fix: ignore prereleases for latest release

[vincentkoc]

Summary

• Exclude draft and prerelease releases when computing the latest release for REST-backed repository details.
• Fetch and filter isPrerelease in the GraphQL repository summary path.
• Update the ghql repo snapshot helper and docs so the debug command reports the latest stable release too.

Why

Repos with newer prereleases, such as openclaw/openclaw, could show a beta release as the latest release date even when the latest stable release was older.

Validation

• git diff --check
• swift build --target RepoBarCore
• swift build --target repobarcli
• GITHUB_TOKEN=... npx --yes pnpm@10.33.2 -s ghql repo openclaw/openclaw prints Latest stable release: openclaw 2026.6.1 while newer beta releases exist.

Not Run

• pnpm check: local environment lacks swiftformat/swiftlint.
• ./Scripts/test.sh --filter ReleaseSelectionTests --filter GraphQLRepoSummaryParsingTests: local Swift test target compilation failed with no such module Testing.
• ./Scripts/build.sh: local app build failed before this change path on SwiftUI.Entry macro plugin resolution in Sources/RepoBar/Support/MenuHighlighting.swift.

[clawsweeper]

Codex review: needs changes before merge. Reviewed June 9, 2026, 1:40 AM ET / 05:40 UTC.

Summary
The PR changes REST, GraphQL, and the ghql helper to report the latest stable GitHub release by filtering drafts and prereleases, with focused tests and docs updates.

Reproducibility: yes. Current main's REST picker filters only drafts and the GraphQL repo summary does not fetch or filter isPrerelease, so a newer non-draft prerelease in the candidate list can be selected as latest.

Review metrics: 2 noteworthy metrics.

• Files changed: 9 files affected. The change spans app API code, GraphQL query paths, a developer CLI helper, docs, and tests, so release-selection parity matters before merge.
• Local validation gaps: 3 commands not run. The PR body says pnpm check, focused Swift tests, and the app build did not complete in the contributor environment.

Merge readiness
Overall: 🦐 gold shrimp
Proof: 🐚 platinum hermit
Patch quality: 🦐 gold shrimp
Result: needs maintainer review before merge.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• Fetch or page enough REST and GraphQL release candidates before filtering prereleases.
• [P2] Add a regression test where the stable release appears after more than 20 prereleases.

Risk before merge

• [P1] Stable release lookup still stops at a 20-release candidate window before filtering, so repositories with 20 or more newer prereleases can show no latest stable release even when one exists.
• [P1] The PR body says the repository's full pnpm check, focused Swift tests, and app build were not completed locally; CI or maintainer validation should cover those before merge.

Maintainer options:

1. Decide the mitigation before merge
   Keep the stable-release semantic, but fetch or page enough REST and GraphQL release candidates before filtering and add regression coverage for a stable release beyond the first 20 prereleases.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge

• [P2] A narrow automated repair can address the remaining pagination/candidate-window blocker across the existing release-selection paths.

Security
Cleared: The diff changes release-selection fields/filtering, tests, and developer docs without altering secrets, dependencies, workflows, or code-execution supply chain paths.

Review findings

• [P2] Fetch enough releases before filtering prereleases — Sources/RepoBarCore/API/GitHubReleasePicker.swift:7

Review details

Best possible solution:

Keep the stable-release semantic, but fetch or page enough REST and GraphQL release candidates before filtering and add regression coverage for a stable release beyond the first 20 prereleases.

Do we have a high-confidence way to reproduce the issue?

Yes. Current main's REST picker filters only drafts and the GraphQL repo summary does not fetch or filter isPrerelease, so a newer non-draft prerelease in the candidate list can be selected as latest.

Is this the best way to solve the issue?

No, not yet. Filtering prereleases is the right core direction, but the maintainable fix should fetch or page beyond the first 20 candidates before applying that filter.

Full review comments:

• [P2] Fetch enough releases before filtering prereleases — Sources/RepoBarCore/API/GitHubReleasePicker.swift:7
  After this filter starts rejecting prereleases, both callers still pass only a 20-item window: REST uses per_page=20, and the GraphQL app/helper queries use first: 20. A repo with 20 newer prereleases and an older stable release will now return nil/none even though the latest stable release exists, so page or expand the candidate window before filtering.
  Confidence: 0.88

Overall correctness: patch is incorrect
Overall confidence: 0.86

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against a929897f089b.

