feat(github): add Get-BotAuthors and Test-WorkflowRateLimit to GitHubHelpers

[rjmurillo-bot]

Pull Request

Summary

Add two centralized helper functions to GitHubHelpers module for reuse across the codebase.

Specification References

Type	Reference	Description
Issue	Closes #275	Unified rate limit module
Issue	Closes #282	Evaluate bot author list centralization

Changes

1. Get-BotAuthors (Closes #282)

Centralized bot author list with category support:

• reviewer: coderabbitai[bot], github-copilot[bot], gemini-code-assist[bot], cursor[bot]
• automation: github-actions[bot], dependabot[bot]
• repository: rjmurillo-bot, copilot-swe-agent[bot]

$bots = Get-BotAuthors  # All bots
$reviewBots = Get-BotAuthors -Category 'reviewer'  # Review bots only

2. Test-WorkflowRateLimit (Closes #275)

Extracted from PRMaintenanceModule for reuse:

• Validates API rate limits before workflow execution
• Configurable thresholds per resource type
• Returns structured results with summary markdown

$result = Test-WorkflowRateLimit
if (-not $result.Success) { exit 1 }

Type of Change

• Bug fix (non-breaking change fixing an issue)
• New feature (non-breaking change adding functionality)
• Breaking change (fix or feature causing existing functionality to change)
• Documentation update
• Infrastructure/CI change
• Refactoring (no functional changes)

Testing

• Tests added/updated
• Manual testing completed
• No testing required (documentation only)

Agent Review

Security Review

• No security-critical changes in this PR
• Security agent reviewed infrastructure changes
• Security agent reviewed authentication/authorization changes
• Security patterns applied (see .agents/security/)

Other Agent Reviews

• Architect reviewed design changes
• Critic validated implementation plan
• QA verified test coverage

Checklist

• Code follows project style guidelines
• Self-review completed
• Comments added for complex logic
• Documentation updated (if applicable)
• No new warnings introduced

Related Issues

• Closes Unified rate limit module #275
• Closes Evaluate bot author list centralization #282
• Supersedes feat(github): add centralized Get-BotAuthors function #491 (same changes combined)

Note

This PR combines two related DRY improvements into a single change. Callers can be updated incrementally in follow-up PRs.

[github-actions]

PR Validation Report

Tip

✅ Status: PASS

Description Validation

Check	Status
Description matches diff	PASS

QA Validation

Check	Status
Code changes detected	False
QA report exists	N/A

---

_{Powered by PR Validation - View Workflow}

[gemini-code-assist]

Code Review

This pull request introduces two useful helper functions, Get-BotAuthors and Test-WorkflowRateLimit, to the GitHubHelpers module, centralizing logic for bot identification and API rate limit checking. The implementation is well-documented and follows the project's style guide for the most part. My review identified two high-severity issues in Test-WorkflowRateLimit: a potential null-reference exception when handling API responses, and an incompatibility with PowerShell 5.1. Addressing these will improve the function's robustness and compatibility.

[github-actions]

Spec-to-Implementation Validation

Caution

❌ Final Verdict: FAIL

What is Spec Validation?

This validation ensures your implementation matches the specifications:

• Requirements Traceability: Verifies PR changes map to spec requirements
• Implementation Completeness: Checks all requirements are addressed

Validation Summary

Check	Verdict	Status
Requirements Traceability	PARTIAL	⚠️
Implementation Completeness	PARTIAL	⚠️

