t1419: switch contribution-watch scan to notifications with managed repo filtering

[marcusquinn]

Summary

• Replace per-thread comment polling in contribution-watch scan with notification-driven polling via the GitHub Notifications API.
• Exclude managed repos (repos.json entries with pulse=true) from contribution-watch so internal aidevops automation noise stays in the pulse stream.
• Persist last_notified updates in scan output and refresh docs/help text to match the new behavior.

Verification

• shellcheck .agents/scripts/contribution-watch-helper.sh (SC1091 info only)
• bash -n .agents/scripts/contribution-watch-helper.sh
• .agents/scripts/contribution-watch-helper.sh scan
• .agents/scripts/contribution-watch-helper.sh status
• .agents/scripts/linters-local.sh (fails on existing repo-wide baseline issues unrelated to this change)

Closes #4297

Summary by CodeRabbit

• Documentation

  • Updated contribution monitoring documentation clarifying API usage, behavior, detection methods, and terminology.

• Refactor

  • Replaced polling mechanism with GitHub Notifications API for monitoring external contributions.
  • Implemented managed-repository filtering and exclusion rules.
  • Enhanced notification processing with improved state management and activity detection.

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[coderabbitai]

Warning

Rate limit exceeded

@marcusquinn has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 21 minutes and 1 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9d4e865c-3db8-4d2f-8cbe-c51ae325afb8

📥 Commits

Reviewing files that changed from the base of the PR and between ae2963a and c73a71d.

📒 Files selected for processing (1)

• .agents/scripts/contribution-watch-helper.sh

Walkthrough

The changes refactor contribution-watch from a polling-based approach to a GitHub Notifications API-driven architecture, add filtering to exclude managed repos (marked with pulse: true), and introduce helper functions for notification interpretation and repo filtering.

Changes

Cohort / File(s)	Summary
Documentation .agents/AGENTS.md	Clarified behavior description: changed "monitors for new comments needing reply" to "monitors for new activity needing reply"; added explicit notes about Notifications API usage, exclusion of pulse-enabled repos, and deterministic metadata-only processing.
Core Script Refactor .agents/scripts/contribution-watch-helper.sh	Replaced per-item polling with Notifications API-driven flow; added five helper functions (_get_managed_repo_slugs, _is_managed_repo, _is_signal_reason, _extract_item_key, _notification_item_type) for repo filtering and notification data interpretation; refactored scan workflow to fetch notifications, filter excluded repos, validate signal reasons, and normalize item metadata; updated state model with last_notified and hot_until fields; adjusted logging and mode terminology from comments to activity.

Sequence Diagram

sequenceDiagram
    participant Scan as Scan Process
    participant GH as GitHub API
    participant State as State DB
    participant Filter as Repo Filter

    Note over Scan,Filter: Old Flow (Polling)
    loop For each tracked item
        Scan->>GH: Fetch issue/PR metadata
        GH-->>Scan: Full item details
        Scan->>State: Update state
    end

    Note over Scan,Filter: New Flow (Notifications)
    Scan->>GH: Fetch notifications (participating=true)
    GH-->>Scan: Notification payloads
    Scan->>Filter: Get managed repos (pulse: true)
    Filter-->>Scan: Excluded repo list
    loop For each notification
        Scan->>Filter: Is managed repo?
        Filter-->>Scan: Yes/No
        alt Not managed & valid signal
            Scan->>Scan: Extract item_key, type, title, timestamp
            Scan->>State: Upsert normalized entry
            State-->>Scan: State updated
        end
    end
    Scan->>Scan: Aggregate counts & report summary

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• t1405: scope boundary for worker dispatch — pulse dispatches only within pulse-enabled repos #2933: Implements pulse-scope repo filtering at a broader level; complements this PR's helper functions that detect and exclude pulse-managed repos within contribution-watch processing.

