fix(review): guard mixed-trust label propagation#4490
Conversation
|
Superagent didn't find any vulnerabilities or security issues in this PR. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #4490 +/- ##
=======================================
Coverage 94.11% 94.11%
=======================================
Files 432 432
Lines 38348 38352 +4
Branches 13979 13981 +2
=======================================
+ Hits 36091 36095 +4
Misses 1600 1600
Partials 657 657
🚀 New features to boost your workflow:
|
|
Warning 🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨 ⏸️ Gittensory review result - manual review recommendedReview updated: 2026-07-10 08:38:25 UTC
⏸️ Suggested Action - Manual Review
Review summary Blockers
Nits — 4 non-blocking
Concerns raised — review before merging
Review context
Contributor next steps
Signal definitions
🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed 💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →. Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.
|
# Conflicts: # src/review/linked-issue-label-propagation-fetch.ts
Deploying with
|
| Status | Name | Latest Commit | Preview URL | Updated (UTC) |
|---|---|---|---|---|
| ✅ Deployment successful! View logs |
gittensory-ui | 62da196 | Commit Preview URL Branch Preview URL |
Jul 10 2026, 08:26 AM |
Motivation
issueLabelname and thereby unlock a strict/additive sensitive mapping that had not opted into maintainer trust, violating the per-mappingtrustMaintainerAuthoredIssuecontract.Description
issueLabeland compute relaxable labels only when every mapping sharing that label has explicitly opted into the relaxed trust flags insrc/review/linked-issue-label-propagation-fetch.ts.test/unit/linked-issue-label-propagation-fetch.test.tsthat exercises the mixed-trust duplicate-label shape and verifies strict mappings are not relaxed by a co-present trusted mapping.Testing
npx vitest run test/unit/linked-issue-label-propagation-fetch.test.ts, and the focused unit suite passed (all tests green).npm run typecheckand the TypeScript typecheck completed successfully.npm audit --audit-level=moderatebut the registry audit endpoint returned403 Forbiddenin this environment so that check could not complete here.Codex Task