Spec References

Type	References
Specs	None
Issues	275 282

Requirements Traceability Details

Requirements Coverage Matrix

Requirement	Description	Status	Evidence
#275-AC1	Create shared module for rate limit functions	COVERED	Function added to GitHubHelpers.psm1:739-816
#275-AC2	Extract Test-WorkflowRateLimit to shared module	COVERED	Function implemented at line 739-816 with configurable thresholds
#275-AC3	Update PRMaintenanceModule to use shared module	NOT_COVERED	No changes to PRMaintenanceModule in diff
#275-AC4	Add Pester tests for shared module	NOT_COVERED	No test files in diff
#275-AC5	Update other workflows to use shared module	NOT_COVERED	No workflow file changes in diff
#282-AC1	Analyze current bot author list usage across workflows	N/A	Analysis task, not implementation
#282-AC2	Identify duplication and inconsistencies	N/A	Analysis task, not implementation
#282-AC3	Evaluate centralization approaches	COVERED	Implemented as module function approach
#282-AC4	Consider maintenance and update patterns	COVERED	Category-based design with 'reviewer', 'automation', 'repository'
#282-AC5	Document recommendation with trade-offs	NOT_COVERED	No documentation in diff
#282-AC6	Implement solution if centralization is beneficial	COVERED	Get-BotAuthors function at line 681-733

Summary

• Total Requirements: 11
• Covered: 5 (45%)
• Partially Covered: 0 (0%)
• Not Covered: 4 (36%)
• N/A: 2 (18%)

Gaps

1. Unified rate limit module #275-AC3: PRMaintenanceModule not updated to consume Test-WorkflowRateLimit from shared module
2. Unified rate limit module #275-AC4: No Pester tests for Test-WorkflowRateLimit or Get-BotAuthors
3. Unified rate limit module #275-AC5: Existing workflows not updated to use shared rate limit function
4. Evaluate bot author list centralization #282-AC5: No documentation of recommendation or trade-offs

VERDICT: PARTIAL
MESSAGE: Core functions implemented correctly. Missing tests, caller migration, and documentation. PR note states callers will be updated incrementally in follow-up PRs.

Implementation Completeness Details

Now let me check for existing tests and verify the module exports:

Let me search for any existing tests for GitHubHelpers and check if PRMaintenanceModule has the original Test-WorkflowRateLimit:

Let me check for PRMaintenanceModule and any existing bot author usage:

Now I have enough context to complete the implementation completeness check.

---

Acceptance Criteria Checklist

Issue #275 - Unified rate limit module

• Create shared module for rate limit functions - SATISFIED
  • Evidence: Test-WorkflowRateLimit added to GitHubHelpers.psm1 (lines 739-816)
• Extract Test-WorkflowRateLimit to shared module - SATISFIED
  • Evidence: Function exists at lines 739-816 with complete implementation
• Update PRMaintenanceModule to use shared module - NOT SATISFIED
  • Missing: PRMaintenanceModule (if it exists) still needs to be updated to import from GitHubHelpers
• Add Pester tests for shared module - NOT SATISFIED
  • Missing: No test file for Test-WorkflowRateLimit exists in .claude/skills/github/tests/ or tests/
• Update other workflows to use shared module - NOT SATISFIED
  • Missing: No evidence of workflow updates to use the new shared function

Issue #282 - Bot author list centralization

• Analyze current bot author list usage across workflows - SATISFIED (implicit via implementation)
  • Evidence: Categories defined based on usage patterns (reviewer, automation, repository)
• Identify duplication and inconsistencies - SATISFIED (implicit)
  • Evidence: Centralized list created with 8 bots across 3 categories
• Evaluate centralization approaches - SATISFIED
  • Evidence: Module function approach chosen (not config file)
• [~] Consider maintenance and update patterns - PARTIALLY SATISFIED
  • Implemented: Function with category parameter
  • Missing: No documentation on how to add new bots
• Document recommendation with trade-offs - NOT SATISFIED
  • Missing: No ADR or design document justifying the approach
• Implement solution if centralization is beneficial - SATISFIED
  • Evidence: Get-BotAuthors function at lines 681-733

Missing Functionality

1. Pester tests for Get-BotAuthors - Required by Evaluate bot author list centralization #282 acceptance criteria (implicit via "implement solution")
2. Pester tests for Test-WorkflowRateLimit - Explicitly required by Unified rate limit module #275 AC
3. Update PRMaintenanceModule - Unified rate limit module #275 requires existing module be updated to use shared function
4. Update other workflows - Unified rate limit module #275 requires other workflows use the shared module
5. Trade-off documentation - Evaluate bot author list centralization #282 requires documenting recommendation with trade-offs

