Skip to content

[gateway] Correct commit integrity elevation for personal repos on non-default refs#4283

Merged
lpcox merged 3 commits intomainfrom
copilot/fix-commits-integrity-on-non-default-branch
Apr 21, 2026
Merged

[gateway] Correct commit integrity elevation for personal repos on non-default refs#4283
lpcox merged 3 commits intomainfrom
copilot/fix-commits-integrity-on-non-default-branch

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 21, 2026
edited
Loading

list_commits/get_commit on non-default refs could label owner-authored commits in public personal repos as none:* because commit payloads often lack author_association, and collaborator-permission elevation was org-gated. This caused valid commits to be filtered when min-integrity was approved.

  • Integrity elevation path

    • Removed org-only short-circuit in elevate_via_collaborator_permission, so public personal repos can use collaborator-permission fallback the same as org repos.
    • Updated inline docs/comments to reflect the generalized behavior (missing/NONE association handling, not org-specific).

  • Commit owner fast-path

    • In commit_integrity, added a public-repo owner match shortcut:
      • when author.login matches the repo owner segment of owner/repo, integrity is raised to at least writer.
    • This covers the common list_commits shape where author_association is absent.

  • Targeted tests

    • Added coverage for owner-authored commits on public personal repos without author_association, asserting writer-level integrity.
    • Updated collaborator-permission fallback test semantics to match the new non-org behavior.
if !repo_private {
    if let Some((owner, _)) = repo_full_name.split_once('/') {
        if author_login.eq_ignore_ascii_case(owner) {
            integrity = max_integrity(
                repo_full_name,
                integrity,
                writer_integrity(repo_full_name, ctx),
                ctx,
            );
        }
    }
    integrity = elevate_via_collaborator_permission(
        author_login,
        repo_full_name,
        "commit",
        &format!("{}@{}", repo_full_name, short_sha),
        integrity,
        ctx,
    );
}

