chore: release v2.0.0

[MatteoGabriele]

Summary by CodeRabbit

• Configuration Changes

  • Replaced two comment-related inputs with a single report input accepting "true", "false", or a JSON array of classifications (organic, mixed, automation, community-flag).
  • Some previously required inputs are now optional, altering runtime defaults.

• Behavior Changes

  • Commenting/reporting is now governed solely by the report setting, including selective reporting for community-flagged accounts.

• Labels

  • Updated label text for automation classifications.

• Tests

  • Updated tests to cover new report behaviors and defaults.

[coderabbitai]

📝 Walkthrough

Walkthrough

Replaces two boolean comment-related inputs with a single report input (boolean or JSON array of classifications). Updates action input schema and runtime parsing/decision logic to determine comment creation, adjusts the automation label, and makes skip-members and cache-path optional.

Changes

Cohort / File(s)	Summary
Action metadata action.yml	Removed agent-scan-comment and skip-comment-on-organic; added report input ("true"/"false" or JSON array of classifications: organic, mixed, automation, community-flag); default set to "true"; skip-members and cache-path made optional.
Core logic src/index.ts	Added ReportStatus/Report types and parsing for report input (boolean or JSON list) with parse-failure warnings; replaced prior organic-skip early return with a unified shouldCreateComment decision based on report, analysis.classification, and community flags; changed label agentscan:automated-account → agentscan:automation-signals; adjusted skip-members/cache-path input handling and cacheDir defaulting.
Tests src/index.test.ts	Updated default inputs to report: "true"; changed expected automation label to agentscan:automation-signals; added Report Configuration tests covering report: "false", report: "true", JSON list filtering (e.g., ["automation"]), and community-flag behavior (mocking repos.getContent and issues.createComment).

Sequence Diagram(s)

sequenceDiagram
    actor Runner
    participant Action as "Action (inputs)"
    participant Parser as "Report Parser"
    participant Classifier as "PR Classifier"
    participant Decision as "Comment Decision"
    participant GitHub as "GitHub API"

    Runner->>Action: provide inputs (`report`, others)
    Action->>Parser: parse `report` (true/false or JSON array)
    Action->>Classifier: obtain PR analysis/classification
    Parser->>Decision: supply allowed classifications
    Classifier->>Decision: supply PR classification & community flag
    Decision->>GitHub: create comment if allowed (issues.createComment)
    Decision->>Action: skip comment if not allowed
    Note over Parser,Decision: log parse warnings when JSON invalid

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🐰 I swapped two flags for one bright star,
A tiny report to guide where comments are.
I read the list, I check each claim,
I hop, I parse, then write my name. 🥕

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title 'chore: release v2.0.0' does not accurately reflect the substantial breaking changes to the public input interface described in the changeset.	Update the title to reflect the major version bump reason (e.g., 'chore: release v2.0.0 - refactor report input configuration') or use a more descriptive commit message detailing the breaking API changes to the action inputs.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch v2

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/index.ts`:
- Around line 182-184: The early return when report === "false" causes label
application to be skipped; change the logic so that report only gates comment
creation (skip creating/posting comments) but does not exit the flow before the
label-handling block (the code that applies labels), i.e., remove the return
used after core.info("[report] skipping all type of comments") and refactor so
comment-related branches (where comments are constructed/sent) are conditional
on report !== "false" while leaving the label application code (the
label-handling function/block) to always run.
- Around line 207-218: The code assumes JSON.parse(report) yields an array and
then calls reportStatusList.includes(...), which can throw or behave incorrectly
for non-array values; update the parsing block where reportStatusList is set to
(1) parse the JSON (JSON.parse(report as string)), (2) verify
Array.isArray(parsed) and if not log a core.warning and leave reportStatusList
as the default, (3) if it is an array, filter its items to only allowed status
strings (use a small whitelist constant like SUPPORTED_REPORT_STATUSES) and
assign that filtered array to reportStatusList so downstream checks against
reportStatusList.includes(analysis.classification) and the
"community-flag"/hasCommunityFlag logic are safe.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: cd5c856e-9aa7-44f6-b931-aa50fe9a85c2

📥 Commits

Reviewing files that changed from the base of the PR and between 6b02b79 and b8d3a47.

📒 Files selected for processing (2)

• action.yml
• src/index.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Validate the parsed report payload before using it.

Line 209 assumes JSON.parse() returns an array, but a valid JSON string/object/number will either change .includes() semantics or throw at runtime. Reject non-arrays and keep only the supported statuses before assigning reportStatusList.

