Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@app-modules/integration-github/src/Backfill/BackfillRepository.php`:
- Around line 110-113: In backfillIssueComments, comments coming from PR
conversations are being attributed as issues because the call to upsert always
uses $this->refFromUrl($this->strv($comment, 'issue_url'), 'issue') and metadata
'kind' => 'issue'; change the logic to check $this->strv($comment,
'pull_request_url') first and if present use
$this->refFromUrl($this->strv($comment, 'pull_request_url'), 'pull_request')
(and set metadata 'kind' => 'pull_request'), otherwise fall back to using
'issue' with issue_url; update the upsert call in backfillIssueComments to pass
the chosen ref and kind while keeping other helpers ($this->strv, $this->userId,
$this->isBot, and ContributionType::Comment) unchanged.

In `@app-modules/integration-github/src/Console/BackfillGithubCommand.php`:
- Around line 52-59: The command currently logs per-repository exceptions in
BackfillGithubCommand (catch blocks using $exception and $throwable) but always
exits with success; modify the execute/handle flow to return a failure exit code
when any repository fails: introduce a boolean flag (e.g., $hadFailures =
false), set it to true inside both catch blocks where you call
$this->error(...), and after processing all repositories return
Symfony\Component\Console\Command\Command::FAILURE if $hadFailures is true
(otherwise return Command::SUCCESS). This ensures non-rate-limit errors cause
the command to exit with a non-zero status.

In `@app-modules/integration-github/src/Contributions/RecordContribution.php`:
- Around line 44-46: The handler currently dispatches GithubContributionRecorded
whenever $emit is true even for updates; change the emit condition to only fire
for newly-created contributions by checking the model creation flag returned by
updateOrCreate—use the returned $contribution->wasRecentlyCreated (or detect
creation before calling updateOrCreate) and only call event(new
GithubContributionRecorded($contribution)) when that flag is true to prevent
re-emitting on edits/replays.
- Around line 33-42: The event dispatch currently emits for both creates and
updates because you call GithubContribution::query()->updateOrCreate(...) and
then unconditionally dispatch when $emit is true; change the logic to only emit
when the model was newly created by checking the returned model's
wasRecentlyCreated property (i.e., after $contribution =
GithubContribution::query()->updateOrCreate(...), only dispatch
GithubContributionRecorded if $emit is true AND
$contribution->wasRecentlyCreated is true) so updates do not double-emit.

In `@app-modules/integration-github/src/Models/GithubContribution.php`:
- Around line 32-63: The GithubContribution model lacks mass-assignment
protection; add an explicit $fillable (or $guarded) property to the
GithubContribution class to whitelist safe attributes (e.g., 'tenant_id',
'type', 'actor_id', 'occurred_at', 'metadata') so calls like create() or
updateOrCreate() cannot set unintended fields; update the class definition near
the existing casts() and newFactory() methods to include the $fillable array (or
set protected $guarded = ['id','created_at','updated_at'] if you prefer a
blacklist approach).

In `@app-modules/integration-github/src/Models/GithubEventLog.php`:
- Around line 23-34: The GithubEventLog model lacks mass-assignment protection;
update the final class GithubEventLog (near the casts() method) to declare
explicit mass-assignment rules by adding either a $fillable array listing
allowed attributes (e.g., 'payload', 'event_type', etc.) or a $guarded array
(e.g., ['id'] or ['*'] as appropriate) to prevent uncontrolled create()/fill()
from assigning unintended attributes; ensure the chosen property is consistent
with other models in the codebase and placed on the class level.

In `@app-modules/integration-github/src/Models/GithubRepository.php`:
- Around line 27-32: The GithubRepository model lacks explicit mass assignment
protection; add either a $fillable array listing permitted attributes (e.g.,
name, owner, url, etc.) or set protected $guarded = [] on the GithubRepository
class to make intent explicit and avoid version-dependent behavior—update the
class definition around the GithubRepository declaration and ensure the chosen
property is declared as protected within the class.

