feat(commands): add allow-commands-on-draft-prs config option

[myakove]

Summary

Adds a new configuration option allow-commands-on-draft-prs that allows specific commands (or all commands) to be executed on draft PRs via issue comments.

Configuration Options

# Not set (default): commands blocked on draft PRs
# Empty list []: all commands allowed on draft PRs  
# List with commands: only those commands allowed
allow-commands-on-draft-prs:
  - build-and-push-container
  - retest

Changes

• Added allow-commands-on-draft-prs config option to schema (global and per-repo levels)
• Modified draft PR check in github_api.py to allow issue_comment events when config is set
• Added command filtering in IssueCommentHandler with type guard
• Added 4 unit tests for the new functionality
• Added example documentation in examples/config.yaml

Closes #979

Test plan

• All 1178 tests pass
• 90.35% coverage (meets 90% requirement)
• Test with draft PR and empty config list - all commands should work
• Test with draft PR and specific command list - only listed commands should work
• Test with draft PR and no config - commands should be blocked (default behavior)

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • Draft PR command controls: global and per-repository allow-lists (empty list = allow all; unspecified = block).

• Behavior

  • Comment-triggered commands now respect draft status; only allowed commands run and disallowed commands are declined with a guidance comment.

• Documentation

  • Configuration examples and schema updated to describe draft-command controls and semantics.

• Tests

  • Extensive tests added for allow/block cases, empty-list behavior and side effects; some timing thresholds relaxed for CI stability.

[myakove-bot]

Report bugs in Issues

Welcome! 🎉

This pull request will be automatically processed with the following features:

🔄 Automatic Actions

• Reviewer Assignment: Reviewers are automatically assigned based on the OWNERS file in the repository root
• Size Labeling: PR size labels (XS, S, M, L, XL, XXL) are automatically applied based on changes
• Issue Creation: Disabled for this repository
• Pre-commit Checks: pre-commit runs automatically if .pre-commit-config.yaml exists
• Branch Labeling: Branch-specific labels are applied to track the target branch
• Auto-verification: Auto-verified users have their PRs automatically marked as verified
• Labels: All label categories are enabled (default configuration)

📋 Available Commands

PR Status Management

• /wip - Mark PR as work in progress (adds WIP: prefix to title)
• /wip cancel - Remove work in progress status
• /hold - Block PR merging (approvers only)
• /hold cancel - Unblock PR merging
• /verified - Mark PR as verified
• /verified cancel - Remove verification status
• /reprocess - Trigger complete PR workflow reprocessing (useful if webhook failed or configuration changed)
• /regenerate-welcome - Regenerate this welcome message

Review & Approval

• /lgtm - Approve changes (looks good to me)
• /approve - Approve PR (approvers only)
• /automerge - Enable automatic merging when all requirements are met (maintainers and approvers only)
• /assign-reviewers - Assign reviewers based on OWNERS file
• /assign-reviewer @username - Assign specific reviewer
• /check-can-merge - Check if PR meets merge requirements

Testing & Validation

• /retest tox - Run Python test suite with tox
• /retest build-container - Rebuild and test container image
• /retest python-module-install - Test Python package installation
• /retest pre-commit - Run pre-commit hooks and checks
• /retest conventional-title - Validate commit message format
• /retest all - Run all available tests

Container Operations

• /build-and-push-container - Build and push container image (tagged with PR number)
  • Supports additional build arguments: /build-and-push-container --build-arg KEY=value

Cherry-pick Operations

• /cherry-pick <branch> - Schedule cherry-pick to target branch when PR is merged
  • Multiple branches: /cherry-pick branch1 branch2 branch3

Label Management

• /<label-name> - Add a label to the PR
• /<label-name> cancel - Remove a label from the PR

✅ Merge Requirements

This PR will be automatically approved when the following conditions are met:

1. Approval: /approve from at least one approver
2. LGTM Count: Minimum 1 /lgtm from reviewers
3. Status Checks: All required status checks must pass
4. No Blockers: No WIP, hold, conflict labels
5. Verified: PR must be marked as verified (if verification is enabled)

📊 Review Process

Approvers and Reviewers

Approvers:

• myakove
• rnetser

Reviewers:

• myakove
• rnetser

Available Labels

• hold
• verified
• wip
• lgtm
• approve
• automerge

💡 Tips

• WIP Status: Use /wip when your PR is not ready for review
• Verification: The verified label is automatically removed on each new commit
• Cherry-picking: Cherry-pick labels are processed when the PR is merged
• Container Builds: Container images are automatically tagged with the PR number
• Permission Levels: Some commands require approver permissions
• Auto-verified Users: Certain users have automatic verification and merge privileges

For more information, please refer to the project documentation or contact the maintainers.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds a config-driven allow-list to control which commands may run on draft PRs (global and per-repo). Draft PRs remain short‑circuited unless an allow-list is configured and the event is issue_comment; issue comment processing enforces the allow-list and comments when commands are disallowed. (≤50 words)

Changes

Cohort / File(s)	Summary
Configuration & Schema examples/config.yaml, webhook_server/config/schema.yaml	Add allow-commands-on-draft-prs as top-level and per-repo array[string]. Semantics: unset = block commands on drafts (default short-circuit), empty list = allow all commands, non-empty list = whitelist specific commands.
GitHub event short-circuit webhook_server/libs/github_api.py	On draft PRs, consult allow-commands-on-draft-prs. If unset or event != issue_comment, preserve early-return and metrics. If set and event == issue_comment, log configured override and continue processing.
Command execution gating webhook_server/libs/handlers/issue_comment_handler.py	Cache PR is_draft, add is_draft: bool kw-only parameter to user_commands. When is_draft and allow-list present: empty list => allow all; non-empty => only listed commands proceed. Disallowed commands log and trigger a posted comment listing allowed commands, then exit.
Tests & thresholds webhook_server/tests/test_issue_comment_handler.py, webhook_server/tests/test_memory_optimization.py	Extensive test updates for draft allow-list scenarios (allowed/blocked/empty-list/non-draft), adjust mock signatures and patches to pass is_draft, and relax timing thresholds in memory-optimization tests.

