codeGROOVE-dev
diff --git a/‎github.go‎
Lines changed: 217 additions & 25 deletions b/‎github.go‎
Lines changed: 217 additions & 25 deletions
diff --git a/‎loginitem_darwin.go‎
Lines changed: 33 additions & 16 deletions b/‎loginitem_darwin.go‎
Lines changed: 33 additions & 16 deletions
@@ -270,16 +270,218 @@ func (app *App) updatePRData(url string, needsReview bool, isOwner bool, actionR
 	return nil
 }
 
+// fetchPRsWithWait fetches PRs and waits for Turn data to complete.
+func (app *App) fetchPRsWithWait(ctx context.Context) (incoming []PR, outgoing []PR, err error) {
+	// Use targetUser if specified, otherwise use authenticated user
+	user := app.currentUser.GetLogin()
+	if app.targetUser != "" {
+		user = app.targetUser
+	}
+
+	// Single query to get all PRs involving the user
+	query := fmt.Sprintf("is:open is:pr involves:%s archived:false", user)
+
+	const perPage = 100
+	opts := &github.SearchOptions{
+		ListOptions: github.ListOptions{PerPage: perPage},
+		Sort:        "updated",
+		Order:       "desc",
+	}
+
+	log.Printf("Searching for PRs with query: %s", query)
+	searchStart := time.Now()
+
+	var result *github.IssuesSearchResult
+	var resp *github.Response
+	err = retry.Do(func() error {
+		// Create timeout context for GitHub API call
+		githubCtx, cancel := context.WithTimeout(ctx, 30*time.Second)
+		defer cancel()
+
+		var retryErr error
+		result, resp, retryErr = app.client.Search.Issues(githubCtx, query, opts)
+		if retryErr != nil {
+			// Enhanced error handling with specific cases
+			if resp != nil {
+				const (
+					httpStatusUnauthorized  = 401
+					httpStatusForbidden     = 403
+					httpStatusUnprocessable = 422
+				)
+				switch resp.StatusCode {
+				case httpStatusForbidden:
+					if resp.Header.Get("X-Ratelimit-Remaining") == "0" {
+						resetTime := resp.Header.Get("X-Ratelimit-Reset")
+						log.Printf("GitHub API rate limited, reset at: %s (will retry)", resetTime)
+						return retryErr // Retry on rate limit
+					}
+					log.Print("GitHub API access forbidden (check token permissions)")
+					return retry.Unrecoverable(fmt.Errorf("github API access forbidden: %w", retryErr))
+				case httpStatusUnauthorized:
+					log.Print("GitHub API authentication failed (check token)")
+					return retry.Unrecoverable(fmt.Errorf("github API authentication failed: %w", retryErr))
+				case httpStatusUnprocessable:
+					log.Printf("GitHub API query invalid: %s", query)
+					return retry.Unrecoverable(fmt.Errorf("github API query invalid: %w", retryErr))
+				default:
+					log.Printf("GitHub API error (status %d): %v (will retry)", resp.StatusCode, retryErr)
+				}
+			} else {
+				// Likely network error - retry these
+				log.Printf("GitHub API network error: %v (will retry)", retryErr)
+			}
+			return retryErr
+		}
+		return nil
+	},
+		retry.Attempts(maxRetries),
+		retry.DelayType(retry.BackOffDelay),
+		retry.MaxDelay(maxRetryDelay),
+		retry.OnRetry(func(n uint, err error) {
+			log.Printf("GitHub Search.Issues retry %d/%d: %v", n+1, maxRetries, err)
+		}),
+		retry.Context(ctx),
+	)
+	if err != nil {
+		return nil, nil, fmt.Errorf("search PRs after %d retries: %w", maxRetries, err)
+	}
+
+	log.Printf("GitHub search completed in %v, found %d PRs", time.Since(searchStart), len(result.Issues))
+
+	// Limit PRs for performance
+	if len(result.Issues) > maxPRsToProcess {
+		log.Printf("Limiting to %d PRs for performance (total: %d)", maxPRsToProcess, len(result.Issues))
+		result.Issues = result.Issues[:maxPRsToProcess]
+	}
+
+	// Process GitHub results
+	for _, issue := range result.Issues {
+		if !issue.IsPullRequest() {
+			continue
+		}
+		repo := strings.TrimPrefix(issue.GetRepositoryURL(), "https://api.github.com/repos/")
+
+		pr := PR{
+			Title:      issue.GetTitle(),
