feat: add GitHub API fallback for installation check

[shuhuiluo]

When local DB is out of sync (webhook delays, manual purges, restoration), isRepoInstalled() now falls back to checking GitHub's API directly.

Changes:

• Add checkRepoInstallationFromAPI() to query GET /repos/{owner}/{repo}/installation
• Update isRepoInstalled() to use API fallback when DB check returns null
• Auto-sync installation data to DB when found via API
• Upgrade any polling subscriptions to webhook delivery after sync

Handles edge cases:

• Webhook delivery failures/delays
• Manual DB purges (dev/testing)
• DB restoration from backups
• Initial deployment with pre-existing installations

Rate limit: Uses app authentication (15,000/hour limit). DB-first approach minimizes API calls - only hit API on cache miss, then sync for future lookups.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Bug Fixes
  • Improved repository installation detection with a robust fallback to verify installation status via the external API for edge cases.
  • Repo identifier validation prevents malformed queries and returns null for invalid formats.
  • When external verification succeeds, installation records and subscription info are synchronized automatically to prevent false negatives.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

isRepoInstalled in src/github-app/installation-service.ts now attempts a fast DB lookup for an installationId and, on miss, validates the repo string and calls a new private helper checkRepoInstallationFromAPI(owner, repo). That helper calls the GitHub API GET /repos/{owner}/{repo}/installation, verifies the app is enabled, synchronizes the installation record into the DB, inserts the repo mapping, and triggers subscription upgrade logic. It returns the installationId on success and null on API 404 or other failures (with non-404 errors logged). Public API remains unchanged.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Files/areas to inspect closely:
  • src/github-app/installation-service.ts — new checkRepoInstallationFromAPI flow and integration with isRepoInstalled
  • Error handling: distinction between 404 and other HTTP errors, logging behavior
  • DB side effects: insertion/synchronization and subscription upgrade calls for correctness and failure modes
  • Input validation: repo string parsing and handling of malformed inputs

Possibly related PRs

• fix: make installation webhooks resilient to missing parent records #38 — Adds an API-backed fallback that fetches and inserts missing installation records; overlaps the installation-sync behavior introduced here.
• feat: automatically upgrade subscriptions when GitHub App installed #40 — Adds subscriptionService wiring and triggers subscription upgrades when repos are added; overlaps upgrade side effects in this change.
• refactor: extract duplicate repo addition logic in InstallationService #48 — Adds/refactors repo insertion and subscription-upgrade logic in InstallationService; potentially touches the same insert-and-upgrade code paths.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: add GitHub API fallback for installation check' directly and accurately summarizes the main change: adding a GitHub API fallback mechanism to the existing installation check flow when database queries miss.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/install-check

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7b43305 and 5369fc6.

📒 Files selected for processing (1)

• src/github-app/installation-service.ts (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• src/github-app/installation-service.ts

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

src/github-app/installation-service.ts (2)

134-151: Fallback flow in isRepoInstalled looks good; consider slightly stricter repo parsing

The DB‑first path and API fallback are wired correctly and keep the hot path cheap. The only thing I’d tighten here is validation of the repo string before calling the API so bad inputs don’t silently turn into unexpected requests:

• Right now, any string with at least one / will be split and partially used; malformed values like "foo/bar/baz" or leading/trailing whitespace will still hit the API.
• Consider normalizing and strictly enforcing the "owner/repo" shape, and optionally logging invalid inputs to make upstream issues easier to debug.

For example:

-      const [owner, repoName] = repo.split("/");
-      if (!owner || !repoName) {
-        return null;
-      }
+      const parts = repo.trim().split("/");
+      if (parts.length !== 2) {
+        console.warn(
+          `[InstallationService] isRepoInstalled called with invalid repo format: ${repo}`
+        );
+        return null;
+      }
+      const [owner, repoName] = parts;

This keeps the behavior the same on valid inputs but makes misuse more visible and avoids odd partial matches.

---

161-198: API fallback helper is solid; consider logging when disabled and tightening error typing

The helper cleanly encapsulates the fallback behavior (guarding on isEnabled, doing the API lookup, syncing installation + repo, and upgrading subscriptions). Two small polish points:

• When this.githubApp.isEnabled() is false you silently return null. Emitting a one‑line warning here would make misconfiguration much easier to spot in logs:

-      if (!this.githubApp.isEnabled()) {
-        return null;
-      }
+      if (!this.githubApp.isEnabled()) {
+        console.warn(
+          "[InstallationService] GitHub App is disabled; skipping API installation check"
+        );
+        return null;
+      }

• The 404 handling currently relies on // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access and a loose cast. You can usually avoid the lint suppression by first checking that error is an object with a numeric status:

-    } catch (error) {
-      // 404 = app not installed on this repo
-      // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
-      if ((error as any)?.status === 404) {
-        return null;
-      }
+    } catch (error) {
+      // 404 = app not installed on this repo
+      const status =
+        error &&
+        typeof error === "object" &&
+        "status" in error &&
+        typeof (error as { status?: unknown }).status === "number"
+          ? (error as { status: number }).status
+          : undefined;
+      if (status === 404) {
+        return null;
+      }

Behavior stays the same, but you drop the any holes and linter suppression.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 888c10b and 7b43305.

📒 Files selected for processing (1)

• src/github-app/installation-service.ts (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

src/github-app/installation-service.ts (2)

src/db/index.ts (1)

• db (57-57)

src/db/schema.ts (1)

• installationRepositories (149-167)