feat(code-review): resolve addressed threads

[alex-alecu]

Summary

Incremental GitHub reviews can now find earlier Kilo review threads and resolve them when new commits fully fix the issue. Before resolving anything, the review checks that the thread belongs to Kilo, the changed file includes the fix, and the pull request still points to the same commit. Standard GitHub reviews and GitLab reviews keep their existing behavior.

Verification

1. Run an incremental GitHub review on a pull request with an unresolved Kilo comment and a new commit that fully fixes it.
2. Confirm the addressed thread is resolved before the final review summary is updated.
3. Confirm unresolved, outdated, multi-comment, unchanged-file, and non-Kilo threads stay open.
4. Run a standard GitHub review and an incremental GitLab review and confirm neither receives thread-resolution instructions.

Visual Changes

N/A

Reviewer Notes

The GitHub mutations run directly from the review agent through its existing installation token. Resolution is prompt-governed, checks only the first 100 review threads, and may partially complete if a later mutation fails.

[kilo-code-bot]

Code Review Summary

Status: 1 Issue Found | Recommendation: Address before merge

Overview

Severity	Count
CRITICAL	1
WARNING	0
SUGGESTION	0

Issue Details (click to expand)

CRITICAL

File	Line	Issue
services/cloud-agent-next/src/session-service.ts	159	The new gh api graphql allowlist still uses glob wildcards, so it can still be bypassed to run arbitrary GraphQL mutations in a read-only review session.

Other Observations (not in diff)

None.

Files Reviewed (2 files)

• services/cloud-agent-next/src/session-service.ts - 1 issue
• services/cloud-agent-next/src/session-service.test.ts - 0 issues

Previous Review Summary (commit f899db7)

Current summary above is authoritative. Previous snapshots are kept for context only.

Previous review (commit f899db7)

Status: 1 Issue Found | Recommendation: Address before merge

Overview

Severity	Count
CRITICAL	1
WARNING	0
SUGGESTION	0

Issue Details (click to expand)

CRITICAL

File	Line	Issue
services/cloud-agent-next/src/session-service.ts	135	Allowing gh api graphql opens arbitrary GitHub GraphQL mutations in read-only review sessions.

Files Reviewed (4 files)

• apps/web/src/lib/code-reviews/prompts/generate-prompt.ts - 0 issues
• apps/web/src/lib/code-reviews/prompts/generate-prompt.test.ts - 0 issues
• services/cloud-agent-next/src/session-service.ts - 1 issue
• services/cloud-agent-next/src/session-service.test.ts - 0 issues

---

_{Reviewed by gpt-5.4-20260305 · 990,154 tokens}

_{Review guidance: REVIEW.md from base branch main}

[kilo-code-bot]

CRITICAL: The new gh api graphql allowlist is still bypassable

These entries are still glob patterns over the raw shell command, not argument-aware exact matches. Because the placeholders like owner=* and threadId=* can absorb spaces and shell metacharacters, a review agent can smuggle extra gh api graphql flags or a second command before the required literal suffix and still satisfy this rule. That reopens arbitrary GitHub GraphQL mutations in a session that is supposed to stay read-only.

---

Reply with @kilocode-bot fix it to have Kilo Code address this issue.