Edge Cases Not Covered

1. Test-WorkflowRateLimit: No handling for missing resource types in rate limit response
2. Test-WorkflowRateLimit: No handling for null/missing remaining values
3. Get-BotAuthors: Works correctly, but no validation tests exist

Implementation Quality

• Completeness: 50% of acceptance criteria satisfied (5/10 explicit criteria)
• Quality: Core functions implemented correctly with proper documentation, parameter validation, and output types

VERDICT: PARTIAL

MESSAGE: Core functions Get-BotAuthors and Test-WorkflowRateLimit are implemented correctly with proper PowerShell patterns. However, 4 acceptance criteria remain unmet: (1) Pester tests for both functions, (2) PRMaintenanceModule update, (3) workflow updates, (4) trade-off documentation. PR description acknowledges "callers can be updated incrementally in follow-up PRs" which explains #3, but tests are explicitly required by #275.

---

Run Details

Property	Value
Run ID	20566665544
Triggered by	pull_request on 492/merge

_{Powered by AI Spec Validator - View Workflow}

[github-actions]

AI Quality Gate Review

Tip

✅ Final Verdict: PASS

Walkthrough

This PR was reviewed by six AI agents in parallel, analyzing different aspects of the changes:

• Security Agent: Scans for vulnerabilities, secrets exposure, and security anti-patterns
• QA Agent: Evaluates test coverage, error handling, and code quality
• Analyst Agent: Assesses code quality, impact analysis, and maintainability
• Architect Agent: Reviews design patterns, system boundaries, and architectural concerns
• DevOps Agent: Evaluates CI/CD, build pipelines, and infrastructure changes
• Roadmap Agent: Assesses strategic alignment, feature scope, and user value

Review Summary

Agent	Verdict	Category	Status
Security	PASS	N/A	✅
QA	PASS	N/A	✅
Analyst	PASS	N/A	✅
Architect	PASS	N/A	✅
DevOps	PASS	N/A	✅
Roadmap	PASS	N/A	✅

💡 Quick Access: Click on individual agent jobs (e.g., "🔒 security Review", "🧪 qa Review") in the workflow run to see detailed findings and step summaries.

Architect Review Details

I now have sufficient context to provide the architecture review.

---

Design Quality Assessment

Aspect	Rating (1-5)	Notes
Pattern Adherence	5	Functions follow existing module patterns; proper CmdletBinding, OutputType, parameter validation
Boundary Respect	5	Both functions placed in correct module region with proper exports
Coupling	4	Test-WorkflowRateLimit has hard dependency on gh CLI; acceptable for this module's purpose
Cohesion	5	Each function has single responsibility: bot list retrieval and rate limit checking
Extensibility	5	Category parameter enables filtering; ResourceThresholds parameter allows customization

Overall Design Score: 4.8/5

Architectural Concerns

Severity	Concern	Location	Recommendation
Low	Bot list is hardcoded	GitHubHelpers.psm1:711-726	Acceptable for DRY. Consider external config if list grows beyond 15 entries
Low	Default thresholds are magic numbers	GitHubHelpers.psm1:764-769	Document threshold rationale in comment

Breaking Change Assessment

• Breaking Changes: No
• Impact Scope: None
• Migration Required: No
• Migration Path: N/A. New functions only; no existing signatures modified.

Technical Debt Analysis

• Debt Added: Low (minimal new code with clear purpose)
• Debt Reduced: Medium (consolidates duplicated bot lists and rate limit logic per issues Unified rate limit module #275, Evaluate bot author list centralization #282)
• Net Impact: Improved

ADR Assessment

• ADR Required: No
• Decisions Identified: None requiring formal ADR
• Existing ADR: N/A
• Recommendation: N/A

These are utility function additions, not architectural decisions. No new patterns, frameworks, or external dependencies introduced. The design follows existing module conventions established in GitHubHelpers.psm1.