Sequence Diagram

sequenceDiagram
    participant Webhook as Webhook Event
    participant GH_API as GitHub API Handler
    participant Config as Configuration Store
    participant ICH as Issue Comment Handler
    participant GH as GitHub API

    Webhook->>GH_API: issue_comment event (draft PR)
    GH_API->>Config: get allow-commands-on-draft-prs
    alt Config unset OR event != issue_comment
        Config-->>GH_API: unset / not applicable
        GH_API->>GH_API: update metrics
        GH_API-->>Webhook: return (draft skipped)
    else Config set and event == issue_comment
        Config-->>GH_API: config provided
        GH_API->>ICH: forward event for processing
        ICH->>Config: get repo/global allow-commands-on-draft-prs
        alt allow-list is empty
            Config-->>ICH: allow-all (empty list)
            ICH->>GH: execute command
        else allow-list contains command
            Config-->>ICH: whitelisted
            ICH->>GH: execute command
        else not whitelisted
            Config-->>ICH: not allowed
            ICH->>GH: post comment listing allowed commands
            ICH-->>GH_API: return (no exec)
        end
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• fix: add-allowed-user #806 — Modifies issue_comment_handler.user_commands; may conflict with the new is_draft parameter and draft gating.
• Do not allow new users to run /retest or /build-and-push-container #769 — Changes webhook_server/libs/github_api.py control flow around comment handling and draft logic.
• feat: Add automerge command and functionality #812 — Touches issue_comment_handler routing and command handling; overlaps with allow-list enforcement.

Suggested labels

commented-myakove

Suggested reviewers

• rnetser

🚥 Pre-merge checks | ✅ 5 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	⚠️ Warning	Performance threshold adjustments in test_memory_optimization.py are out of scope and appear unrelated to the allow-commands-on-draft-prs feature implementation.	Separate the performance threshold changes into a dedicated PR focused on test timing adjustments to keep feature-specific changes isolated and reviewable.

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	Title accurately summarizes the main change—adding a new allow-commands-on-draft-prs configuration option—and is concise and specific.
Linked Issues check	✅ Passed	PR implements all coding requirements from issue #979: adds allow-commands-on-draft-prs at global and per-repo levels with three semantic modes, integrates config validation in draft PR checks, and enforces command filtering based on configuration.
Docstring Coverage	✅ Passed	Docstring coverage is 94.92% which is sufficient. The required threshold is 80.00%.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into main

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/issue-979-allow-commands-on-draft-prs

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@webhook_server/tests/test_issue_comment_handler.py`:
- Around line 147-152: The async test mock function mock_command currently has
an unnecessary linter suppression "# noqa: ARG001" — remove that directive from
the async def signature so the line becomes a normal async def
mock_command(...); leave the parameter list and body as-is since unused
arguments are acceptable for this test mock.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cc9cc35 and 1d352d0.

📒 Files selected for processing (5)

• examples/config.yaml
• webhook_server/config/schema.yaml
• webhook_server/libs/github_api.py
• webhook_server/libs/handlers/issue_comment_handler.py
• webhook_server/tests/test_issue_comment_handler.py

🧰 Additional context used

📓 Path-based instructions (7)

**/*.{yaml,yml}

📄 CodeRabbit inference engine (CLAUDE.md)

Maintain backward compatibility for user-facing configuration files (config.yaml, .github-webhook-server.yaml) - configuration schema changes must support old formats or provide migration

Files:

• webhook_server/config/schema.yaml
• examples/config.yaml

webhook_server/config/schema.yaml

📄 CodeRabbit inference engine (CLAUDE.md)

webhook_server/config/schema.yaml: Mask sensitive data in logs by default (set mask-sensitive-data: true in configuration)
Configuration schema changes should be tested with uv run pytest webhook_server/tests/test_config_schema.py -v

Files:

• webhook_server/config/schema.yaml

webhook_server/libs/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

Internal methods in webhook_server/libs/ can change freely - return types can change (e.g., Any → bool), method signatures can be modified without deprecation

Files:

• webhook_server/libs/handlers/issue_comment_handler.py
• webhook_server/libs/github_api.py

webhook_server/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

webhook_server/**/*.py: Server fails-fast on startup if critical dependencies are missing - required parameters in __init__() are ALWAYS provided and checking for None on required parameters is pure overhead
Defensive checks in destructors (__del__) should use hasattr() to check for attributes that may not exist if initialization failed
Defensive checks are acceptable for optional parameters that explicitly allow None (parameter type includes | None or Optional)
Defensive checks are acceptable for lazy initialization - attribute explicitly starts as None with type annotation attr: SomeType | None = None
Use hasattr() checks only for platform constants that may not exist on all platforms (e.g., os.O_NOFOLLOW)
Do NOT use hasattr() checks for required parameters in __init__() - if config is required, access it directly without defensive checks
Do NOT use hasattr() checks for library versions we control in pyproject.toml (PyGithub >=2.4.0, gql >=3.5.0) - call methods directly
Use isinstance() for type discrimination instead of hasattr() checks
Never return fake defaults (empty strings, zeros, False, None, empty collections) to hide missing data - fail-fast with ValueError or KeyError exceptions
PyGithub is synchronous/blocking - MUST wrap ALL method calls and property accesses with asyncio.to_thread() to avoid blocking the event loop
When accessing PyGithub properties that may trigger API calls, wrap in asyncio.to_thread(lambda: obj.property) instead of direct access
When iterating PyGithub PaginatedList, wrap iteration in asyncio.to_thread(lambda: list(...)) to avoid blocking
Use asyncio.gather() for concurrent PyGithub operations to maximize performance
All imports must be at the top of files - no imports in functions or try/except blocks, except TYPE_CHECKING imports can be conditional
Complete type hints are mandatory - use mypy strict mode with full type annotations on function parameters and return types
Use logger.exception() for autom...