🛡️ Suggested guard

-    if (report !== "" && report !== "true") {
+    if (report !== "" && report !== "true" && report !== "false") {
       try {
-        reportStatusList = JSON.parse(report as string);
+        const parsed = JSON.parse(report as string);
+        const allowedStatuses = new Set<ReportStatus>([
+          "organic",
+          "mixed",
+          "automation",
+          "community-flag",
+        ]);
+
+        if (!Array.isArray(parsed)) {
+          core.warning(
+            "The report option must be a JSON array of valid statuses",
+          );
+        } else {
+          reportStatusList = parsed.filter(
+            (value): value is ReportStatus =>
+              typeof value === "string" &&
+              allowedStatuses.has(value as ReportStatus),
+          );
+        }
       } catch (error) {
         core.warning(`Failed to parse the report options: ${String(error)}`);
       }
     }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if (report !== "" && report !== "true") {
	try {
	reportStatusList = JSON.parse(report as string);
	} catch (error) {
	core.warning(`Failed to parse the report options: ${String(error)}`);
	}
	}
	const shouldCreateComment =
	report === "true" ||
	reportStatusList.includes(analysis.classification) ||
	(reportStatusList.includes("community-flag") && hasCommunityFlag);
	if (report !== "" && report !== "true" && report !== "false") {
	try {
	const parsed = JSON.parse(report as string);
	const allowedStatuses = new Set<ReportStatus>([
	"organic",
	"mixed",
	"automation",
	"community-flag",
	]);
	if (!Array.isArray(parsed)) {
	core.warning(
	"The report option must be a JSON array of valid statuses",
	);
	} else {
	reportStatusList = parsed.filter(
	(value): value is ReportStatus =>
	typeof value === "string" &&
	allowedStatuses.has(value as ReportStatus),
	);
	}
	} catch (error) {
	core.warning(`Failed to parse the report options: ${String(error)}`);
	}
	}
	const shouldCreateComment =
	report === "true" ||
	reportStatusList.includes(analysis.classification) ||
	(reportStatusList.includes("community-flag") && hasCommunityFlag);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/index.ts` around lines 207 - 218, The code assumes JSON.parse(report)
yields an array and then calls reportStatusList.includes(...), which can throw
or behave incorrectly for non-array values; update the parsing block where
reportStatusList is set to (1) parse the JSON (JSON.parse(report as string)),
(2) verify Array.isArray(parsed) and if not log a core.warning and leave
reportStatusList as the default, (3) if it is an array, filter its items to only
allowed status strings (use a small whitelist constant like
SUPPORTED_REPORT_STATUSES) and assign that filtered array to reportStatusList so
downstream checks against reportStatusList.includes(analysis.classification) and
the "community-flag"/hasCommunityFlag logic are safe.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/index.ts (1)

261-261: ⚠️ Potential issue | 🟡 Minor

Log message is misleading when comments are skipped.

This line logs "Comment posted" regardless of whether a comment was actually created. When shouldCreateComment is false, the message is inaccurate.

📝 Suggested fix

+      if (shouldCreateComment) {
+        core.info(`Comment posted on PR #${prNumber}`);
+      }
+
+      if (labelsToAdd.length > 0) {
+        core.info(`Labels added to PR #${prNumber}`);
+      }
-      core.info(`Comment posted on PR #${prNumber}`);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/index.ts` at line 261, The log "Comment posted on PR #${prNumber}" is
always emitted but should only be logged when a comment is actually created;
update the code that uses shouldCreateComment so core.info is called only in the
branch where the comment creation/update occurs (reference shouldCreateComment
and prNumber), or change the message to reflect that commenting was skipped when
shouldCreateComment is false; ensure core.info reflects the true outcome of the
create/update comment operation.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@src/index.ts`:
- Line 261: The log "Comment posted on PR #${prNumber}" is always emitted but
should only be logged when a comment is actually created; update the code that
uses shouldCreateComment so core.info is called only in the branch where the
comment creation/update occurs (reference shouldCreateComment and prNumber), or
change the message to reflect that commenting was skipped when
shouldCreateComment is false; ensure core.info reflects the true outcome of the
create/update comment operation.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e2d60fa1-6139-40a6-ad6b-1a0f62aaaf85

📥 Commits

Reviewing files that changed from the base of the PR and between b8d3a47 and 0632e15.

📒 Files selected for processing (1)

• src/index.ts

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/index.test.ts`:
- Around line 436-453: The mocks for repos.getContent in the tests "should
comment on verified-flagged accounts when specified" and "should comment on
community-flagged accounts when specified" return a Buffer but production code
expects a base64-encoded string (decoded with Buffer.from(content, "base64"));
update those mocks in src/index.test.ts so repos.getContent().data.content is a
base64 string (e.g., convert the JSON Buffer payload using .toString("base64"))
instead of returning a Buffer, ensuring the test exercises the same decode path
as the real Octokit getContent.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1796c68d-55ea-47da-a25d-e11477276466

📥 Commits

Reviewing files that changed from the base of the PR and between 0632e15 and 315bae1.

