15 10:31:03 Successfully added reviewers [charlie dave] to PR 124
-```
-
-### Error Case: Only PR Author Found
-```
-2024/01/15 10:32:00 Processing PR owner/repo#125: Initial commit
-2024/01/15 10:32:00 Top changed files for PR 125: [main.go, go.mod, README.md]
-2024/01/15 10:32:01 Finding context reviewers using blame data for 3 files
-2024/01/15 10:32:01 Finding activity reviewers for 3 files
-2024/01/15 10:32:01 Found only 0 candidates, trying fallback to line authors
-2024/01/15 10:32:01 Finding line authors with write access for fallback
-2024/01/15 10:32:01 Line author fallback candidate: john-doe (lines: 50, association: OWNER, method: fallback-line-author)
-2024/01/15 10:32:02 Found only 1 candidates, trying fallback to recent file authors
-2024/01/15 10:32:02 Found only 1 candidates, trying directory-based fallbacks
-2024/01/15 10:32:02 Found only 1 candidates, trying project-wide fallbacks
-2024/01/15 10:32:03 Project author fallback candidate: john-doe (method: fallback-project-author)
-2024/01/15 10:32:03 Failed to find reviewer candidates: exhausted all reviewer candidates: the only candidate found was the PR author (john-doe)
-```
-
-### Draft PR Handling
-```
-2024/01/15 10:33:00 Processing PR owner/repo#126 [DRAFT]: WIP: New feature
-2024/01/15 10:33:00 Top changed files for PR 126: [feature.go, feature_test.go]
-2024/01/15 10:33:01 Finding context reviewers using blame data for 2 files
-2024/01/15 10:33:01 Context reviewer candidate: alice (score: 20, method: context-blame-approver)
-2024/01/15 10:33:01 Activity reviewer candidate: bob (PR size: 120, method: activity-recent-approver)
-2024/01/15 10:33:01 Found 2 reviewer candidates for PR 126
-2024/01/15 10:33:01 Selected reviewer: alice (method: context-blame-approver, context score: 20, activity score: 0)
-2024/01/15 10:33:01 Selected reviewer: bob (method: activity-recent-approver, context score: 0, activity score: 120)
-2024/01/15 10:33:01 PR 126 is a draft - skipping reviewer assignment
-2024/01/15 10:33:01 Would have assigned reviewers [alice bob] to PR 126 if it wasn't a draft
-```
-
-## Contributing
-
-1. Follow Go best practices and code review guidelines from go.dev
-2. Add tests for new functionality
-3. Ensure comprehensive logging for debugging
-4. Use minimal external dependencies
-
 ## License
 
-This project is provided as-is for educational and productivity purposes.
+[License details here]