Files:

• webhook_server/libs/handlers/issue_comment_handler.py
• webhook_server/libs/github_api.py
• webhook_server/tests/test_issue_comment_handler.py

webhook_server/libs/handlers/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

webhook_server/libs/handlers/**/*.py: Do NOT use defensive checks for architecture guarantees like repository_data which is ALWAYS set before handlers instantiate
Handler classes must implement __init__(self, github_webhook, ...) and process_event(event_data) pattern
Handlers must use self.github_webhook.unified_api for all GitHub operations, not direct PyGithub calls
Use ctx.start_step(), ctx.complete_step(), ctx.fail_step() for structured webhook execution tracking

Files:

• webhook_server/libs/handlers/issue_comment_handler.py

webhook_server/libs/github_api.py

📄 CodeRabbit inference engine (CLAUDE.md)

webhook_server/libs/github_api.py: Maintain backward compatibility for webhook payload handling - must follow GitHub webhook specification
Do NOT use defensive checks for webhook payload fields that are guaranteed to exist (e.g., user.node_id, user.type, sender) - let KeyError surface legitimate bugs
Repository cloning for check_run events should skip with early exit when action != 'completed'
Repository cloning for check_run events should skip when check_run_conclusion != 'success' and check_run_name == 'can-be-merged'

Files:

• webhook_server/libs/github_api.py

webhook_server/tests/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

webhook_server/tests/**/*.py: Code coverage must be 90% or higher - new code without tests fails CI
Test files should use AsyncMock, Mock, and patch for mocking - use TEST_GITHUB_TOKEN constant for test tokens
Test coverage is required for new handlers - create handler tests in webhook_server/tests/test_*_handler.py

Files:

• webhook_server/tests/test_issue_comment_handler.py

🧠 Learnings (13)

📚 Learning: 2026-01-05T14:43:44.055Z

Learnt from: CR
Repo: myk-org/github-webhook-server PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-05T14:43:44.055Z
Learning: Applies to webhook_server/config/schema.yaml : Configuration schema changes should be tested with `uv run pytest webhook_server/tests/test_config_schema.py -v`

Applied to files:

• webhook_server/config/schema.yaml
• webhook_server/tests/test_issue_comment_handler.py

📚 Learning: 2026-01-05T14:43:44.055Z

Learnt from: CR
Repo: myk-org/github-webhook-server PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-05T14:43:44.055Z
Learning: Applies to **/*.{yaml,yml} : Maintain backward compatibility for user-facing configuration files (`config.yaml`, `.github-webhook-server.yaml`) - configuration schema changes must support old formats or provide migration

Applied to files:

• webhook_server/config/schema.yaml

📚 Learning: 2025-12-29T13:09:56.231Z

Learnt from: rnetser
Repo: myk-org/github-webhook-server PR: 959
File: webhook_server/libs/handlers/pull_request_handler.py:887-887
Timestamp: 2025-12-29T13:09:56.231Z
Learning: In the myk-org/github-webhook-server repository, logging statements in the webhook_server codebase should use f-strings for interpolation. Do not suggest changing to lazy formatting with % (e.g., logger.debug('msg %s', var)) since that is an established style choice. When adding new log statements, prefer f"...{var}..." for readability and performance, and avoid string concatenation or format-style logging unless the project explicitly adopts a different convention.

Applied to files:

• webhook_server/libs/handlers/issue_comment_handler.py
• webhook_server/libs/github_api.py
• webhook_server/tests/test_issue_comment_handler.py

📚 Learning: 2026-01-05T14:43:44.055Z

Learnt from: CR
Repo: myk-org/github-webhook-server PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-05T14:43:44.055Z
Learning: Applies to webhook_server/libs/github_api.py : Maintain backward compatibility for webhook payload handling - must follow GitHub webhook specification

Applied to files:

• webhook_server/libs/github_api.py

📚 Learning: 2024-10-29T08:09:57.157Z

Learnt from: myakove
Repo: myk-org/github-webhook-server PR: 612
File: webhook_server_container/libs/github_api.py:2089-2100
Timestamp: 2024-10-29T08:09:57.157Z
Learning: In `webhook_server_container/libs/github_api.py`, when the function `_keep_approved_by_approvers_after_rebase` is called, existing approval labels have already been cleared after pushing new changes, so there's no need to check for existing approvals within this function.

Applied to files:

• webhook_server/libs/github_api.py

📚 Learning: 2024-10-08T09:19:56.185Z

Learnt from: myakove
Repo: myk-org/github-webhook-server PR: 586
File: webhook_server_container/libs/github_api.py:1947-1956
Timestamp: 2024-10-08T09:19:56.185Z
Learning: In `webhook_server_container/libs/github_api.py`, the indentation style used in the `set_pull_request_automerge` method is acceptable as per the project's coding standards.

Applied to files:

• webhook_server/libs/github_api.py

📚 Learning: 2026-01-05T14:43:44.055Z

Learnt from: CR
Repo: myk-org/github-webhook-server PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-05T14:43:44.055Z
Learning: Applies to webhook_server/libs/handlers/**/*.py : Handlers must use `self.github_webhook.unified_api` for all GitHub operations, not direct PyGithub calls

Applied to files:

• webhook_server/libs/github_api.py

📚 Learning: 2026-01-05T14:43:44.055Z

Learnt from: CR
Repo: myk-org/github-webhook-server PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-05T14:43:44.055Z
Learning: Applies to webhook_server/libs/github_api.py : Do NOT use defensive checks for webhook payload fields that are guaranteed to exist (e.g., `user.node_id`, `user.type`, `sender`) - let KeyError surface legitimate bugs

Applied to files:

