Add get_authorized_comments_from_merge_request function

[ljavorsk]

This function helps to scrape relevant comments on the MR

[gemini-code-assist]

Code Review

This pull request introduces a new function to fetch authorized comments from a GitLab merge request, along with the necessary data models and comprehensive unit tests. The implementation is solid, but I have a few suggestions to improve robustness and maintainability. Specifically, the error handling can be made more precise by catching specific exceptions, and the main function could be refactored for better readability. I've also included a suggestion to improve the data models for better type safety.

[gemini-code-assist]

Catching a broad Exception and simply continuing is risky. It can hide unrelated bugs (e.g., network issues, API changes) by silencing them. The intention is to skip non-project members, so you should catch the specific exception that python-gitlab raises for a "not found" error, which is gitlab.exceptions.GitlabGetError. This makes your error handling more precise and robust. This also applies to the except block for replies on lines 453-455. You'll need to import this exception: from gitlab.exceptions import GitlabGetError.

[ljavorsk]

This is intended

[gemini-code-assist]

For better type safety and to leverage Pydantic's parsing capabilities, consider changing the type of created_at from str to datetime. Pydantic will automatically parse ISO 8601 formatted strings into datetime objects. This makes working with dates and times in the rest of the application easier and less error-prone. You'll need to add from datetime import datetime at the top of the file.

[gemini-code-assist]

Similar to the CommentReply model, consider changing the type of created_at from str to datetime for better type safety and easier manipulation of date/time values.

[gemini-code-assist]

The access level 30 is a magic number. While it's explained in the docstring, defining it as a module-level constant (e.g., DEVELOPER_ACCESS_LEVEL = 30) would improve readability and maintainability. This constant could then be used here and on line 445.

[nforro]

Alternatively, make it a function, e.g. is_trusted_user(id).

[gemini-code-assist]

The get_authorized_comments function is quite long and has multiple levels of nesting, which reduces readability and makes it harder to maintain. Consider refactoring it by extracting parts of the logic into smaller, single-purpose helper functions. For example, you could have functions for:

• Processing a single discussion.
• Checking if a user is authorized.
• Extracting comment details (like file path and line number) from a note.

This would make the main loop cleaner and the overall logic easier to follow.

[nforro]

Suggested change

	notes = discussion.attributes.get("notes", [])
	if not notes:
	continue
	if not (notes := discussion.attributes.get("notes")):
	continue

[nforro]

Suggested change

	if first_note.get("system", False): continue
	if first_note.get("system"):
	continue

[nforro]

Do the membership check in one place and fail early, please.

[nforro]

Never do oneline conditions, please:

Suggested change

	if reply_note.get("system", False): continue
	if reply_note.get("system"):
	continue

[nforro]

Alternatively, make it a function, e.g. is_trusted_user(id).

[ljavorsk]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a new function get_authorized_comments_from_merge_request to fetch comments from a GitLab merge request, filtering for those made by authorized users (Developer role or higher). The changes include new Pydantic models for comments and replies, the main function logic with several helpers, and comprehensive unit tests.

My review focuses on improving the robustness and performance of the new functionality. I've identified a couple of areas for improvement:

• The exception handling for checking user authorization can be made more specific to avoid masking unrelated errors.
• The current implementation may cause performance issues on merge requests with many comments due to excessive API calls (N+1 problem). I've suggested an optimization to fetch project members in a single batch.

Overall, the changes are well-structured and the addition of tests is great. Addressing these points will make the new tool more reliable and efficient.

[gemini-code-assist]

This implementation can lead to a large number of API calls (an N+1 problem). For each comment and reply, _is_authorized_member is called, which in turn makes an API call to GitLab to get member details. On a merge request with many comments, this can be very slow and might hit API rate limits.

To optimize this, you can fetch all project members once at the beginning of get_authorized_comments and store the IDs of authorized members in a set. Then, you can check against this set instead of making an API call for each author.