In `@app-modules/integration-github/src/Webhook/GithubWebhookController.php`:
- Around line 19-27: The controller currently reads $event and $delivery and
immediately calls GithubEventLog::query()->firstOrCreate which can persist
invalid dedup keys; update GithubWebhookController to validate the required
GitHub headers ($event from 'X-GitHub-Event' and $delivery from
'X-GitHub-Delivery') before calling GithubEventLog::query()->firstOrCreate: if
$event is empty or $delivery is missing/empty, return an appropriate 4xx
response (or abort) and do not call firstOrCreate; only proceed to create or
dedupe the log when both headers are present and non-empty.

In `@app-modules/integration-github/src/Webhook/VerifyGithubSignature.php`:
- Around line 19-22: The current verification computes an HMAC even when $secret
may be an empty string, allowing forgable signatures; before computing $expected
use the VerifyGithubSignature logic to abort (e.g., abort or throw 403) if
$secret is null/empty/blank, then proceed to compute $expected =
'sha256='.hash_hmac('sha256', $request->getContent(), $secret) and use
hash_equals to compare; ensure the abort path references the same error/response
used for invalid signatures so blank secrets are rejected early.

In `@app-modules/panel-admin/src/Github/Resources/GithubRepositoryResource.php`:
- Around line 61-69: The full_name value must be normalized (lowercased and
trimmed) before persisting so owner/repo casing mismatches don't break
projection/allowlist matching; update the TextInput::make('full_name') form
field to canonicalize state using ->dehydrateStateUsing(fn($state) =>
strtolower(trim((string)$state))) or alternatively implement normalization on
the model (e.g., GithubRepository::setFullNameAttribute) or in
mutateFormDataBeforeSave so saved full_name is always lowercase and trimmed.

In
`@app-modules/portal/resources/views/components/retro/activity-chips.blade.php`:
- Line 11: The view renders $ref['url'] directly into an external href; update
the "activity-chips" Blade component to validate and allowlist URLs before
emitting href: parse the URL (parse_url or filter_var with FILTER_VALIDATE_URL),
ensure the scheme is http or https and the host is in an allowlist (or apply a
safe-host check), and only render href="{{ $ref['url'] }}" when those checks
pass; otherwise omit the href attribute or render a safe fallback; ensure you
still escape the value (e.g., e($url)) when inserting it.

In
`@app-modules/portal/resources/views/components/retro/composition-bar.blade.php`:
- Around line 6-10: The array building in the composition bar uses direct
accesses like $person['prs'], $person['reviews'], $person['issues'],
$person['comments'], and $person['commits'] which will error if a key is
missing; change each count access to use null-coalescing (e.g. $person['prs'] ??
0) so missing keys default to 0 and keep the rest of the array entries (the
color and label fields) unchanged.

In `@app-modules/portal/resources/views/components/retro/deck.blade.php`:
- Around line 64-71: The global `@keydown.window` handler on the component
unconditionally calls $event.preventDefault() for ArrowLeft/Right, which
prevents normal caret/selection behavior when focus is inside form controls;
update the handler in the deck blade so it first checks document.activeElement
(e.g., tagName IN ['INPUT','TEXTAREA','SELECT'] or element.isContentEditable)
and returns early without calling go(...) or preventDefault() if focus is inside
a form control or an editable element, otherwise proceed to call go(active +/-
1) and then preventDefault(); modify the handler surrounding the go and
preventDefault calls to implement this conditional.
- Around line 92-101: The dot and arrow buttons lack accessible names; update
the template x-for button.dot and the nav buttons (class="navbtn") to include
descriptive ARIA attributes: for the dots add a dynamic aria-label like "Go to
slide {i}" and set aria-current (or aria-pressed) when active (use active and i
to compute state) and for the prev/next navbtns add static aria-labels "Previous
slide" and "Next slide" and ensure the :disabled state is reflected with
aria-disabled when appropriate; keep using the existing go(...) handler and the
active/total variables.