• webhook_server/libs/github_api.py

📚 Learning: 2026-01-05T14:43:44.055Z

Learnt from: CR
Repo: myk-org/github-webhook-server PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-05T14:43:44.055Z
Learning: Applies to webhook_server/libs/github_api.py : Repository cloning for check_run events should skip when check_run_conclusion != 'success' and check_run_name == 'can-be-merged'

Applied to files:

• webhook_server/libs/github_api.py

📚 Learning: 2024-10-29T10:42:50.163Z

Learnt from: myakove
Repo: myk-org/github-webhook-server PR: 612
File: webhook_server_container/libs/github_api.py:925-926
Timestamp: 2024-10-29T10:42:50.163Z
Learning: In `webhook_server_container/libs/github_api.py`, the method `self._keep_approved_by_approvers_after_rebase()` must be called after removing labels when synchronizing a pull request. Therefore, it should be placed outside the `ThreadPoolExecutor` to ensure it runs sequentially after label removal.

Applied to files:

• webhook_server/libs/github_api.py

📚 Learning: 2025-05-13T12:06:27.297Z

Learnt from: myakove
Repo: myk-org/github-webhook-server PR: 778
File: webhook_server/libs/pull_request_handler.py:327-330
Timestamp: 2025-05-13T12:06:27.297Z
Learning: In the GitHub webhook server, synchronous GitHub API calls (like create_issue_comment, add_to_assignees, etc.) in async methods should be awaited using asyncio.to_thread or loop.run_in_executor to prevent blocking the event loop.

Applied to files:

• webhook_server/libs/github_api.py
• webhook_server/tests/test_issue_comment_handler.py

📚 Learning: 2026-01-05T14:43:44.055Z

Learnt from: CR
Repo: myk-org/github-webhook-server PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-05T14:43:44.055Z
Learning: Applies to webhook_server/tests/**/*.py : Test files should use AsyncMock, Mock, and patch for mocking - use TEST_GITHUB_TOKEN constant for test tokens

Applied to files:

• webhook_server/tests/test_issue_comment_handler.py

📚 Learning: 2026-01-05T14:43:44.055Z

Learnt from: CR
Repo: myk-org/github-webhook-server PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-05T14:43:44.055Z
Learning: Applies to webhook_server/tests/**/*.py : Test coverage is required for new handlers - create handler tests in `webhook_server/tests/test_*_handler.py`

Applied to files:

• webhook_server/tests/test_issue_comment_handler.py

🧬 Code graph analysis (1)

webhook_server/libs/github_api.py (1)

webhook_server/libs/config.py (1)

• get_value (132-153)

🪛 Ruff (0.14.11)

webhook_server/libs/handlers/issue_comment_handler.py

177-178: Logging statement uses f-string

(G004)

webhook_server/libs/github_api.py

477-477: Logging statement uses f-string

(G004)

---

480-481: Logging statement uses f-string

(G004)

---

487-488: Logging statement uses f-string

(G004)

webhook_server/tests/test_issue_comment_handler.py

147-147: Unused noqa directive (unused: ARG001)

Remove unused noqa directive

(RUF100)

---

148-148: Unused function argument: pull_request

(ARG001)

---

150-150: Unused function argument: reviewed_user

(ARG001)

---

151-151: Unused function argument: issue_comment_id

(ARG001)

🔇 Additional comments (11)

webhook_server/config/schema.yaml (2)

86-94: LGTM! Schema addition is well-structured.

The top-level allow-commands-on-draft-prs property is correctly defined as an optional array of strings with clear documentation of the three-state semantics. Backward compatibility is preserved since missing property means commands are blocked (existing behavior).

Based on learnings, ensure schema changes are tested:

uv run pytest webhook_server/tests/test_config_schema.py -v

---

344-352: Repository-level override mirrors global schema correctly.

The per-repository allow-commands-on-draft-prs property uses identical schema and semantics as the global property, enabling granular control. This aligns with the existing pattern for other repository-level overrides (e.g., auto-verify-cherry-picked-prs).

examples/config.yaml (2)

36-43: LGTM! Documentation examples are clear and comprehensive.

The commented-out examples effectively demonstrate all three configuration states with explanatory comments. This follows the existing pattern in the config file for optional features.

---

198-200: Repository-level example demonstrates practical use case.

Showing build-and-push-container as an allowed draft PR command is a realistic scenario—teams often want to build preview containers from draft PRs without enabling all commands.

webhook_server/libs/handlers/issue_comment_handler.py (1)

169-185: LGTM! Draft PR command filtering is correctly implemented.

The implementation properly:

1. Wraps PyGithub property access in asyncio.to_thread (per coding guidelines)
2. Handles the three-state semantics: None/not-set passes through (handled upstream in github_api.py), empty list allows all, non-empty list filters commands
3. Provides helpful user feedback listing allowed commands

The isinstance(..., list) and len(...) > 0 type guard is a correct pattern for discriminating between "allow all" ([]) and "allow specific" (["cmd1", "cmd2"]).

Note: The static analysis hint about f-strings (G004) is a false positive—f-strings are the established style per project learnings.

webhook_server/libs/github_api.py (1)

472-489: LGTM! Draft PR handling logic correctly gates issue_comment events.

The conditional logic properly implements the feature:

• allow_commands_on_draft is None → preserves original behavior (skip draft PRs)
• self.github_event != "issue_comment" → correctly limits draft PR processing to command events only (other events like pull_request, pull_request_review should still be skipped for drafts)

Context metrics are correctly updated in the early-return path (line 483), preventing metric tracking gaps.

Note: Static analysis hints about f-strings are false positives per project learnings.

webhook_server/tests/test_issue_comment_handler.py (5)

45-47: LGTM! Mock config setup enables draft PR testing.

Adding config.get_value = Mock(return_value=None) to the fixture provides the default "not configured" state, allowing individual tests to override the return value for specific scenarios.

