fix PR comments

Usage.md

@@ -450,4 +450,6 @@ For webhook security, configure the webhook username and password on both the se
 [azuredevops_server]
 webhook_username = "<basic auth user>"
 webhook_password = "<basic auth password>"
-```
+```
+> :warning: **Ensure that the webhook endpoint is only accessible over HTTPS** to mitigate the risk of credential interception when using basic authentication.
+

pr_agent/git_providers/azuredevops_provider.py

@@ -326,7 +326,8 @@ class AzureDevopsProvider(GitProvider):
 
     def publish_description(self, pr_title: str, pr_body: str):
         if len(pr_body) > MEX_PR_DESCRIPTION_LENGTH:
-            pr_body = pr_body[:MEX_PR_DESCRIPTION_LENGTH]
+            trunction_message = " ... (description truncated due to length limit)" 
+            pr_body = pr_body[:MEX_PR_DESCRIPTION_LENGTH - len(trunction_message)] + trunction_message
             get_logger().warning(
                 "PR description exceeds the maximum character limit of 4000. Truncating the description."
             )

pr_agent/servers/azuredevops_server_webhook.py

@@ -91,6 +91,7 @@ async def handle_webhook(background_tasks: BackgroundTasks, request: Request):
         )
 
 # currently only basic auth is supported with azure webhooks
+# for this reason, https must be enabled to ensure the credentials are not sent in clear text
 def validate_basic_auth(request: Request):
     auth = request.headers.get("Authorization")
     if not auth: