M: audit-log uniformity + renderBodyHTML helper for issues/PRs/reviews

Status	File	+	-
M	`internal/auth/audit/audit.go`	9	2
M	`internal/issues/issues.go`	39	2
M	`internal/pulls/pulls.go`	24	18
M	`internal/pulls/review/comment.go`	2	3
M	`internal/pulls/review/review.go`	16	0
M	`internal/pulls/review/submit.go`	1	2
M	`internal/pulls/state.go`	10	1

internal/auth/audit/audit.gomodified

  	ActionRepoTransferDeclined   Action = "repo_transfer_declined"
  	ActionRepoTransferCanceled   Action = "repo_transfer_canceled"
  	ActionRepoTransferExpired    Action = "repo_transfer_expired"
 +	ActionIssueStateChanged      Action = "issue_state_changed"
 +	ActionIssueLockChanged       Action = "issue_lock_changed"
 +	ActionIssueCommentCreated    Action = "issue_comment_created"
 +	ActionPullStateChanged       Action = "pull_state_changed"
 +	ActionPullMerged             Action = "pull_merged"
+ )
  // Target is a typed target-type constant.
  const (
  	TargetUser  Target = "user"
  	TargetRepo  Target = "repo"
 +	TargetIssue Target = "issue"
 +	TargetPull  Target = "pull"
+ )
  // Recorder writes audit rows. Bound to the sqlc queries handle.

internal/issues/issues.gomodified

  	"github.com/jackc/pgx/v5/pgtype"
  	"github.com/jackc/pgx/v5/pgxpool"
 +	"github.com/tenseleyFlow/shithub/internal/auth/audit"
  	"github.com/tenseleyFlow/shithub/internal/auth/throttle"
  	issuesdb "github.com/tenseleyFlow/shithub/internal/issues/sqlc"
  	mdrender "github.com/tenseleyFlow/shithub/internal/markdown"
  	Pool    *pgxpool.Pool
  	Limiter *throttle.Limiter
  	Logger  *slog.Logger
 +	// Audit is optional; when non-nil, state-changing orchestrator
 +	// calls (SetState, SetLock, AddComment) record an audit row. The
 +	// repo lifecycle package writes audit rows directly via deps.Audit;
 +	// this field ensures issues/PR mutations are equally traceable
 +	// (S00-S25 audit, M).
 +	Audit *audit.Recorder
+ }
  // Errors returned by the orchestrator. Handlers map these to status
+ 	}
  	// Render markdown for the cached body html.
 -	html, _ := mdrender.RenderHTML([]byte(p.Body))
 +	html := renderBodyHTML(ctx, deps, p.Body)
  	row.BodyHtmlCached = pgtype.Text{String: html, Valid: html != ""}
  	if err := q.UpdateIssueTitleBody(ctx, tx, issuesdb.UpdateIssueTitleBodyParams{
  		return issuesdb.IssueComment{}, ErrIssueLocked
+ 	}
 -	html, _ := mdrender.RenderHTML([]byte(body))
 +	html := renderBodyHTML(ctx, deps, body)
  	tx, err := deps.Pool.Begin(ctx)
  	if err != nil {
  		return issuesdb.IssueComment{}, err
+ 	}
  	committed = true
 +	if deps.Audit != nil {
 +		_ = deps.Audit.Record(ctx, deps.Pool, p.AuthorUserID,
 +			audit.ActionIssueCommentCreated, audit.TargetIssue, p.IssueID,
 +			map[string]any{"comment_id": c.ID})
 +	}
  	return c, nil
+ }
  		return err
+ 	}
  	committed = true
 +	if deps.Audit != nil {
 +		_ = deps.Audit.Record(ctx, deps.Pool, actorUserID,
 +			audit.ActionIssueStateChanged, audit.TargetIssue, issueID,
 +			map[string]any{"state": newState, "reason": reason})
 +	}
  	return nil
+ }
  		return err
+ 	}
  	committed = true
 +	if deps.Audit != nil {
 +		_ = deps.Audit.Record(ctx, deps.Pool, actorUserID,
 +			audit.ActionIssueLockChanged, audit.TargetIssue, issueID,
 +			map[string]any{"locked": locked, "reason": reason})
 +	}
  	return nil
+ }
++
 +// renderBodyHTML wraps markdown.RenderHTML with a logger-aware error
 +// path. Body length is bounded upstream (orchestrator validation +
 +// DB CHECK at 65535), so ErrInputTooLarge is structurally impossible
 +// here — but if it ever fires, log loudly: it means a precondition
 +// somewhere upstream regressed. The audit (S00-S25, M) flagged the
 +// `_`-discard pattern as the kind of slop where a real bug could hide.
 +func renderBodyHTML(ctx context.Context, deps Deps, body string) string {
 +	html, err := mdrender.RenderHTML([]byte(body))
 +	if err != nil && deps.Logger != nil {
 +		deps.Logger.WarnContext(ctx, "issues: markdown render failed",
 +			"error", err, "body_bytes", len(body))
 +	}
 +	return html
 +}

internal/pulls/pulls.gomodified

  	"errors"
  	"fmt"
  	"log/slog"
 -	"path/filepath"
  	"strings"
  	"github.com/jackc/pgx/v5"
  	"github.com/jackc/pgx/v5/pgtype"
  	"github.com/jackc/pgx/v5/pgxpool"
 +	"github.com/tenseleyFlow/shithub/internal/auth/audit"
  	"github.com/tenseleyFlow/shithub/internal/checks"
  	"github.com/tenseleyFlow/shithub/internal/issues"
  	issuesdb "github.com/tenseleyFlow/shithub/internal/issues/sqlc"
 +	mdrender "github.com/tenseleyFlow/shithub/internal/markdown"
  	"github.com/tenseleyFlow/shithub/internal/pulls/review"
  	pullsdb "github.com/tenseleyFlow/shithub/internal/pulls/sqlc"
  	repogit "github.com/tenseleyFlow/shithub/internal/repos/git"
 -	mdrender "github.com/tenseleyFlow/shithub/internal/markdown"
 +	"github.com/tenseleyFlow/shithub/internal/repos/protection"
  	reposdb "github.com/tenseleyFlow/shithub/internal/repos/sqlc"
+ )
  type Deps struct {
  	Pool   *pgxpool.Pool
  	Logger *slog.Logger
 +	// Audit is optional; when non-nil, Merge and SetState write audit
 +	// rows. Mirrors the issues orchestrator's contract so PR-side
 +	// state changes are equally traceable (S00-S25 audit, M).
 +	Audit *audit.Recorder
+ }
  // Errors surfaced to handlers.
  	if err != nil {
  		return nil, err
+ 	}
 -	var best reposdb.BranchProtectionRule
 -	bestLen := -1
 -	for _, r := range rules {
 -		ok, _ := filepath.Match(r.Pattern, baseRef)
 +	rule, ok := protection.MatchLongestRule(rules, baseRef)
  	if !ok {
 -			continue
 -		}
 -		if len(r.Pattern) > bestLen ||
 -			(len(r.Pattern) == bestLen && r.Pattern < best.Pattern) {
 -			best = r
 -			bestLen = len(r.Pattern)
 -		}
 -	}
 -	if bestLen < 0 {
  		return []string{}, nil
+ 	}
 -	return best.StatusChecksRequired, nil
 +	return rule.StatusChecksRequired, nil
+ }
  // int64FromPg unwraps a pgtype.Int8; returns 0 when invalid.
  	if len(body) > 65535 {
  		return issues.ErrBodyTooLong
+ 	}
 -	html, _ := mdrender.RenderHTML([]byte(body))
 +	html := renderBodyHTML(ctx, deps, body)
  	q := issuesdb.New()
  	return q.UpdateIssueTitleBody(ctx, deps.Pool, issuesdb.UpdateIssueTitleBodyParams{
  		ID:             prID,
+ 	}
  	return false
+ }
++
 +// renderBodyHTML wraps markdown.RenderHTML with a logger-aware error
 +// path. PR body length is bounded upstream at 65535 chars by the
 +// orchestrator; markdown caps at 1 MiB. ErrInputTooLarge here means
 +// a precondition regressed — log loudly. (S00-S25 audit, M.)
 +func renderBodyHTML(ctx context.Context, deps Deps, body string) string {
 +	html, err := mdrender.RenderHTML([]byte(body))
 +	if err != nil && deps.Logger != nil {
 +		deps.Logger.WarnContext(ctx, "pulls: markdown render failed",
 +			"error", err, "body_bytes", len(body))
 +	}
 +	return html
 +}

internal/pulls/review/comment.gomodified


 	"github.com/jackc/pgx/v5/pgtype"
 
 	pullsdb "github.com/tenseleyFlow/shithub/internal/pulls/sqlc"
-	mdrender "github.com/tenseleyFlow/shithub/internal/markdown"
 )
 