---

1254-1280: LGTM! Test correctly verifies command blocking on draft PRs.

This test validates the core blocking behavior:

• Sets up a draft PR with a restricted allow-list
• Verifies disallowed command triggers a comment with helpful message
• Confirms no reaction is added (command didn't proceed)

The assertion checking the comment content for both the blocked command name and allowed commands list is thorough.

---

1282-1307: LGTM! Test verifies allowed commands proceed on draft PRs.

Good coverage of the "happy path" where a command in the allow-list executes normally, including label addition and reaction.

---

1309-1337: LGTM! Test confirms empty list allows all commands.

This test is critical for validating the [] = "allow all" semantic described in the schema and PR objectives.

---

1339-1364: LGTM! Test ensures non-draft PRs bypass draft filtering.

Important edge case—verifies that the draft PR config doesn't inadvertently affect non-draft PRs. The test explicitly sets draft = False and confirms the command proceeds despite a restrictive allow-list.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

webhook_server/tests/test_issue_comment_handler.py (1)

130-221: HIGH: Tight timing assertions risk flaky CI failures.
CI scheduling jitter often exceeds 10–15ms and <0.1s thresholds even when concurrency is correct; deterministic tests avoid red builds for non-functional reasons.

🛠 Suggested refactor to reduce timing flakiness

-            # VERIFICATION 2: Commands started concurrently (within 10ms of each other)
-            # In sequential execution, commands would start 50ms apart
-            # In parallel execution, all start nearly simultaneously
-            first_start = start_events[0][2]
-            last_start = start_events[-1][2]
-            start_time_spread = last_start - first_start
-
-            # All commands should start within 10ms (parallel)
-            # vs 100ms+ for sequential execution (50ms * 2 delays)
-            assert start_time_spread < 0.015, f"Commands did not start concurrently (spread: {start_time_spread:.3f}s)"
-
-            # VERIFICATION 3: Total execution time indicates parallel execution
-            # Sequential: 3 commands * 50ms = 150ms minimum
-            # Parallel: max(50ms) = 50ms (plus overhead)
-            # Allow 100ms for parallel (generous overhead buffer)
-            assert total_duration < 0.1, f"Execution took {total_duration:.3f}s, expected < 0.1s (parallel execution)"
-
-            # Sequential would take at least 150ms
-            assert total_duration < 0.12, f"Commands appear to run sequentially ({total_duration:.3f}s >= 0.12s)"
+            # VERIFICATION 2: Commands overlap (parallel execution)
+            first_end = min(e[2] for e in execution_events if e[1] == "end")
+            last_start = max(e[2] for e in execution_events if e[1] == "start")
+            assert last_start < first_end, "Commands did not overlap (expected parallel execution)"
+
+            # VERIFICATION 3: Keep a loose upper bound to catch fully sequential runs
+            assert total_duration < 0.5, f"Execution took {total_duration:.3f}s, expected < 0.5s"

♻️ Duplicate comments (1)

webhook_server/tests/test_issue_comment_handler.py (1)

147-152: MEDIUM: Ruff ARG001 — mark intentionally unused mock args.
Ruff flags unused parameters to keep lint noise out of the suite; prefix with _ to document intent.

✅ Suggested fix

-        async def mock_command(
-            pull_request: Mock,
-            command: str,
-            reviewed_user: str,
-            issue_comment_id: int,
-        ) -> None:
+        async def mock_command(
+            _pull_request: Mock,
+            command: str,
+            _reviewed_user: str,
+            _issue_comment_id: int,
+        ) -> None:

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1d352d0 and 5f2e7fe.

📒 Files selected for processing (1)

• webhook_server/tests/test_issue_comment_handler.py

🧰 Additional context used

📓 Path-based instructions (2)

webhook_server/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

webhook_server/**/*.py: Server fails-fast on startup if critical dependencies are missing - required parameters in __init__() are ALWAYS provided and checking for None on required parameters is pure overhead
Defensive checks in destructors (__del__) should use hasattr() to check for attributes that may not exist if initialization failed
Defensive checks are acceptable for optional parameters that explicitly allow None (parameter type includes | None or Optional)
Defensive checks are acceptable for lazy initialization - attribute explicitly starts as None with type annotation attr: SomeType | None = None
Use hasattr() checks only for platform constants that may not exist on all platforms (e.g., os.O_NOFOLLOW)
Do NOT use hasattr() checks for required parameters in __init__() - if config is required, access it directly without defensive checks
Do NOT use hasattr() checks for library versions we control in pyproject.toml (PyGithub >=2.4.0, gql >=3.5.0) - call methods directly
Use isinstance() for type discrimination instead of hasattr() checks
Never return fake defaults (empty strings, zeros, False, None, empty collections) to hide missing data - fail-fast with ValueError or KeyError exceptions
PyGithub is synchronous/blocking - MUST wrap ALL method calls and property accesses with asyncio.to_thread() to avoid blocking the event loop
When accessing PyGithub properties that may trigger API calls, wrap in asyncio.to_thread(lambda: obj.property) instead of direct access
When iterating PyGithub PaginatedList, wrap iteration in asyncio.to_thread(lambda: list(...)) to avoid blocking
Use asyncio.gather() for concurrent PyGithub operations to maximize performance
All imports must be at the top of files - no imports in functions or try/except blocks, except TYPE_CHECKING imports can be conditional
Complete type hints are mandatory - use mypy strict mode with full type annotations on function parameters and return types
Use logger.exception() for autom...