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • example.com
    • Triggering command: /tmp/go-build2733438357/b509/launcher.test /tmp/go-build2733438357/b509/launcher.test -test.testlogfile=/tmp/go-build2733438357/b509/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true rotocol/go-sdk@v1.5.0/auth/auth.go rotocol/go-sdk@v1.5.0/auth/authorization_code.go x_amd64/vet --gdwarf-5 ternal/wasm/bina-atomic -o x_amd64/vet 6163�� (dns block)
    • Triggering command: /tmp/go-build2946369755/b513/launcher.test /tmp/go-build2946369755/b513/launcher.test -test.testlogfile=/tmp/go-build2946369755/b513/testlog.txt -test.paniconexit0 -test.timeout=10m0s .o .o .o .o .o .o f07e34dca1.build--stateless-rpc lib/rustlib/x86_--helper-status lib/�� lib/rustlib/x86_--verbose lib/rustlib/x86_--no-progress lib/rustlib/x86_REDACTED lib/rustlib/x86_bash lib/rustlib/x86_/usr/bin/runc lib/rustlib/x86_--version lib/rustlib/x86_64-REDACTED-linux-gnu/lib/libstd_detect-b16e5cb5eba3e0fd.rlib (dns block)
  • invalid-host-that-does-not-exist-12345.com
    • Triggering command: /tmp/go-build2733438357/b491/config.test /tmp/go-build2733438357/b491/config.test -test.testlogfile=/tmp/go-build2733438357/b491/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true @v1.1.3/cpu/arm64/arm64.go 6163950/b151/ x_amd64/vet --gdwarf-5 pproxy -o x_amd64/vet 6163�� g_.a GQCceE2Bv x_amd64/vet --gdwarf-5 (dns block)
    • Triggering command: /tmp/go-build2946369755/b495/config.test /tmp/go-build2946369755/b495/config.test -test.testlogfile=/tmp/go-build2946369755/b495/testlog.txt -test.paniconexit0 -test.timeout=10m0s .o .o .o .o .o .o .o .o .o .o .o .o .o .o ndor/bin/as 2R/5XmsTr43ByGyUorigin (dns block)
  • nonexistent.local
    • Triggering command: /tmp/go-build2733438357/b509/launcher.test /tmp/go-build2733438357/b509/launcher.test -test.testlogfile=/tmp/go-build2733438357/b509/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true rotocol/go-sdk@v1.5.0/auth/auth.go rotocol/go-sdk@v1.5.0/auth/authorization_code.go x_amd64/vet --gdwarf-5 ternal/wasm/bina-atomic -o x_amd64/vet 6163�� (dns block)
    • Triggering command: /tmp/go-build2946369755/b513/launcher.test /tmp/go-build2946369755/b513/launcher.test -test.testlogfile=/tmp/go-build2946369755/b513/testlog.txt -test.paniconexit0 -test.timeout=10m0s .o .o .o .o .o .o f07e34dca1.build--stateless-rpc lib/rustlib/x86_--helper-status lib/�� lib/rustlib/x86_--verbose lib/rustlib/x86_--no-progress lib/rustlib/x86_REDACTED lib/rustlib/x86_bash lib/rustlib/x86_/usr/bin/runc lib/rustlib/x86_--version lib/rustlib/x86_64-REDACTED-linux-gnu/lib/libstd_detect-b16e5cb5eba3e0fd.rlib (dns block)
  • slow.example.com
    • Triggering command: /tmp/go-build2733438357/b509/launcher.test /tmp/go-build2733438357/b509/launcher.test -test.testlogfile=/tmp/go-build2733438357/b509/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true rotocol/go-sdk@v1.5.0/auth/auth.go rotocol/go-sdk@v1.5.0/auth/authorization_code.go x_amd64/vet --gdwarf-5 ternal/wasm/bina-atomic -o x_amd64/vet 6163�� (dns block)
    • Triggering command: /tmp/go-build2946369755/b513/launcher.test /tmp/go-build2946369755/b513/launcher.test -test.testlogfile=/tmp/go-build2946369755/b513/testlog.txt -test.paniconexit0 -test.timeout=10m0s .o .o .o .o .o .o f07e34dca1.build--stateless-rpc lib/rustlib/x86_--helper-status lib/�� lib/rustlib/x86_--verbose lib/rustlib/x86_--no-progress lib/rustlib/x86_REDACTED lib/rustlib/x86_bash lib/rustlib/x86_/usr/bin/runc lib/rustlib/x86_--version lib/rustlib/x86_64-REDACTED-linux-gnu/lib/libstd_detect-b16e5cb5eba3e0fd.rlib (dns block)
  • this-host-does-not-exist-12345.com
    • Triggering command: /tmp/go-build2733438357/b518/mcp.test /tmp/go-build2733438357/b518/mcp.test -test.testlogfile=/tmp/go-build2733438357/b518/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true 1n8gjiV1M -I x_amd64/vet --gdwarf-5 --64 -o x_amd64/vet -W .cfg olang.org/grpc@v-ifaceassert x_amd64/vet . --gdwarf2 --64 x_amd64/vet (dns block)
    • Triggering command: /tmp/go-build2946369755/b522/mcp.test /tmp/go-build2946369755/b522/mcp.test -test.testlogfile=/tmp/go-build2946369755/b522/testlog.txt -test.paniconexit0 -test.timeout=10m0s lib/�� lib/rustlib/x86_64-REDACTED-linux-gnu/lib/librustc_std_workspace_alloc-76b5fe9328c1063f.rlib lib/rustlib/x86_64-REDACTED-linux-gnu/lib/libminiz_oxide-2b6a8d2f6e1dc71b.rlib ache/go/1.25.9/x64/pkg/tool/linux_amd64/vet 64/src/runtime/cbash sql/driver/drive/usr/bin/runc cal/bin/as ache/go/1.25.9/x64/pkg/tool/linu/home/REDACTED/work/gh-aw-mcpg/gh-aw-mcpg/guards/github-guard/rust-guard/target/de-d -ato�� (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI linked an issue Apr 21, 2026 that may be closed by this pull request
[gateway] list_commits on non-default branch: owner's commits get none integrity on personal repos #4250
Closed
Copilot AI changed the title [WIP] Fix owner's commits integrity on non-default branch [gateway] Correct commit integrity elevation for personal repos on non-default refs Apr 21, 2026
Copilot AI requested a review from lpcox April 21, 2026 18:44
@lpcox lpcox marked this pull request as ready for review April 21, 2026 18:54
Copilot AI review requested due to automatic review settings April 21, 2026 18:54
@lpcox lpcox merged commit 33edc25 into main Apr 21, 2026
29 checks passed
@lpcox lpcox deleted the copilot/fix-commits-integrity-on-non-default-branch branch April 21, 2026 18:54
Copilot AI reviewed Apr 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes commit integrity elevation on non-default refs for public personal repositories where commit payloads often omit author_association, preventing valid owner-authored commits from being labeled none:* and filtered under min-integrity=approved.

Changes:

  • Generalize elevate_via_collaborator_permission to run for public repos regardless of org ownership.
  • Add a public-repo owner-login fast-path in commit_integrity to ensure owner-authored commits reach at least writer integrity when association is missing.
  • Add/adjust unit tests to cover owner-authored commits without author_association and updated collaborator-permission fallback semantics.
Show a summary per file
File Description
guards/github-guard/rust-guard/src/labels/helpers.rs Removes org-only gating for collaborator-permission elevation and adds owner-login fast-path in commit_integrity.
guards/github-guard/rust-guard/src/labels/mod.rs Adds targeted regression test for owner-authored commits without author_association and updates collaborator-permission fallback test expectation.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 2/2 changed files
  • Comments generated: 1

Comment thread guards/github-guard/rust-guard/src/labels/helpers.rs
Comment on lines 1308 to 1314
/// Elevate integrity via collaborator permission fallback for org repos.
///
/// Rank threshold for writer-level integrity (none=1, reader=2, writer=3, merged=4).
const WRITER_RANK: u8 = 3;

/// Attempt to elevate integrity for an author in an org-owned repository
/// Attempt to elevate integrity for an author in a public repository
/// by checking their effective collaborator permission.
Copy link

Copilot AI Apr 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The doc comment still says this collaborator-permission fallback is "for org repos", but the org-only short-circuit was removed and the function now applies to any public repo. Please update the header comment to match the new behavior (or reintroduce a guard if org-only is still intended).

Copilot uses AI. Check for mistakes.
This was referenced Apr 21, 2026
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@lpcox lpcox Awaiting requested review from lpcox

Assignees

@lpcox lpcox

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[gateway] list_commits on non-default branch: owner's commits get none integrity on personal repos

3 participants

@lpcox