Here's an example of how you could implement this inside the get_authorized_comments function:

# Inside get_authorized_comments function
project = mr.target_project.gitlab_repo

try:
    all_members = project.members_all.list(get_all=True)
    authorized_ids = {
        member.id for member in all_members
        if member.access_level >= DEVELOPER_ACCESS_LEVEL
    }
except Exception as e:
    logger.warning(f"Could not fetch all project members, falling back to individual checks: {e}")
    authorized_ids = None

def is_authorized(author_id: int) -> bool:
    if authorized_ids is not None:
        return author_id in authorized_ids
    return _is_authorized_member(project, author_id)

# Then, use is_authorized() instead of _is_authorized_member() for checks.
# You would also need to adapt _process_reply to use this new check.

[gemini-code-assist]

Catching a broad Exception is risky as it can mask unexpected errors (like network issues or authentication problems), treating them as a non-member scenario. It's better to catch the specific exception that python-gitlab raises when a user is not found, which is gitlab.exceptions.GitlabGetError.

This will make the function more robust. You'll need to add import gitlab.exceptions at the top of the file.

Suggested change

	except Exception:
	return False
	except gitlab.exceptions.GitlabGetError:
	return False

[ljavorsk]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a new function get_authorized_comments_from_merge_request to fetch comments from GitLab merge requests, filtering for authorized users. The implementation is well-structured, using helper functions and correctly handling asynchronous operations with blocking API calls via asyncio.to_thread. The accompanying Pydantic models are clearly defined, and the unit tests are comprehensive, covering various scenarios including filtering, replies, and line-specific comments.

My review includes a couple of suggestions to improve robustness and maintainability:

• Making dictionary access safer to prevent potential KeyError exceptions from unexpected API responses.
• Adding a type hint to a helper function to improve code clarity.

Overall, this is a solid contribution that adds valuable functionality.

[gemini-code-assist]

The project parameter lacks a type hint. Based on its usage (project.members_all.list), it appears to be a python-gitlab project object. Adding a type hint would improve code clarity and allow static analysis tools to catch potential type-related errors. Using a string literal for the type hint is a good practice here to avoid adding an import solely for type annotation.

Suggested change

	def _get_authorized_member_ids(project) -> set[int]:
	def _get_authorized_member_ids(project: "gitlab.v4.objects.Project") -> set[int]:

[nforro]

Why the 👎?

[ljavorsk]

I thought this is not necessary, but I can add it if you believe it's needed

[gemini-code-assist]

Directly accessing dictionary keys like note["author"]["id"] can lead to a KeyError if the API response structure varies, which would crash the function. To make the code more robust against unexpected API responses, it's safer to use .get() for dictionary access. I've suggested a change that also wraps the CommentReply creation in a try...except block to gracefully handle any other missing keys. This principle of defensive coding against external API data should also be applied to similar data access patterns in get_authorized_comments (e.g., lines 477, 491-493).

    author_info = note.get("author")
    if not author_info or author_info.get("id") not in authorized_member_ids:
        return None

    try:
        return CommentReply(
            author=author_info["username"],
            message=note["body"],
            created_at=note["created_at"],
        )
    except KeyError as e:
        logger.warning(f"Skipping reply due to missing key in note: {e}")
        return None

[nforro]

Why is the type hint in quotes? If you want to avoid additional imports, you could pass ogr's GitlabProject instead, or make this a nested function without type hints (but since it's now called at one place only, you could also just inline it).

[nforro]

Will this be updated in the future to include more metadata? I'm afraid this is not enough to identify code/diff context properly.

[ljavorsk]

We can add something in the future once we test it with the agent and see what could help there

[nforro]

This for instance doesn't cover line ranges, which is rather important IMHO, especially with suggestions.

[nforro]

I think None is just fine, we don't have to invent string constants.

Suggested change

	author=author.get("username", "unknown"),
	author=author.get("username"),

[nforro]

I doubt this can be missing, but most importantly I'm not sure what datetime would be derived from an empty string. If this can really be missing, then it should be None in that case. Same with message above, if there is none, it should be None.

[ljavorsk]

/gemini review

[nforro]

Suggested change

	discussion_id=getattr(discussion, "id", ""),
	discussion_id=discussion.id,

Or, if it can be empty (can it though?):

Suggested change

	discussion_id=getattr(discussion, "id", ""),
	discussion_id=getattr(discussion, "id", None),

[nforro]

There is a lot of code duplication in the tests, couldn't it be parametrized?

[ljavorsk]

I reduced the code in tests. Thanks for suggestion