Files:

• webhook_server/tests/test_issue_comment_handler.py

webhook_server/tests/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

webhook_server/tests/**/*.py: Code coverage must be 90% or higher - new code without tests fails CI
Test files should use AsyncMock, Mock, and patch for mocking - use TEST_GITHUB_TOKEN constant for test tokens
Test coverage is required for new handlers - create handler tests in webhook_server/tests/test_*_handler.py

Files:

• webhook_server/tests/test_issue_comment_handler.py

🧠 Learnings (8)

📚 Learning: 2026-01-05T14:43:44.055Z

Learnt from: CR
Repo: myk-org/github-webhook-server PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-05T14:43:44.055Z
Learning: Applies to webhook_server/tests/**/*.py : Test coverage is required for new handlers - create handler tests in `webhook_server/tests/test_*_handler.py`

Applied to files:

• webhook_server/tests/test_issue_comment_handler.py

📚 Learning: 2026-01-05T14:43:44.055Z

Learnt from: CR
Repo: myk-org/github-webhook-server PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-05T14:43:44.055Z
Learning: Applies to webhook_server/tests/**/*.py : Test files should use AsyncMock, Mock, and patch for mocking - use TEST_GITHUB_TOKEN constant for test tokens

Applied to files:

• webhook_server/tests/test_issue_comment_handler.py

📚 Learning: 2026-01-05T14:43:44.055Z

Learnt from: CR
Repo: myk-org/github-webhook-server PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-05T14:43:44.055Z
Learning: Applies to webhook_server/tests/**/*.py : Code coverage must be 90% or higher - new code without tests fails CI

Applied to files:

• webhook_server/tests/test_issue_comment_handler.py

📚 Learning: 2026-01-05T14:43:44.055Z

Learnt from: CR
Repo: myk-org/github-webhook-server PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-05T14:43:44.055Z
Learning: Applies to webhook_server/config/schema.yaml : Configuration schema changes should be tested with `uv run pytest webhook_server/tests/test_config_schema.py -v`

Applied to files:

• webhook_server/tests/test_issue_comment_handler.py

📚 Learning: 2025-05-13T12:06:27.297Z

Learnt from: myakove
Repo: myk-org/github-webhook-server PR: 778
File: webhook_server/libs/pull_request_handler.py:327-330
Timestamp: 2025-05-13T12:06:27.297Z
Learning: In the GitHub webhook server, synchronous GitHub API calls (like create_issue_comment, add_to_assignees, etc.) in async methods should be awaited using asyncio.to_thread or loop.run_in_executor to prevent blocking the event loop.

Applied to files:

• webhook_server/tests/test_issue_comment_handler.py

📚 Learning: 2024-10-08T09:19:56.185Z

Learnt from: myakove
Repo: myk-org/github-webhook-server PR: 586
File: webhook_server_container/libs/github_api.py:1947-1956
Timestamp: 2024-10-08T09:19:56.185Z
Learning: In `webhook_server_container/libs/github_api.py`, the indentation style used in the `set_pull_request_automerge` method is acceptable as per the project's coding standards.

Applied to files:

• webhook_server/tests/test_issue_comment_handler.py

📚 Learning: 2024-10-29T08:09:57.157Z

Learnt from: myakove
Repo: myk-org/github-webhook-server PR: 612
File: webhook_server_container/libs/github_api.py:2089-2100
Timestamp: 2024-10-29T08:09:57.157Z
Learning: In `webhook_server_container/libs/github_api.py`, when the function `_keep_approved_by_approvers_after_rebase` is called, existing approval labels have already been cleared after pushing new changes, so there's no need to check for existing approvals within this function.

Applied to files:

• webhook_server/tests/test_issue_comment_handler.py

📚 Learning: 2025-12-29T13:09:56.231Z

Learnt from: rnetser
Repo: myk-org/github-webhook-server PR: 959
File: webhook_server/libs/handlers/pull_request_handler.py:887-887
Timestamp: 2025-12-29T13:09:56.231Z
Learning: In the myk-org/github-webhook-server repository, logging statements in the webhook_server codebase should use f-strings for interpolation. Do not suggest changing to lazy formatting with % (e.g., logger.debug('msg %s', var)) since that is an established style choice. When adding new log statements, prefer f"...{var}..." for readability and performance, and avoid string concatenation or format-style logging unless the project explicitly adopts a different convention.

Applied to files:

• webhook_server/tests/test_issue_comment_handler.py

🧬 Code graph analysis (1)

webhook_server/tests/test_issue_comment_handler.py (3)

webhook_server/libs/config.py (1)

• get_value (132-153)

webhook_server/libs/handlers/issue_comment_handler.py (2)

• IssueCommentHandler (46-508)
• user_commands (150-341)

webhook_server/utils/constants.py (1)

• REACTIONS (129-137)

🪛 Ruff (0.14.11)

webhook_server/tests/test_issue_comment_handler.py

148-148: Unused function argument: pull_request

(ARG001)

---

150-150: Unused function argument: reviewed_user

(ARG001)

---

151-151: Unused function argument: issue_comment_id

(ARG001)

🔇 Additional comments (10)

webhook_server/tests/test_issue_comment_handler.py (10)

45-47: LOW: Draft-PR config mock keeps tests deterministic.
Centralizing config.get_value in the fixture reduces per-test setup and prevents drift in draft-PR gating behavior.

---

72-76: LOW: Comment-processing test signatures are now consistent.
Adding self explicitly aligns with class-based pytest conventions and keeps the suite uniform.

Also applies to: 85-88, 97-100, 118-121

---

230-234: LOW: user_commands path coverage with keyword-arg calls looks solid.
Keyword-arg expectations and consolidated patch contexts make intent clearer and align with handler signatures.

Also applies to: 274-289, 296-311, 318-333, 340-359, 375-378, 386-407

---

432-449: LOW: Label/title edge-case coverage is thorough.
The WIP/HOLD/VERIFIED tests now cover idempotency and prefix edge cases, which are the common sources of regressions.

Also applies to: 457-476, 484-503, 511-530, 538-557, 584-599, 610-625, 632-653, 660-681

---

691-699: LOW: Async mocks and keyword-arg assertions are clean here.
Nice alignment with handler signatures and async behavior in label/reviewer helper tests.

