Fix thread GitHub PR identity isolation#68
Draft
zzj3720 wants to merge 1 commit into
Draft
Conversation
Co-authored-by: Peng Xiao <pengxiao@outlook.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
HOMEwhile isolating broker sessionGH_CONFIG_DIRbeside each auth-profilecodex-homegh auth git-credentialghwrapper and requestworkflowscope for new GitHub PR identity bindingsValidation
pnpm exec tsc -p tsconfig.json --noEmitpnpm exec vitest run test/config.test.ts test/github-pr-identity-service.test.ts test/gh-wrapper.test.ts test/app-server-process.test.tspnpm buildpnpm test(59 files / 382 tests passed)GH_CONFIG_DIR, new wrapper source resolves this Slack session topengx17; direct realghsees no login; git credential fill through the fixed helper returnsx-access-tokenwith the password redacted locally.Notes
Peng's current OAuth binding lacks
workflow, and Peng is not a collaborator onHOOLC/slack-codex-broker, so GitHub rejected both pushing to Peng's stale fork and creating a PR from the upstream branch with Peng's token. This PR includes the scope fix for new/rebound identities, but I opened this draft with maintainer credentials so the fix is not blocked.