📒 Files selected for processing (1)

• src/index.test.ts

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

src/index.ts (1)

200-215: ⚠️ Potential issue | 🟠 Major

Validate report before treating it as ReportStatus[].

JSON.parse() can return any JSON value here. If the input is "automation", .includes() becomes substring matching; if it is {} or 1, the action throws before the label block runs. Guard with Array.isArray(...) and keep only supported statuses before assigning reportStatusList.

💡 Minimal hardening

+    const SUPPORTED_REPORT_STATUSES = new Set<ReportStatus>([
+      "organic",
+      "mixed",
+      "automation",
+      "community-flag",
+    ]);
+
     let reportStatusList: ReportStatus[] = [];
 
     if (report === "false") {
       core.info("[report] skipping all type of comments");
     } else if (report !== "" && report !== "true") {
       try {
-        reportStatusList = JSON.parse(report as string);
+        const parsed = JSON.parse(report as string);
+
+        if (!Array.isArray(parsed)) {
+          core.warning(
+            "The report option must be a JSON array of supported statuses",
+          );
+        } else {
+          reportStatusList = parsed.filter(
+            (value): value is ReportStatus =>
+              typeof value === "string" &&
+              SUPPORTED_REPORT_STATUSES.has(value as ReportStatus),
+          );
+        }
       } catch (error) {
         core.warning(`Failed to parse the report options: ${String(error)}`);
       }
     }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/index.ts` around lines 200 - 215, The current parsing of report into
reportStatusList is unsafe because JSON.parse(report) can yield non-array
values; update the logic around report, JSON.parse, and reportStatusList so you
only accept an array: after parsing, verify Array.isArray(parsed) and then
filter its elements to only allowed ReportStatus strings (e.g., the enum/string
set used for analysis.classification and "community-flag") before assigning to
reportStatusList; ensure shouldCreateComment still uses report === "true" or the
filtered reportStatusList.includes(analysis.classification) or
(reportStatusList.includes("community-flag") && hasCommunityFlag).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/index.ts`:
- Around line 36-42: The public contract changed: the code now only honors the
report input (variable report in src/index.ts) but README still documents
skip-comment-on-organic and agent-scan-comment and action.yml describes report:
"false" incorrectly; update README.md (around lines referencing
skip-comment-on-organic and agent-scan-comment) to remove or mark those options
as removed/ignored and add a migration note describing that only report is
supported and how to map previous flags to report values, and update action.yml
input description for report to accurately state its allowed values and default
behavior (replace the “never report” wording) so docs and action metadata match
the implemented symbol report.

---

Duplicate comments:
In `@src/index.ts`:
- Around line 200-215: The current parsing of report into reportStatusList is
unsafe because JSON.parse(report) can yield non-array values; update the logic
around report, JSON.parse, and reportStatusList so you only accept an array:
after parsing, verify Array.isArray(parsed) and then filter its elements to only
allowed ReportStatus strings (e.g., the enum/string set used for
analysis.classification and "community-flag") before assigning to
reportStatusList; ensure shouldCreateComment still uses report === "true" or the
filtered reportStatusList.includes(analysis.classification) or
(reportStatusList.includes("community-flag") && hasCommunityFlag).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 681e191f-d8f1-4801-8b25-89c035810c79

📥 Commits

Reviewing files that changed from the base of the PR and between 315bae1 and a70f704.

📒 Files selected for processing (1)

• src/index.ts

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Update the public contract for report before cutting v2.

src/index.ts now only honors report, but README.md:89-110 still shows skip-comment-on-organic and agent-scan-comment, and action.yml:12-19 currently describes report: "false" as “never report” even though labels still apply. Please ship the README/migration update in this PR so v2 users do not configure the action incorrectly.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/index.ts` around lines 36 - 42, The public contract changed: the code now
only honors the report input (variable report in src/index.ts) but README still
documents skip-comment-on-organic and agent-scan-comment and action.yml
describes report: "false" incorrectly; update README.md (around lines
referencing skip-comment-on-organic and agent-scan-comment) to remove or mark
those options as removed/ignored and add a migration note describing that only
report is supported and how to map previous flags to report values, and update
action.yml input description for report to accurately state its allowed values
and default behavior (replace the “never report” wording) so docs and action
metadata match the implemented symbol report.