+			URL:        issue.GetHTMLURL(),
+			Repository: repo,
+			Number:     issue.GetNumber(),
+			UpdatedAt:  issue.GetUpdatedAt().Time,
+		}
+
+		// Categorize as incoming or outgoing
+		if issue.GetUser().GetLogin() == user {
+			outgoing = append(outgoing, pr)
+		} else {
+			incoming = append(incoming, pr)
+		}
+	}
+
+	log.Printf("[GITHUB] Found %d incoming, %d outgoing PRs from GitHub", len(incoming), len(outgoing))
+
+	// Now fetch Turn data synchronously
+	log.Println("[TURN] Fetching Turn API data synchronously before building menu...")
+	app.fetchTurnDataSync(ctx, result.Issues, user, &incoming, &outgoing)
+
+	return incoming, outgoing, nil
+}
+
+// fetchTurnDataSync fetches Turn API data synchronously and updates PRs directly.
+func (app *App) fetchTurnDataSync(ctx context.Context, issues []*github.Issue, user string, incoming *[]PR, outgoing *[]PR) {
+	turnStart := time.Now()
+	type prResult struct {
+		err      error
+		turnData *turn.CheckResponse
+		url      string
+		isOwner  bool
+	}
+
+	// Create a channel for results
+	results := make(chan prResult, len(issues))
+
+	// Use a WaitGroup to track goroutines
+	var wg sync.WaitGroup
+
+	// Process PRs in parallel
+	for _, issue := range issues {
+		if !issue.IsPullRequest() {
+			continue
+		}
+
+		wg.Add(1)
+		go func(issue *github.Issue) {
+			defer wg.Done()
+
+			url := issue.GetHTMLURL()
+			updatedAt := issue.GetUpdatedAt().Time
+
+			// Call turnData - it now has proper exponential backoff with jitter
+			turnData, err := app.turnData(ctx, url, updatedAt)
+
+			results <- prResult{
+				url:      issue.GetHTMLURL(),
+				turnData: turnData,
+				err:      err,
+				isOwner:  issue.GetUser().GetLogin() == user,
+			}
+		}(issue)
+	}
+
+	// Close the results channel when all goroutines are done
+	go func() {
+		wg.Wait()
+		close(results)
+	}()
+
+	// Collect results and update PRs directly
+	turnSuccesses := 0
+	turnFailures := 0
+
+	for result := range results {
+		if result.err == nil && result.turnData != nil && result.turnData.PRState.UnblockAction != nil {
+			turnSuccesses++
+
+			// Check if user needs to review and get action reason
+			needsReview := false
+			actionReason := ""
+			if action, exists := result.turnData.PRState.UnblockAction[user]; exists {
+				needsReview = true
+				actionReason = action.Reason
+				log.Printf("[TURN] UnblockAction for %s: Reason=%q, Kind=%q", result.url, action.Reason, action.Kind)
+			}
+
+			// Update the PR in the slices directly
+			if result.isOwner {
+				for i := range *outgoing {
+					if (*outgoing)[i].URL == result.url {
+						(*outgoing)[i].NeedsReview = needsReview
+						(*outgoing)[i].IsBlocked = needsReview
+						(*outgoing)[i].ActionReason = actionReason
+						break
+					}
+				}
+			} else {
+				for i := range *incoming {
+					if (*incoming)[i].URL == result.url {
+						(*incoming)[i].NeedsReview = needsReview
+						(*incoming)[i].ActionReason = actionReason
+						break
+					}
+				}
+			}
+		} else if result.err != nil {
+			turnFailures++
+		}
+	}
+
+	log.Printf("[TURN] Turn API queries completed in %v (%d/%d succeeded)",
+		time.Since(turnStart), turnSuccesses, turnSuccesses+turnFailures)
+}
+
 // fetchTurnDataAsync fetches Turn API data in the background and updates PRs as results arrive.
 func (app *App) fetchTurnDataAsync(ctx context.Context, issues []*github.Issue, user string) {
-	// Set loading state
-	app.mu.Lock()
-	app.turnDataLoading = true
-	app.mu.Unlock()
-
-	// Update section headers to show loading state
-	log.Print("[TURN] Starting Turn API queries, updating section headers to show loading state")
-	app.updateSectionHeaders()
+	// Log start of Turn API queries
+	log.Print("[TURN] Starting Turn API queries in background")
 