 // CommentParams describes a single inline comment on a PR. When

 		}
 	}
 
-	html, _ := mdrender.RenderHTML([]byte(body))
+	html := renderBodyHTML(ctx, deps, body)
 
 	cur := pgtype.Int4{}
 	if p.CurrentPosition >= 0 {

 	if len(body) > 65535 {
 		return ErrBodyTooLong
 	}
-	html, _ := mdrender.RenderHTML([]byte(body))
+	html := renderBodyHTML(ctx, deps, body)
 	return pullsdb.New().UpdatePRReviewCommentBody(ctx, deps.Pool, pullsdb.UpdatePRReviewCommentBodyParams{
 		ID: commentID, Body: body, BodyHtmlCached: pgtype.Text{String: html, Valid: html != ""},
 	})

internal/pulls/review/review.gomodified

  package review
  import (
 +	"context"
  	"errors"
  	"log/slog"
  	"github.com/jackc/pgx/v5/pgxpool"
++
 +	mdrender "github.com/tenseleyFlow/shithub/internal/markdown"
+ )
  // Deps wires this package into the runtime.
  // MaxReviewersPerPR caps active review requests per PR. Matches the
  // spec pitfall section.
  const MaxReviewersPerPR = 20
++
 +// renderBodyHTML wraps markdown.RenderHTML with a logger-aware error
 +// path. Review/comment body length is bounded upstream at 65535 chars
 +// by the orchestrator. ErrInputTooLarge here means a precondition
 +// regressed — log loudly. (S00-S25 audit, M.)
 +func renderBodyHTML(ctx context.Context, deps Deps, body string) string {
 +	html, err := mdrender.RenderHTML([]byte(body))
 +	if err != nil && deps.Logger != nil {
 +		deps.Logger.WarnContext(ctx, "review: markdown render failed",
 +			"error", err, "body_bytes", len(body))
 +	}
 +	return html
 +}

internal/pulls/review/submit.gomodified

  	issuesdb "github.com/tenseleyFlow/shithub/internal/issues/sqlc"
  	pullsdb "github.com/tenseleyFlow/shithub/internal/pulls/sqlc"
 -	mdrender "github.com/tenseleyFlow/shithub/internal/markdown"
+ )
  // SubmitParams describes the submit-a-review action.
  	if len(body) > 65535 {
  		return pullsdb.PrReview{}, ErrBodyTooLong
+ 	}
 -	html, _ := mdrender.RenderHTML([]byte(body))
 +	html := renderBodyHTML(ctx, deps, body)
  	tx, err := deps.Pool.Begin(ctx)
  	if err != nil {

internal/pulls/state.gomodified

  	"context"
  	"errors"
 +	"github.com/tenseleyFlow/shithub/internal/auth/audit"
  	"github.com/tenseleyFlow/shithub/internal/issues"
  	pullsdb "github.com/tenseleyFlow/shithub/internal/pulls/sqlc"
  	repogit "github.com/tenseleyFlow/shithub/internal/repos/git"
  			return err
+ 		}
+ 	}
 -	return issues.SetState(ctx, issues.Deps{Pool: deps.Pool, Logger: deps.Logger}, actorUserID, prID, newState, "")
 +	if err := issues.SetState(ctx, issues.Deps{Pool: deps.Pool, Logger: deps.Logger}, actorUserID, prID, newState, ""); err != nil {
 +		return err
 +	}
 +	if deps.Audit != nil {
 +		_ = deps.Audit.Record(ctx, deps.Pool, actorUserID,
 +			audit.ActionPullStateChanged, audit.TargetPull, prID,
 +			map[string]any{"state": newState})
 +	}
 +	return nil
+ }

`@@ -12,7 +12,6 @@` import (
12	12	"github.com/jackc/pgx/v5/pgtype"
13	13
14	14	pullsdb "github.com/tenseleyFlow/shithub/internal/pulls/sqlc"
15		- mdrender "github.com/tenseleyFlow/shithub/internal/markdown"
16	15	)
17	16
18	17	// CommentParams describes a single inline comment on a PR. When
`@@ -76,7 +75,7 @@` func AddComment(ctx context.Context, deps Deps, p CommentParams) (pullsdb.PrRevi
76	75	}
77	76	}
78	77
79		- html, _ := mdrender.RenderHTML([]byte(body))
	78	+ html := renderBodyHTML(ctx, deps, body)
80	79
81	80	cur := pgtype.Int4{}
82	81	if p.CurrentPosition >= 0 {
`@@ -115,7 +114,7 @@` func EditComment(ctx context.Context, deps Deps, commentID int64, body string) e
115	114	if len(body) > 65535 {
116	115	return ErrBodyTooLong
117	116	}
118		- html, _ := mdrender.RenderHTML([]byte(body))
	117	+ html := renderBodyHTML(ctx, deps, body)
119	118	return pullsdb.New().UpdatePRReviewCommentBody(ctx, deps.Pool, pullsdb.UpdatePRReviewCommentBodyParams{
120	119	ID: commentID, Body: body, BodyHtmlCached: pgtype.Text{String: html, Valid: html != ""},
121	120	})

tenseleyflow/shithub / `ad6dfd8`

7 changed files