v0.5.0: Major Bot Detection Improvements 🎉

🎉 Major Features

PR Review Detection

• Now detects CodeRabbit and other bots that post as PR reviews (not just comments)
• Added getReviews() method to fetch GitHub PR reviews
• Processes both inline comments AND PR reviews
• Parses CodeRabbit's structured format ("Actionable comments posted: N")

Smart Watch Mode

New pr-vibe watch <pr> command for seamless workflow:

• Intelligent polling: 5s intervals for first 30s, then 15s, then 30s
• Live progress updates showing elapsed time
• Auto-processes when bots arrive
• Perfect for use right after creating a PR

Bot-Specific Detection

New bot-detector.js with confidence-based detection:

• Detects CodeRabbit, DeepSource, SonarCloud, CodeClimate, Snyk
• Filters out non-actionable content (summaries, metadata)
• 95% confidence for known bots
• Parses bot-specific review formats

🔧 Improvements

Better Error Messages

Shows exactly what was found:

• Displays comment counts by type (issue, review, PR review)
• Lists which bots were detected or skipped
• Explains why comments weren't processed
• Suggests using watch mode for fresh PRs

Debug Mode

New --debug flag for troubleshooting:

• Shows all API calls and responses
• Displays detection logic and confidence scores
• Helps diagnose why bots aren't being detected

Confidence Tracking

Every decision now includes confidence levels:

• 95% confidence for pattern matching
• 90-95% for security issues
• 70% for architectural discussions
• Reports show average confidence

🚀 Usage

# New seamless workflow
gh pr create ...
pr-vibe watch 123  # Waits for and processes bot reviews automatically

🙏 Thanks

Special thanks to the user who reported that CodeRabbit reviews weren't being detected. This release directly addresses that feedback!

---

Full Changelog: v0.4.1...v0.5.0

v0.4.1 - Fix CLI changelog version

🐛 Bug Fix

Fixed the CLI changelog command that was showing outdated version information (0.2.0 instead of current).

What's Changed

• Fixed pr-vibe changelog to show correct current version (0.4.1)
• Added automated changelog version updates to CI/CD pipeline
• Future releases will automatically update the CLI changelog

Full Changelog

v0.4.0...v0.4.1

v0.4.0: Enhanced reporting and pre-merge safety

🎉 New Features

📊 Enhanced Reporting

• Detailed decision logs showing exactly what pr-vibe did and why
• Confidence scores for every decision
• Full conversation transcripts with bots
• Reports saved to .pr-bot/reports/ with automatic cleanup after 30 days
• Both Markdown and JSON formats for easy integration

✅ Pre-Merge Safety

• pr-vibe check <pr> - Verify all bot comments are resolved before merging
• pr-vibe status <pr> - Post GitHub status checks to PRs
• pr-vibe report <pr> - View saved reports from previous runs
• pr-vibe cleanup - Manually clean up old reports

📈 Enhanced Conversation Metrics

• Track rate limit encounters
• Monitor bot corrections and clarifications
• Average conversation duration and rounds
• Resolution type tracking

🛡️ Critical Fixes

TODO Placeholder Bug (CRITICAL)

• Fixed critical bug where pr-vibe could replace entire files with TODO placeholders
• Security issues without specific fixes are now ESCALATED for human review
• Added safety checks to refuse applying any placeholder fixes
• This prevents catastrophic damage to codebases

📦 Installation

npm install -g pr-vibe@latest

🚀 Quick Start

# Review a PR
pr-vibe pr 42

# Check if ready to merge
pr-vibe check 42

# View report
pr-vibe report 42

💜 Thank You

Special thanks to the early adopters who provided feedback, especially regarding the critical TODO placeholder issue!

---

Built BY AI (Claude) FOR AI collaboration 🎵

v0.3.4: Hotfix - Restore Demo Command

🚨 Critical Hotfix

The demo command was accidentally removed in v0.3.3. This hotfix restores it.

🐛 Fixed

• Demo Command Restored: The demo command is now available again
  • Essential for zero-setup experience
  • Required for ProductHunt launch
  • npx pr-vibe@latest demo now works correctly

📦 Installation

npm install -g pr-vibe@latest

🎵 Try the Demo

npx pr-vibe@latest demo

This hotfix is critical for the ProductHunt launch scheduled for 2025-06-19.

v0.3.3: Critical Security Fix & Message Length Handling

🔒 Critical Security Fix

This release includes a critical security fix for a shell injection vulnerability. All users should update immediately.

Security Issue Fixed

• Shell Injection in GitHub Comments: Fixed vulnerability where malicious content in bot responses could execute arbitrary commands
  • Replaced unsafe execSync with shell interpolation with secure execFileSync calls
  • Comments are now passed via temp files or stdin, preventing command injection
  • Thanks to @coderabbitai for identifying this issue!

🐛 Bug Fixes

GitHub Comment Length Handling

• Automatically handles messages exceeding GitHub's 65,536 character limit
• Intelligent truncation at natural boundaries (code blocks, paragraphs)
• Adds clear notice when content is truncated
• Prevents 422 API errors when posting long responses

Message Splitting

• Fixed bug that silently dropped content when splitting long messages
• Correctly tracks content length to ensure all text is preserved
• Continuation markers no longer affect content tracking

🚀 What's New

MessageTruncator Utility

• New utility class for handling long messages safely
• Smart truncation that preserves code blocks
• Message splitting with continuation markers
• Comprehensive test coverage

📚 Documentation

• Updated README with message length handling details
• Enhanced CHANGELOG with security notices
• Added comprehensive tests for all edge cases

🙏 Thanks

Special thanks to CodeRabbit for the thorough security review that identified these critical issues!

📦 Installation

npm install -g pr-vibe@latest

🔗 Links

• npm Package
• Issue #12 - GitHub message length limit
• PR #13 - Security and bug fixes

---

🤖 Built with love by humans and AI working together!