In `@app-modules/portal/resources/views/components/retro/filters.blade.php`:
- Around line 37-40: Replace pointer-only spans/divs used as interactive
controls with real interactive elements or make them keyboard-operable: change
the <span class="chip" wire:click="setPreset('...')"> controls to <button
type="button" class="chip" wire:click="setPreset('...')"> for the presets (and
similarly convert other clickable spans/divs in the same file), or if you must
keep non-button elements add role="button" tabindex="0" and a keydown handler
that invokes the same action on Enter/Space. Ensure you update all occurrences
referenced in the comment (the controls that call setPreset via wire:click and
the other clickable chips/toggles) so keyboard users can focus and activate them
and existing styling/ARIA remains intact.

In `@app-modules/portal/resources/views/components/retro/person-card.blade.php`:
- Around line 5-25: The template is reading $person['url'], $person['avatar'],
$person['login'], and $person['total'] directly which will emit warnings if keys
are missing; update person-card.blade.php to defensively access these keys (e.g.
use null-coalescing or data_get) so each usage falls back to a safe default:
href should use ($person['url'] ?? '#'), avatar src should use
($person['avatar'] ?? 'default-avatar.png') and keep the onerror fallback
referencing ($person['login'] ?? 'unknown'), alt should use ($person['login'] ??
'unknown'), and total should default to 0 for the interaction text (use
($person['total'] ?? 0) and apply the singular/plural logic against that value).
Ensure all occurrences of $person['url'], $person['avatar'], $person['login'],
and $person['total'] are updated consistently.

---

Nitpick comments:
In
`@app-modules/integration-github/database/migrations/2026_06_04_000001_create_github_repositories_table.php`:
- Line 15: The migration currently defines the foreign key as
$table->foreignUuid('tenant_id')->constrained('tenants') which leaves delete
behavior as the DB default (RESTRICT); update the migration in
create_github_repositories_table to make the intended behavior explicit: if
repositories should be removed when a tenant is deleted, change the constraint
to use ->cascadeOnDelete() on the tenant_id foreign key, otherwise append
->restrictOnDelete() to document the explicit restrict behavior.

In
`@app-modules/integration-github/database/migrations/2026_06_04_000002_create_github_contributions_table.php`:
- Around line 13-32: The migration for the github_contributions table is missing
a composite index for repo-scoped temporal queries; inside the Schema::create
callback where indexes are added (the closure that defines
'github_contributions'), add a composite index on
['tenant_id','repo','occurred_at'] (e.g.
$table->index(['tenant_id','repo','occurred_at'],
'idx_github_contributions_tenant_repo_time')) next to the existing index calls
so queries with WHERE tenant_id = ? AND repo = ? ORDER BY occurred_at use the
index.

In `@app-modules/integration-github/tests/Feature/GithubContributionTest.php`:
- Around line 39-45: The test creates two GithubContribution records relying on
factory defaults to produce different tenants; make tenant separation explicit
by creating or fetching two distinct tenant entities and passing them into each
factory call (e.g., set a tenant_id or associate a Tenant model) when calling
GithubContribution::factory()->create([...]) so the two creates reference
distinct tenants while keeping repo, type (ContributionType::Pr) and
external_ref the same.

In `@app-modules/integration-github/tests/Feature/GithubRepositoryTest.php`:
- Around line 26-29: The test "permite o mesmo full_name em tenants diferentes"
relies on implicit tenant separation from GithubRepository::factory()->create(),
so make it deterministic by explicitly creating two Tenant instances (e.g.,
$tenantA and $tenantB) and pass/associate each to the repository factory calls
(set tenant_id or use a factory state like forTenant) so the two
GithubRepository::factory()->create([...]) calls create records under different
tenants; update the test to attach the first create to $tenantA and the second
to $tenantB while keeping the same full_name.

In
`@app-modules/portal/resources/views/components/retro/slides/highlights.blade.php`:
- Line 2: The current $stateColor arrow closure uses an array lookup with a
potentially empty string key (defined as $state ?? ''), which is unclear and can
be simplified; update the $stateColor closure (named $stateColor) to use an
explicit match expression or a clear switch-style default so null/unknown states
map to 'var(--st-open)' — e.g. replace the array lookup with match($state) {
'merged' => 'var(--st-merged)', 'open' => 'var(--st-open)', 'closed' =>
'var(--st-closed)', default => 'var(--st-open)' } to make the logic explicit and
avoid null/empty-key access.