Skip to content

Features #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
AndreiDrang merged 3 commits into from
Feb 24, 2026
Merged

Features #7

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
643c59f
fix(auth): allow repo owner and collaborators to run commands on PR c…
Feb 24, 2026
1ea27f4
build: rebuild dist with isReviewComment: false fix for issue comments
Feb 24, 2026
4545acd
fix(api): improve error message extraction from API responses
Feb 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 21 additions & 7 deletions dist/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31714,24 +31714,38 @@ async function checkForkAuthorization(octokit, context, commenter) {
};
}

// Allow repository owner to use commands on any PR (including Dependabot PRs)
// Allow repository owner, admin, or maintainer to use commands on any PR (including Dependabot PRs)
const repoOwner = context?.repo?.owner;

// First check: is this user the repo owner?
if (repoOwner && commenter.login === repoOwner) {
return {
authorized: true,
reason: 'repo_owner',
};
}

// Check collaborator permission (admin, maintain, write, or read)
// This handles the case where repo owner wasn't detected but user has admin/maintainer perms
const authResult = await checkAuthorization(octokit, context, commenter);

// If not authorized on fork PR, silent block
if (!authResult.authorized) {
// If authorized (any permission level including admin/maintainer), allow
if (authResult.authorized) {
return {
authorized: true,
reason: authResult.reason || 'collaborator',
};
}

// For fork PRs from non-collaborators, silent block per SECURITY.md
if (isFork) {
return {
authorized: false,
reason: null, // Silent block for fork PRs
reason: null, // Silent block
};
}

// For non-fork PRs, return the authorization result (will show error to user)
return authResult;
}

Expand Down Expand Up @@ -40386,7 +40400,7 @@ async function handleIssueCommentEvent(context, apiKey, model, owner, repo) {
pullNumber,
guidance,
GUIDANCE_MARKER,
{ replyToId: commentId, updateExisting: false, isReviewComment: true, pullNumber }
{ replyToId: commentId, updateExisting: false, isReviewComment: false, pullNumber }
);
core.info(`Posted guidance comment for error: ${errorType}`);

Expand Down Expand Up @@ -40427,7 +40441,7 @@ async function handleIssueCommentEvent(context, apiKey, model, owner, repo) {
pullNumber,
getUnauthorizedMessage(),
AUTH_MARKER,
{ replyToId: commentId, updateExisting: false, isReviewComment: true, pullNumber }
{ replyToId: commentId, updateExisting: false, isReviewComment: false, pullNumber }
);

if (commentId) {
Expand Down Expand Up @@ -40462,7 +40476,7 @@ async function handleIssueCommentEvent(context, apiKey, model, owner, repo) {
pullNumber,
`🤖 Reviewing \`/zai ${parseResult.command}\`...\n\n${PROGRESS_MARKER}`,
PROGRESS_MARKER,
{ replyToId: commentId, updateExisting: false, isReviewComment: true, pullNumber }
{ replyToId: commentId, updateExisting: false, isReviewComment: false, pullNumber }
);

core.info(`Authorized command from collaborator: ${commenter.login}`);
Expand Down
6 changes: 3 additions & 3 deletions src/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -236,7 +236,7 @@ async function handleIssueCommentEvent(context, apiKey, model, owner, repo) {
pullNumber,
guidance,
GUIDANCE_MARKER,
{ replyToId: commentId, updateExisting: false, isReviewComment: true, pullNumber }
{ replyToId: commentId, updateExisting: false, isReviewComment: false, pullNumber }

@AndreiDrang AndreiDrang Feb 24, 2026

Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/zai explain

@github-actions github-actions Bot Feb 24, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Error: Failed to get explanation

);
core.info(`Posted guidance comment for error: ${errorType}`);

Expand Down Expand Up @@ -277,7 +277,7 @@ async function handleIssueCommentEvent(context, apiKey, model, owner, repo) {
pullNumber,
getUnauthorizedMessage(),
AUTH_MARKER,
{ replyToId: commentId, updateExisting: false, isReviewComment: true, pullNumber }
{ replyToId: commentId, updateExisting: false, isReviewComment: false, pullNumber }
);

if (commentId) {
Expand Down Expand Up @@ -312,7 +312,7 @@ async function handleIssueCommentEvent(context, apiKey, model, owner, repo) {
pullNumber,
`🤖 Reviewing \`/zai ${parseResult.command}\`...\n\n${PROGRESS_MARKER}`,
PROGRESS_MARKER,
{ replyToId: commentId, updateExisting: false, isReviewComment: true, pullNumber }
{ replyToId: commentId, updateExisting: false, isReviewComment: false, pullNumber }
);

core.info(`Authorized command from collaborator: ${commenter.login}`);
Expand Down
22 changes: 18 additions & 4 deletions src/lib/auth.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,24 +175,38 @@ async function checkForkAuthorization(octokit, context, commenter) {
};
}

// Allow repository owner to use commands on any PR (including Dependabot PRs)
// Allow repository owner, admin, or maintainer to use commands on any PR (including Dependabot PRs)
const repoOwner = context?.repo?.owner;

// First check: is this user the repo owner?
if (repoOwner && commenter.login === repoOwner) {
return {
authorized: true,
reason: 'repo_owner',
};
}

// Check collaborator permission (admin, maintain, write, or read)
// This handles the case where repo owner wasn't detected but user has admin/maintainer perms
const authResult = await checkAuthorization(octokit, context, commenter);

// If not authorized on fork PR, silent block
if (!authResult.authorized) {
// If authorized (any permission level including admin/maintainer), allow
if (authResult.authorized) {
return {
authorized: true,
reason: authResult.reason || 'collaborator',
};
}

// For fork PRs from non-collaborators, silent block per SECURITY.md
if (isFork) {
return {
authorized: false,
reason: null, // Silent block for fork PRs
reason: null, // Silent block
};
}

// For non-fork PRs, return the authorization result (will show error to user)
return authResult;
}

Expand Down
Loading