Suggested labels

enhancement

Poem

🔔 Notifications replace the endless poll,
Filtering out the managed noise—
GitHub whispers what needs reply,
Deterministic, fast, no LLM toil,
Clean signals from the wild wide sky! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main changes: switching contribution-watch to notification-driven polling and adding managed repo filtering.
Linked Issues check	✅ Passed	All linked issue objectives are addressed: notifications API replaces polling [#4297], managed repos filtered via pulse flag [#4297], last_notified tracking implemented [#4297], and metadata-only deterministic scanning maintained [#4297].
Out of Scope Changes check	✅ Passed	All changes are within scope: documentation updates align with implementation changes, helper functions support notification processing and managed repo filtering, and no unrelated modifications detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/contribution-watch-notifications-filter

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 405 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Thu Mar 12 23:31:58 UTC 2026: Code review monitoring started
Thu Mar 12 23:31:59 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 405

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 405
• VULNERABILITIES: 0

Generated on: Thu Mar 12 23:32:01 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[coderabbitai]

🧹 Nitpick comments (2)

.agents/scripts/contribution-watch-helper.sh (2)

65-67: SIGNAL_REASONS constant is defined but never used.

The constant on line 67 duplicates the pattern hardcoded in _is_signal_reason() at line 228. Either use the constant in the function or remove it to avoid drift.

♻️ Proposed fix — use the constant in the predicate

 _is_signal_reason() {
 	local reason="$1"
 	if [[ -z "$reason" ]]; then
 		return 1
 	fi
-	if [[ "$reason" =~ ^(author|comment|mention|review_requested|subscribed)$ ]]; then
+	if [[ "$reason" =~ ^(${SIGNAL_REASONS})$ ]]; then
 		return 0
 	fi
 	return 1
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.agents/scripts/contribution-watch-helper.sh around lines 65 - 67, The
SIGNAL_REASONS regex constant is declared but not used; update the
_is_signal_reason() function to reference the SIGNAL_REASONS variable instead of
the duplicated hardcoded pattern (or remove the constant if you prefer to keep
the inline pattern), ensuring the function uses SIGNAL_REASONS for its regex
match so the two definitions don't drift apart; target the SIGNAL_REASONS symbol
and the _is_signal_reason function when making the change.

---

546-548: Consider clarifying the date comparison logic.

The expression ! "$updated" > "$last_notified" relies on bash's string comparison and negation precedence. While correct for ISO 8601 dates, the intent ("skip if already notified") is subtle.

✨ Optional: make intent explicit

-		if [[ -n "$last_notified" && ! "$updated" > "$last_notified" ]]; then
+		# Skip if we've already notified about this update or a newer one
+		if [[ -n "$last_notified" ]] && [[ ! "$updated" > "$last_notified" ]]; then
 			continue
 		fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.agents/scripts/contribution-watch-helper.sh around lines 546 - 548, The
conditional using last_notified and updated is relying on negation precedence
and is hard to read; change the test to explicitly group the negation (e.g., use
[[ -n "$last_notified" && ! ( "$updated" > "$last_notified" ) ]] ) so it's clear
you're skipping when updated is not greater than last_notified, and add a short
comment that this relies on ISO‑8601 lexicographic ordering; reference the
variables last_notified and updated and the existing conditional to locate where
to change.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.agents/scripts/contribution-watch-helper.sh:
- Around line 65-67: The SIGNAL_REASONS regex constant is declared but not used;
update the _is_signal_reason() function to reference the SIGNAL_REASONS variable
instead of the duplicated hardcoded pattern (or remove the constant if you
prefer to keep the inline pattern), ensuring the function uses SIGNAL_REASONS
for its regex match so the two definitions don't drift apart; target the
SIGNAL_REASONS symbol and the _is_signal_reason function when making the change.
- Around line 546-548: The conditional using last_notified and updated is
relying on negation precedence and is hard to read; change the test to
explicitly group the negation (e.g., use [[ -n "$last_notified" && ! (
"$updated" > "$last_notified" ) ]] ) so it's clear you're skipping when updated
is not greater than last_notified, and add a short comment that this relies on
ISO‑8601 lexicographic ordering; reference the variables last_notified and
updated and the existing conditional to locate where to change.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ee04d64f-6c85-4e06-844c-e2429fc9960f

📥 Commits

Reviewing files that changed from the base of the PR and between f52330e and ae2963a.

📒 Files selected for processing (2)

• .agents/AGENTS.md
• .agents/scripts/contribution-watch-helper.sh

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 405 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Thu Mar 12 23:38:03 UTC 2026: Code review monitoring started
Thu Mar 12 23:38:04 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 405

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 405
• VULNERABILITIES: 0

Generated on: Thu Mar 12 23:38:06 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[marcusquinn]

Linked issue: #4297 (closed by merge).