Also applies to: 718-720, 735-736, 741-744

---

760-762: LOW: Cherry-pick tests now validate multi-branch behavior.
Asserting per-branch runner calls and labels gives confidence in fan‑out logic.

Also applies to: 771-779, 787-789, 810-831, 835-885

---

899-902: LOW: Retest scenarios and permission gating are well covered.
Good coverage for “all”, unsupported tests, and user validation paths.

Also applies to: 906-909, 928-935, 948-951, 973-987, 990-1010

---

1013-1016: LOW: Reprocess command coverage is comprehensive.
Registration, authorization, and reaction side effects are all explicitly asserted.

Also applies to: 1029-1032, 1049-1081, 1088-1120, 1127-1150, 1173-1176

---

1179-1202: LOW: Regenerate‑welcome tests align with the new handler signature.
Explicit reaction assertions and “args ignored” paths look good.

Also applies to: 1205-1226, 1228-1253

---

1254-1280: LOW: Draft‑PR allow‑list scenarios are covered end‑to‑end.
Blocked, allowed, empty‑list, and non‑draft behaviors are all exercised and match the config semantics.

Also applies to: 1282-1307, 1310-1338, 1340-1364

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

webhook_server/tests/test_issue_comment_handler.py (1)

144-189: LOW: Use a monotonic clock for concurrency timing assertions.

Wall‑clock time can jump under NTP/VM adjustments and make timing-based tests flaky; time.perf_counter() is monotonic and purpose-built for duration checks. Also, using min/max avoids any ordering assumptions in the event list.

Suggested update

-            start_time = time.time()
+            start_time = time.perf_counter()
             execution_events.append((command, "start", start_time))
@@
-                execution_events.append((command, "error", time.time()))
+                execution_events.append((command, "error", time.perf_counter()))
                 raise ValueError(f"Simulated error in {command}")
 
-            execution_events.append((command, "end", time.time()))
+            execution_events.append((command, "end", time.perf_counter()))
@@
-            start = time.time()
+            start = time.perf_counter()
             with pytest.raises(RuntimeError, match="Command /approved failed"):
                 await issue_comment_handler.process_comment_webhook_data(Mock())
-            total_duration = time.time() - start
+            total_duration = time.perf_counter() - start
@@
-            first_start = start_events[0][2]
-            last_start = start_events[-1][2]
-            start_time_spread = last_start - first_start
+            start_times = [e[2] for e in start_events]
+            start_time_spread = max(start_times) - min(start_times)

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5f2e7fe and c8c71fb.

📒 Files selected for processing (1)

• webhook_server/tests/test_issue_comment_handler.py

🧰 Additional context used

📓 Path-based instructions (2)

webhook_server/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

webhook_server/**/*.py: Server fails-fast on startup if critical dependencies are missing - required parameters in __init__() are ALWAYS provided and checking for None on required parameters is pure overhead
Defensive checks in destructors (__del__) should use hasattr() to check for attributes that may not exist if initialization failed
Defensive checks are acceptable for optional parameters that explicitly allow None (parameter type includes | None or Optional)
Defensive checks are acceptable for lazy initialization - attribute explicitly starts as None with type annotation attr: SomeType | None = None
Use hasattr() checks only for platform constants that may not exist on all platforms (e.g., os.O_NOFOLLOW)
Do NOT use hasattr() checks for required parameters in __init__() - if config is required, access it directly without defensive checks
Do NOT use hasattr() checks for library versions we control in pyproject.toml (PyGithub >=2.4.0, gql >=3.5.0) - call methods directly
Use isinstance() for type discrimination instead of hasattr() checks
Never return fake defaults (empty strings, zeros, False, None, empty collections) to hide missing data - fail-fast with ValueError or KeyError exceptions
PyGithub is synchronous/blocking - MUST wrap ALL method calls and property accesses with asyncio.to_thread() to avoid blocking the event loop
When accessing PyGithub properties that may trigger API calls, wrap in asyncio.to_thread(lambda: obj.property) instead of direct access
When iterating PyGithub PaginatedList, wrap iteration in asyncio.to_thread(lambda: list(...)) to avoid blocking
Use asyncio.gather() for concurrent PyGithub operations to maximize performance
All imports must be at the top of files - no imports in functions or try/except blocks, except TYPE_CHECKING imports can be conditional
Complete type hints are mandatory - use mypy strict mode with full type annotations on function parameters and return types
Use logger.exception() for autom...

Files:

• webhook_server/tests/test_issue_comment_handler.py

webhook_server/tests/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

webhook_server/tests/**/*.py: Code coverage must be 90% or higher - new code without tests fails CI
Test files should use AsyncMock, Mock, and patch for mocking - use TEST_GITHUB_TOKEN constant for test tokens
Test coverage is required for new handlers - create handler tests in webhook_server/tests/test_*_handler.py

Files:

• webhook_server/tests/test_issue_comment_handler.py

🧠 Learnings (6)

📚 Learning: 2026-01-05T14:43:44.055Z

Learnt from: CR
Repo: myk-org/github-webhook-server PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-05T14:43:44.055Z
Learning: Applies to webhook_server/tests/**/*.py : Test coverage is required for new handlers - create handler tests in `webhook_server/tests/test_*_handler.py`

Applied to files:

• webhook_server/tests/test_issue_comment_handler.py

📚 Learning: 2026-01-05T14:43:44.055Z

Learnt from: CR
Repo: myk-org/github-webhook-server PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-05T14:43:44.055Z
Learning: Applies to webhook_server/tests/**/*.py : Test files should use AsyncMock, Mock, and patch for mocking - use TEST_GITHUB_TOKEN constant for test tokens

Applied to files:

• webhook_server/tests/test_issue_comment_handler.py

📚 Learning: 2025-05-13T12:06:27.297Z

Learnt from: myakove
Repo: myk-org/github-webhook-server PR: 778
File: webhook_server/libs/pull_request_handler.py:327-330
Timestamp: 2025-05-13T12:06:27.297Z
Learning: In the GitHub webhook server, synchronous GitHub API calls (like create_issue_comment, add_to_assignees, etc.) in async methods should be awaited using asyncio.to_thread or loop.run_in_executor to prevent blocking the event loop.