Label changes

Label changes:

• add P2: This is a normal-priority release metadata correctness fix with a bounded but real edge-case blocker before merge.
• add proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes redacted copied live ghql output showing openclaw/openclaw resolves to a stable release while newer beta releases exist.
• add rating: 🦐 gold shrimp: Overall readiness is 🦐 gold shrimp; proof is 🐚 platinum hermit and patch quality is 🦐 gold shrimp.
• add status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Sufficient (live_output): The PR body includes redacted copied live ghql output showing openclaw/openclaw resolves to a stable release while newer beta releases exist.

Label justifications:

• P2: This is a normal-priority release metadata correctness fix with a bounded but real edge-case blocker before merge.
• rating: 🦐 gold shrimp: Overall readiness is 🦐 gold shrimp; proof is 🐚 platinum hermit and patch quality is 🦐 gold shrimp.
• status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Sufficient (live_output): The PR body includes redacted copied live ghql output showing openclaw/openclaw resolves to a stable release while newer beta releases exist.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes redacted copied live ghql output showing openclaw/openclaw resolves to a stable release while newer beta releases exist.

Evidence reviewed

Acceptance criteria:

• [P1] pnpm test --filter ReleaseSelectionTests --filter GraphQLRepoSummaryParsingTests.
• [P1] pnpm check.
• [P1] GITHUB_TOKEN= pnpm ghql repo openclaw/openclaw.

What I checked:

• Repository policy read: The full AGENTS.md was read and applied; it identifies this as a SwiftPM/pnpm project, says GraphQL generated files should not be hand-edited, and expects pnpm-based validation before PRs. (AGENTS.md:1, a929897f089b)
• Current REST release selection is bounded before picking: Current main fetches only 20 REST releases before calling the shared release picker, so a post-filter stable lookup can miss stable releases beyond that window. (Sources/RepoBarCore/API/GitHubRestAPI.swift:642, a929897f089b)
• Current picker includes prereleases: Current main's release picker only filters drafts, which explains the reported behavior when a newer prerelease appears in the fetched candidates. (Sources/RepoBarCore/API/GitHubReleasePicker.swift:7, a929897f089b)
• Current GraphQL summary is also windowed: Current main's GraphQL summary requests the first 20 releases by creation date and filters only drafts before sorting candidates by publish/create date. (Sources/RepoBarCore/API/GraphQLClient.swift:49, a929897f089b)
• PR diff adds stable filtering but keeps the bounded window: The PR adds prerelease filtering in the picker, GraphQL summary, and ghql helper, but the diff still uses REST per_page=20 and GraphQL first:20 candidate windows before filtering. (Sources/RepoBarCore/API/GitHubReleasePicker.swift:7, 851857ae2240)
• History provenance: Blame and -S history show the release picker, REST latest-release path, and GraphQL repo summary behavior all date to commit a5b08b9 by Peter Steinberger. (Sources/RepoBarCore/API/GitHubReleasePicker.swift:1, a5b08b9749bc)

Likely related people:

• steipete: Git blame and -S history tie the current release picker, REST latest-release method, and GraphQL repo summary implementation to commit a5b08b9 by Peter Steinberger in this repository. (role: introduced behavior and recent area contributor; confidence: high; commits: a5b08b9749bc; files: Sources/RepoBarCore/API/GitHubReleasePicker.swift, Sources/RepoBarCore/API/GitHubRestAPI.swift, Sources/RepoBarCore/API/GraphQLClient.swift)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[steipete]

Merged PR #79 in 161711c.

Proof:

• pnpm test --filter ReleaseSelectionTests --filter GraphQLRepoSummaryParsingTests --filter GitHubRestAPITests --filter GitHubRequestRunnerTests passed: 27 tests in 4 suites.
• pnpm build passed on the rebased branch.
• pnpm check passed: SwiftFormat, SwiftLint, and 590 Swift tests in 100 suites.
• autoreview --mode branch --base origin/main was clean: no accepted/actionable findings.
• Live parity on vercel/next.js: REST /releases/latest and GraphQL latestRelease both returned v16.2.6; GraphQL showed 36 newer prerelease/draft candidates; pnpm -s ghql repo vercel/next.js printed Latest stable release: v16.2.6 (5/7/2026).
• GitHub CI passed: GitGuardian Security Checks succeeded on d74c8996d5fb20cfcbfd52352c7a4efa8b249262.

Implementation note: REST now uses GitHub's stable /releases/latest endpoint, GraphQL app/helper paths use Repository.latestRelease, 404/latestRelease: null preserve repositories with no stable release, and ETag caching stores only successful response bodies.

[reneleonhardt]

Thank you very much Vincent, great contribution! ❤️