fix(commands): authorize intent routing before AI classification#5107
Conversation
|
Superagent didn't find any vulnerabilities or security issues in this PR. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #5107 +/- ##
=======================================
Coverage 94.33% 94.34%
=======================================
Files 473 473
Lines 39930 39936 +6
Branches 14559 14562 +3
=======================================
+ Hits 37669 37676 +7
Misses 1585 1585
+ Partials 676 675 -1
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
|
Caution 🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥 🛑 Gittensory review result - fixes requiredReview updated: 2026-07-12 08:35:23 UTC
🛑 Suggested Action - Manual Review
Review summary Blockers
Nits — 5 non-blocking
Why this is blocked
CI checks failing
Review context
Contributor next steps
Signal definitions
[BETA] Chat with GittensoryAsk Gittensory a question about this PR directly in a comment — grounded only in the same cached, public-safe facts shown above, never a new claim.
Full command reference: https://gittensory.aethereal.dev/docs/gittensory-commands 🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed 💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →. Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.
|
Requires the commenter be authorized for at least one INTENT_ROUTABLE_COMMANDS entry before calling classifyGittensoryIntent (a cost-bearing local-AI call), and changes maybeThrottleIntentRouting to treat commandRateLimitPolicy === "off" as throttled (blocking) instead of not-throttled (previously allowing unmetered spend when a repo hasn't configured rate limiting at all). Adds regression coverage for the policy-off fail path, the confirmed-miner own-PR authorization path, and the pullRequestAuthor null fallback when neither the cached PR row nor the webhook issue carry a user login.
0961058 to
b4e9f69
Compare
Motivation
env.AI_ADVISORY.runbefore command authorization and per-actor throttling.advisoryAiRouting.intentRoutingalone cannot create an unmetered cost-bearing surface whencommandRateLimitPolicyis leftoff.Description
INTENT_ROUTABLE_COMMANDSentry before calling the intent classifier by checkingisAuthorizedCommandActorover that closed set and only invokingmaybeThrottleIntentRouting/classifyGittensoryIntentwhen authorized.commandRateLimitPolicyisoff(makemaybeThrottleIntentRoutingreturntruefor theoffpolicy) so intent routing does not bypass rate-limit billing.official) result and delay duplicate miner checks so the later real authorization step can reuse the same value rather than re-fetching.test/unit/queue-5.test.tsto include a regression test that an unauthorized commenter does not callAI_ADVISORY.run, enable the hold policy where needed, and extend the mention payload helper to allow custom commenter logins.Testing
npx vitest run test/unit/queue-5.test.ts -t "unauthorized commenters cannot spend" --reporter=verboseand it passed.npx tsc --noEmit --pretty falsewhich succeeded.git diff --check(no problems reported).Codex Task