fix(ci): gate comment-triggered AI workflows on author association (#748)#828
Conversation
) Comment-triggered AI workflows spent paid credits (ZHIPU_API_KEY, CLAUDE_CODE_OAUTH_TOKEN) for any commenter, since neither job gated on author_association. External users could drain credits at will. - opencode.yml + claude.yml: gate on author_association in {OWNER, MEMBER, COLLABORATOR}, read from the correct event object per trigger (comment/review/issue). - opencode.yml: drop the loose ' /oc'/' /opencode' substring matches; keep only startsWith prefix matches so the command must begin the comment. Closes #748
|
Warning Review limit reachedYou’ve reached a temporary PR review limit under our Fair Usage Limits Policy. Next review available in: 54 minutes Your organization has reached its usage spending cap. Adjust your spending cap in the billing tab. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Cross-family review (opencode / GLM-4.7) — clean
Gate behavior demo (outcome evidence)A line-for-line Python mirror of both
|
|
remote: Duplicate header: "Authorization" |
Closes #748
Problem
opencode.yml(/oc,/opencode) andclaude.yml(@claude) triggered onissue_comment/ review /issuesevents with noauthor_associationrestriction, spendingZHIPU_API_KEY/CLAUDE_CODE_OAUTH_TOKEN. On a public repo, any external commenter could drain paid AI credits. The/ocmatch was also a loose substring.Fix
Both jobs now gate on
author_association ∈ {OWNER, MEMBER, COLLABORATOR}viacontains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), …).issue_comment/pull_request_review_comment→github.event.comment.author_associationpull_request_review→github.event.review.author_associationissues→github.event.issue.author_associationgithub.event.comment.author_association, and the loose/oc//opencodecontainssubstrings are dropped; onlystartsWith('/oc')/startsWith('/opencode')prefix matches remain, so a command must begin the comment.Acceptance criteria
author_association ∈ {OWNER, MEMBER, COLLABORATOR}/ocmatch is tightened to a prefixVerification
fromJSONarray +containslogic, boolean precedence, and prefix tightening — no blocking issues.Boolean truth-table (per event)
@claude//ocpresentKnown limitations
if:expression semantics can't be executed locally, so the gate is verified by static reasoning + cross-family review + YAML validity rather than a runtime unit test. A true end-to-end check requires a non-member comment against the live workflow, which isn't reproducible in CI.startsWith('/oc')still matches a hypothetical/ocean …prefix; treating the command as an exact token isn't expressible in GHA's expression language without regex. The credit-drain threat is fully closed by the association gate regardless.