Recommendations

1. Add inline comment explaining the threshold values (100 for core/graphql, 15 for search, 5 for code_search) for future maintainers.
2. Consider adding -IncludeExpired parameter to Get-BotAuthors for historical bot accounts if the list grows.

Verdict

VERDICT: PASS
MESSAGE: Well-structured utility functions following established module patterns. Reduces technical debt by centralizing bot lists and rate limit logic. No architectural concerns.

Roadmap Review Details

Strategic Alignment Assessment

Criterion	Rating	Notes
Aligns with project goals	High	Centralizes reusable utilities; follows DRY principle aligned with consolidation roadmap
Priority appropriate	Medium	Infrastructure improvement, not roadmap-defined epic; addresses technical debt
User value clear	High	Closes 2 tracked issues (#275, #282); simplifies maintenance
Investment justified	High	Small scope (2 functions), immediate reuse value across workflows

Feature Completeness

• Scope Assessment: Right-sized
• Ship Ready: Yes
• MVP Complete: Yes
• Enhancement Opportunities: Caller migration can proceed incrementally in follow-up PRs (as noted)

Impact Analysis

Dimension	Assessment	Notes
User Value	Medium	Developer experience improvement; reduces code duplication
Business Impact	Low	Infrastructure/maintenance, not user-facing feature
Technical Leverage	High	Enables consistent bot detection and rate limiting across 10+ scripts
Competitive Position	Neutral	Internal tooling improvement

Concerns

Priority	Concern	Recommendation
Low	No explicit roadmap epic for DRY improvements	Consider adding "Infrastructure DRY" as P2 backlog item

Recommendations

1. Merge as-is; incremental caller migration is appropriate sequencing
2. Track bot author list updates when new bots are onboarded
3. Consider documenting the bot categories in repository-level docs for contributor visibility

Verdict

VERDICT: PASS
MESSAGE: Change delivers measurable value (closes 2 issues), follows DRY principles aligned with maintainability goals, and is right-sized with good test coverage.

Analyst Review Details

Let me check the existing patterns in the module and examine the related issues for context.

PR Analysis: feat(github): add Get-BotAuthors and Test-WorkflowRateLimit

Code Quality Score

Criterion	Score (1-5)	Notes
Readability	5	Clear function names, proper help documentation, consistent formatting
Maintainability	5	Categorized bot list enables selective updates; structured return objects
Consistency	5	Follows existing module patterns (CmdletBinding, OutputType, region markers, export list)
Simplicity	5	Direct implementations without over-engineering; PowerShell 5.1 compatibility noted

Overall: 5/5

Impact Assessment

• Scope: Isolated (new functions added to existing module)
• Risk Level: Low (additive change, no modification to existing code paths)
• Affected Components: GitHubHelpers.psm1, GitHubHelpers.Tests.ps1

Findings

Priority	Category	Finding	Location
Low	Documentation	Table of Contents line numbers may drift as module grows	GitHubHelpers.psm1:45-52
Low	Testing	Test "Returns array of strings" may fail for single-item category returns (PowerShell unrolls single-element arrays)	GitHubHelpers.Tests.ps1:130-133

Recommendations

1. Consider [string[]] cast in category returns - When returning a single-category bot list, PowerShell may unroll a single-element array to a scalar. Consider return @($bots[$Category]) for consistent return type.

2. Test for category with single element - Add a test case that verifies behavior when a category contains only one bot (edge case for future).

Verdict

VERDICT: PASS
MESSAGE: Clean implementation following existing patterns. Two helper functions properly centralize bot detection and rate limit checking per issues #275 and #282. Tests cover all code paths including error handling. Minor edge-case suggestion for array consistency is non-blocking.

DevOps Review Details

DevOps Review: PR #492 - Get-BotAuthors and Test-WorkflowRateLimit

PR Scope Detection

Category	Files	Review Scope
CODE	.claude/skills/github/modules/GitHubHelpers.psm1	Build impact only
CODE	test/claude/skills/github/GitHubHelpers.Tests.ps1	Build impact only

Note: This is a CODE-only PR (PowerShell module + tests). No workflows, actions, or scripts in scripts/ are modified.