 	turnStart := time.Now()
 	type prResult struct {
@@ -359,13 +561,10 @@ func (app *App) fetchTurnDataAsync(ctx context.Context, issues []*github.Issue,
 				updatesApplied++
 				updateBatch++
 				log.Printf("[TURN] Turn data received for %s (needsReview=%v, actionReason=%q)", result.url, needsReview, actionReason)
-				// Update the specific menu item immediately
-				app.updatePRMenuItem(*pr)
 
-				// Periodically update section headers and tray title
+				// Periodically update tray title
 				if updateBatch >= batchSize || time.Since(lastUpdateTime) >= minUpdateInterval {
-					log.Printf("[TURN] Batch update threshold reached (%d updates), updating headers and title", updateBatch)
-					app.updateSectionHeaders()
+					log.Printf("[TURN] Batch update threshold reached (%d updates), updating title", updateBatch)
 					app.setTrayTitle()
 					updateBatch = 0
 					lastUpdateTime = time.Now()
@@ -376,19 +575,12 @@ func (app *App) fetchTurnDataAsync(ctx context.Context, issues []*github.Issue,
 		}
 	}
 
-	// Clear loading state
-	app.mu.Lock()
-	app.turnDataLoading = false
-	app.turnDataLoaded = true
-	app.mu.Unlock()
-
 	log.Printf("[TURN] Turn API queries completed in %v (%d/%d succeeded, %d PRs updated)",
 		time.Since(turnStart), turnSuccesses, turnSuccesses+turnFailures, updatesApplied)
 
-	// Update section headers with final counts
-	log.Print("[TURN] Updating section headers and tray title with final counts")
-	app.updateSectionHeaders()
-
-	// Update tray title
-	app.setTrayTitle()
+	// Rebuild menu with final Turn data if menu is already initialized
+	if app.menuInitialized {
+		log.Print("[TURN] Turn data loaded, rebuilding menu")
+		app.rebuildMenu(ctx)
+	}
 }
@@ -16,14 +16,22 @@ import (
 	"github.com/energye/systray"
 )
 
-// escapeAppleScriptString safely escapes a string for use in AppleScript.
-// This prevents injection attacks by escaping quotes and backslashes.
-func escapeAppleScriptString(s string) string {
-	// Escape backslashes first
-	s = strings.ReplaceAll(s, `\`, `\\`)
-	// Then escape quotes
-	s = strings.ReplaceAll(s, `"`, `\"`)
-	return s
+// validateAndEscapePathForAppleScript validates and escapes a path for safe use in AppleScript.
+// Returns empty string if path contains invalid characters.
+func validateAndEscapePathForAppleScript(path string) string {
+	// Validate path contains only safe characters
+	for _, r := range path {
+		if (r < 'a' || r > 'z') && (r < 'A' || r > 'Z') &&
+			(r < '0' || r > '9') && r != ' ' && r != '.' &&
+			r != '/' && r != '-' && r != '_' {
+			log.Printf("Path contains invalid character for AppleScript: %q in path %s", r, path)
+			return ""
+		}
+	}
+	// Escape backslashes first then quotes
+	path = strings.ReplaceAll(path, `\`, `\\`)
+	path = strings.ReplaceAll(path, `"`, `\"`)
+	return path
 }
 
 // isLoginItem checks if the app is set to start at login.
@@ -35,8 +43,12 @@ func isLoginItem(ctx context.Context) bool {
 	}
 
 	// Use osascript to check login items
-	escapedPath := escapeAppleScriptString(appPath)
-	// We use %s here because the string is already escaped by escapeAppleScriptString
+	escapedPath := validateAndEscapePathForAppleScript(appPath)
+	if escapedPath == "" {
+		log.Printf("Invalid app path for AppleScript: %s", appPath)
+		return false
+	}
+	// We use %s here because the string is already validated and escaped
 	//nolint:gocritic // already escaped
 	script := fmt.Sprintf(
 		`tell application "System Events" to get the name of every login item where path is "%s"`,
@@ -62,8 +74,11 @@ func setLoginItem(ctx context.Context, enable bool) error {
 
 	if enable {
 		// Add to login items
-		escapedPath := escapeAppleScriptString(appPath)
-		// We use %s here because the string is already escaped by escapeAppleScriptString
+		escapedPath := validateAndEscapePathForAppleScript(appPath)
+		if escapedPath == "" {
+			return fmt.Errorf("invalid app path for AppleScript: %s", appPath)
+		}
+		// We use %s here because the string is already validated and escaped
 		//nolint:gocritic // already escaped
 		script := fmt.Sprintf(
 			`tell application "System Events" to make login item at end with properties {path:"%s", hidden:false}`,
@@ -78,8 +93,11 @@ func setLoginItem(ctx context.Context, enable bool) error {
 		// Remove from login items
 		appName := filepath.Base(appPath)
 		appName = strings.TrimSuffix(appName, ".app")
-		escapedName := escapeAppleScriptString(appName)
-		// We use %s here because the string is already escaped by escapeAppleScriptString
+		escapedName := validateAndEscapePathForAppleScript(appName)
+		if escapedName == "" {
+			return fmt.Errorf("invalid app name for AppleScript: %s", appName)
+		}
+		// We use %s here because the string is already validated and escaped
 		script := fmt.Sprintf(`tell application "System Events" to delete login item "%s"`, escapedName) //nolint:gocritic // already escaped
 		log.Printf("Executing command: osascript -e %q", script)
 		cmd := exec.CommandContext(ctx, "osascript", "-e", script)
@@ -142,15 +160,14 @@ func getAppPath() (string, error) {
 }
 
 // addLoginItemUI adds the login item menu option (macOS only).
-func addLoginItemUI(ctx context.Context, app *App) {
+func addLoginItemUI(ctx context.Context, _ *App) {
 	// Only show login item menu if running from an app bundle
 	if !isRunningFromAppBundle() {
 		log.Println("Hiding 'Start at Login' menu item - not running from app bundle")
 		return
 	}
 
 	loginItem := systray.AddMenuItem("Start at Login", "Automatically start when you log in")
-	app.menuItems = append(app.menuItems, loginItem)
 
 	// Set initial state
 	if isLoginItem(ctx) {