feat(commands): let a PR's own author use chat when rate limiting is active#5087
Merged
Merged
Conversation
…active @gittensory chat was maintainer/collaborator-only, silently denying the PR's own author with no reply. Widens chat's default roles to include pr_author, but gates the grant on commandRateLimitPolicy being "hold" for the repo -- enforced in evaluateCommandAuthorization, not just by operator convention, so a deployment that hasn't turned on rate limiting never grants contributor chat access regardless of what chat's configured roles say. Also fixes normalizeCommandRoleList's clamp so a maintainer's yml restatement of chat's own default (now including pr_author) isn't silently mangled, while every other maintainer-only command is unaffected. Closes #5084
Contributor
|
Superagent didn't find any vulnerabilities or security issues in this PR. |
Deploying with
|
| Status | Name | Latest Commit | Preview URL | Updated (UTC) |
|---|---|---|---|---|
| ✅ Deployment successful! View logs |
gittensory-ui | 0dd36ee | Commit Preview URL Branch Preview URL |
Jul 11 2026, 02:08 PM |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #5087 +/- ##
=======================================
Coverage 94.20% 94.20%
=======================================
Files 470 470
Lines 39722 39732 +10
Branches 14493 14497 +4
=======================================
+ Hits 37421 37431 +10
Misses 1645 1645
Partials 656 656
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
@gittensory chat's default authorization from maintainer/collaborator-only to also includepr_author-- scoped to a PR's own author asking about their own PR, never an arbitrary commenter on someone else's.commandRateLimitPolicybeing"hold"for the repo, enforced inevaluateCommandAuthorization(not just by operator convention): apr_authormatch onchatonly counts as authorized when rate limiting is actually active, so a deployment that hasn't turned on rate limiting stays exactly as conservative as today no matter whatchat's configured roles say. This mirrors the existingchatQa/intentRoutingOpenAPI field docs, which already documentcommandRateLimitPolicy: holdas a co-requisite -- this PR is the same pattern applied to authorization, not a new one.maybeThrottleGittensoryCommand) already fits this: keyed by(actor, command, repo#PR), not a shared bucket, and already applies the tighter AI-cost ceiling tochat.normalizeCommandRoleList's clamp so a maintainer's.gittensory.ymlrestatement ofchat's own default (now includingpr_author) isn't silently mangled, while every other maintainer-only command (generate-tests,pause, etc.) is completely unaffected --pr_authorstill cannot be added to them via override.packages/gittensory-engine/src/settings/command-authorization.tsto keeptest:engine-paritygreen.Closes #5084
Test plan
npm run typechecknpm run test:coverage(14366 passed, 0 failed; zero uncovered lines/branches in every touched file)npm run command-reference:check/npm run docs:drift-checkisAuthorizedCommandActorpass-throughqueue-5.test.ts: a real contributor (no maintainer/collaborator role) reacheschaton their own PR whencommandRateLimitPolicy: holdis set, and is silently denied (matching every other unauthorized command) when it isn't