---

Pipeline Impact Assessment

Area	Impact	Notes
Build	None	No build configuration changes
Test	Low	New Pester tests added; compatible with existing test infrastructure
Deploy	None	No deployment changes
Cost	None	No CI runtime impact

---

CI/CD Quality Checks

Check	Status	Location
YAML syntax valid	N/A	No workflow files changed
Actions pinned	N/A	No workflow files changed
Secrets secure	✅	No secrets introduced
Permissions minimal	N/A	No workflow files changed
Shell scripts robust	✅	PowerShell functions have proper error handling

---

Findings

Severity	Category	Finding	Location	Fix
Low	Shell Quality	$LASTEXITCODE check after gh api is correct pattern	GitHubHelpers.psm1:773	None needed
Low	Shell Quality	Null safety check for missing API resources is good defensive coding	GitHubHelpers.psm1:789-795	None needed
Low	Documentation	PowerShell 5.1 compatibility comment is helpful	GitHubHelpers.psm1:805	None needed

---

Template Assessment

• PR Template: N/A (not modified)
• Issue Templates: N/A (not modified)
• Template Issues: None

---

Automation Opportunities

Opportunity	Type	Benefit	Effort
Use Test-WorkflowRateLimit in existing workflows	Integration	Medium (consistent rate limit checks)	Low
Use Get-BotAuthors to replace hardcoded bot lists elsewhere	Refactor	Medium (DRY)	Low

---

Recommendations

1. Consider adding these functions to workflows that currently hardcode bot lists or rate limit checks.
2. The test mocks are well-structured and cover edge cases (missing resources, API failures).

---

Verdict

VERDICT: PASS
MESSAGE: CODE-only PR adds well-tested helper functions with proper error handling. No CI/CD configuration changes. Functions are ready for integration.

Security Review Details

Security Review Analysis

PR Type Detection

Category: CODE (.psm1, .ps1 files)

Files Changed:

• .claude/skills/github/modules/GitHubHelpers.psm1 - PowerShell module
• test/claude/skills/github/GitHubHelpers.Tests.ps1 - Pester tests

Findings

Severity	Category	Finding	Location	CWE
None	-	No security issues identified	-	-

Analysis Details

1. Vulnerability Scanning (OWASP Top 10)

• Injection (CWE-78): No shell injection risk. Test-WorkflowRateLimit calls gh api rate_limit with no user-controlled input in the command string.
• Broken Authentication: Not applicable. No authentication logic.
• Sensitive Data Exposure: No hardcoded secrets. Bot author names are public GitHub usernames.
• Security Misconfiguration: Not applicable. No configuration changes.
• Insecure Deserialization: ConvertFrom-Json parses trusted GitHub API responses only.

2. Secret Detection

• No API keys, tokens, passwords, or credentials detected
• Bot author list contains public bot account names only

3. Dependency Security

• No new dependencies added
• Uses existing gh CLI already in environment

4. Infrastructure Security

• gh api rate_limit is a read-only API call
• No file system operations or external network calls beyond GitHub API
• Rate limit thresholds are sensible defaults (100, 15, 5, 100)

5. Input Validation

• Get-BotAuthors uses [ValidateSet] for $Category parameter
• Test-WorkflowRateLimit validates $ResourceThresholds type via parameter declaration
• Null check on line 790 handles missing API resources safely

6. Error Handling

• Line 773-774: Proper error handling for failed gh API calls
• Line 791: Warning logged for missing resources without exposing sensitive data

Recommendations

None required.

Verdict

VERDICT: PASS
MESSAGE: No security vulnerabilities detected. Functions use read-only API calls with proper input validation and error handling.

QA Review Details

Now let me run the tests to verify they pass:

I'll analyze based on the code review since tests cannot be executed.

---

QA Review Report

VERDICT: PASS
MESSAGE: Comprehensive test coverage for both new functions with proper mocking and edge case handling.