Applied to files:

• webhook_server/tests/test_issue_comment_handler.py

📚 Learning: 2024-10-08T09:19:56.185Z

Learnt from: myakove
Repo: myk-org/github-webhook-server PR: 586
File: webhook_server_container/libs/github_api.py:1947-1956
Timestamp: 2024-10-08T09:19:56.185Z
Learning: In `webhook_server_container/libs/github_api.py`, the indentation style used in the `set_pull_request_automerge` method is acceptable as per the project's coding standards.

Applied to files:

• webhook_server/tests/test_issue_comment_handler.py

📚 Learning: 2024-10-29T08:09:57.157Z

Learnt from: myakove
Repo: myk-org/github-webhook-server PR: 612
File: webhook_server_container/libs/github_api.py:2089-2100
Timestamp: 2024-10-29T08:09:57.157Z
Learning: In `webhook_server_container/libs/github_api.py`, when the function `_keep_approved_by_approvers_after_rebase` is called, existing approval labels have already been cleared after pushing new changes, so there's no need to check for existing approvals within this function.

Applied to files:

• webhook_server/tests/test_issue_comment_handler.py

📚 Learning: 2025-12-29T13:09:56.231Z

Learnt from: rnetser
Repo: myk-org/github-webhook-server PR: 959
File: webhook_server/libs/handlers/pull_request_handler.py:887-887
Timestamp: 2025-12-29T13:09:56.231Z
Learning: In the myk-org/github-webhook-server repository, logging statements in the webhook_server codebase should use f-strings for interpolation. Do not suggest changing to lazy formatting with % (e.g., logger.debug('msg %s', var)) since that is an established style choice. When adding new log statements, prefer f"...{var}..." for readability and performance, and avoid string concatenation or format-style logging unless the project explicitly adopts a different convention.

Applied to files:

• webhook_server/tests/test_issue_comment_handler.py

🔇 Additional comments (11)

webhook_server/tests/test_issue_comment_handler.py (11)

45-47: LOW: Draft‑PR config mock wiring looks correct.

Defaulting config.get_value to None preserves the “blocked by default” path, which makes the fixture a stable baseline for the new draft‑PR tests.

---

72-121: LOW: Updated pytest method signatures are consistent.

Adding self explicitly across these class-based tests keeps typing and pytest expectations aligned.

---

279-413: LOW: Command handler test updates look solid.

The consolidated patch context managers and explicit call assertions make these command-path tests clearer and more maintainable.

---

432-563: LOW: WIP add/remove/idempotency cases are well covered.

Nice coverage of prefix edge cases and no-op behavior.

---

565-687: LOW: Hold/verified command paths are validated cleanly.

The tests exercise both add/remove flows and expected reactions in a straightforward way.

---

688-762: LOW: Custom label/reaction/reviewer tests align with handler contracts.

Assertions are updated to match the current handler signatures and behaviors.

---

764-896: LOW: Cherry‑pick branch coverage is thorough.

The multi‑branch assertions make the labeling and cherry‑pick behavior unambiguous.

---

897-1016: LOW: Retest error/permission paths are well exercised.

Good coverage for invalid users, unsupported tests, and task exceptions.

---

1017-1182: LOW: Reprocess command coverage looks comprehensive.

The tests validate authorization behavior and reaction posting clearly.

---

1183-1257: LOW: Regenerate‑welcome command tests look good.

Nice to see the registration and reaction behavior asserted.

---

1259-1369: LOW: Draft‑PR allow‑list scenarios are well covered.

Blocked, allowed, empty‑list (allow‑all), and non‑draft cases are all exercised.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@webhook_server/libs/handlers/issue_comment_handler.py`:
- Around line 168-185: The draft-PR command check currently treats non-list or
missing allow-commands-on-draft-prs as "no restriction" and thus allows commands
— change it so only a proper list is accepted and any missing/mistyped value
blocks commands: fetch allow_commands_on_draft via
github_webhook.config.get_value, if it is None treat as "no commands allowed on
drafts" and post a comment via pull_request.create_issue_comment rejecting the
command; if it exists but is not a list, log a warning with
self.logger.debug/self.log_prefix and likewise post a rejection comment telling
admins to set a list; only when allow_commands_on_draft is a list should you
sanitize entries to strings and apply the current membership check against
_command (with the existing early return when not allowed).

[myakove]

@cursor review

[cursor]

Skipping Bugbot: Bugbot is disabled for this repository

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@webhook_server/config/schema.yaml`:
- Around line 344-352: Add schema validation tests for the new
allow-commands-on-draft-prs property in webhook_server/config/schema.yaml by
updating webhook_server/tests/test_config_schema.py: add cases to the
valid_full_config fixture and/or new test functions that assert the schema
accepts a valid array of strings for allow-commands-on-draft-prs, accepts an
empty array (meaning “all commands allowed”), accepts omission of the property
(default behavior), and rejects invalid types (e.g., non-array values). Run and
verify with uv run pytest webhook_server/tests/test_config_schema.py -v to
ensure the validator enforces array typing and the described semantics for
allow-commands-on-draft-prs.

In `@webhook_server/libs/handlers/issue_comment_handler.py`:
- Around line 168-185: The handler fetches allow_commands_on_draft via
self.github_webhook.config.get_value and then assumes it's a list; add a
one-line guard after that call to handle a None value (e.g., if
allow_commands_on_draft is None: return) so the draft-PR command check in
issue_comment_handler.py (around is_draft, allow_commands_on_draft, _command and
pull_request.create_issue_comment) does not accidentally allow commands when the
config is missing.

[myakove-bot]

New container for ghcr.io/myk-org/github-webhook-server:latest published