PR TYPE: CODE
FILES:
  - CODE: .claude/skills/github/modules/GitHubHelpers.psm1 (new functions)
  - CODE: test/claude/skills/github/GitHubHelpers.Tests.ps1 (new tests)

Test Coverage Assessment

Area	Status	Evidence	Files Checked
Unit tests	Adequate	7 tests for Get-BotAuthors, 7 tests for Test-WorkflowRateLimit	GitHubHelpers.Tests.ps1:129-235
Edge cases	Covered	Invalid category (ValidateSet), missing resource, empty thresholds	GitHubHelpers.Tests.ps1:205-211, 220-224
Error paths	Tested	gh API failure throws exception (line 214-217)	GitHubHelpers.Tests.ps1:214-217
Assertions	Present	Multiple Should assertions per test	All test blocks

Quality Concerns

Severity	Issue	Location	Evidence	Required Fix
LOW	Export tests verify existence only	GitHubHelpers.Tests.ps1:48-55	Tests check function exports but don't test behavior there	N/A - covered in Context blocks

Regression Risk Assessment

• Risk Level: Low
• Affected Components: GitHubHelpers.psm1 only (additive changes)
• Breaking Changes: None. New functions added, no existing functions modified.
• Required Testing: Tests validate all code paths for new functions.

Evidence

Get-BotAuthors (7 tests):

1. Returns array of strings (type validation)
2. Returns all bots by default (happy path)
3. Category 'reviewer' filter
4. Category 'automation' filter
5. Category 'repository' filter
6. Category 'all' explicit
7. Sorted output verification

Test-WorkflowRateLimit (7 tests):

1. Returns PSCustomObject with required properties
2. Success=true when above threshold
3. Success=false when below threshold
4. Missing resource warning (edge case)
5. gh API failure throws (error path)
6. Custom thresholds work
7. SummaryMarkdown contains expected table format

Test Quality Verification

• Tests verify behavior, not just call functions
• Tests are isolated (mocks reset per test)
• Tests have descriptive names explaining scenario
• Mock/stub usage appropriate (gh CLI mocked for API calls)

EVIDENCE

• Tests found: 14 for 2 new functions
• Edge cases: Category validation (ValidateSet), missing API resource, custom thresholds
• Error handling: Tested for gh API failure with Should -Throw
• Blocking issues: 0

---

Run Details

Property	Value
Run ID	20574483833
Triggered by	pull_request on 492/merge
Commit	ed80303091e5b8796b5204ca2aadb7f2dfc5b6f5

_{Powered by AI Quality Gate - View Workflow}

[coderabbitai]

Caution

Review failed

The head commit changed during the review from ae406be to a3181ad.

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

📝 Walkthrough

Walkthrough

Adds two new public functions to GitHubHelpers.psm1: Get-BotAuthors returns a centralized list of known bot authors with optional category filtering; Test-WorkflowRateLimit validates API rate limits against configurable thresholds and returns per-resource details. Both functions are exported via Export-ModuleMember.

Changes

Cohort / File(s)	Summary
GitHub Helpers Module Expansion GitHubHelpers.psm1	Added Get-BotAuthors function for centralized bot author management with optional category filtering. Added Test-WorkflowRateLimit function to validate API rate limits with configurable thresholds, returning per-resource status and overall success. Updated Export-ModuleMember to expose both new functions.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title follows conventional commit format with feat(github) prefix and clearly describes the two functions being added.
Description check	✅ Passed	Description details both functions, their purposes, usage examples, and links to related issues #275 and #282.
Linked Issues check	✅ Passed	PR implements core requirements: Get-BotAuthors centralizes bot lists with category filtering [#282], Test-WorkflowRateLimit validates rate limits with configurable thresholds [#275].
Out of Scope Changes check	✅ Passed	All changes directly address objectives in linked issues: centralizing bot authors and extracting rate-limit validation logic into shared functions.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[rjmurillo]

@rjmurillo-bot is the name of the copilot-swe-agent verified? I don't think it has the [bot] suffix

[rjmurillo]

@rjmurillo-bot See file comments