fix: handle 404 errors in checkWritePermissions for non-user actors#1030
Open
MaxwellCalkin wants to merge 1 commit intoanthropics:mainfrom
Open
fix: handle 404 errors in checkWritePermissions for non-user actors#1030MaxwellCalkin wants to merge 1 commit intoanthropics:mainfrom
MaxwellCalkin wants to merge 1 commit intoanthropics:mainfrom
Conversation
The collaborator permissions API returns 404 for actors like "Copilot" that are not regular GitHub users. Previously, only actors ending in "[bot]" were bypassed, causing workflows triggered by Copilot reviews to fail with "Copilot is not a user" errors. This adds 404 error handling in the catch block so that non-user actors are recognized and allowed through, matching the existing behavior for [bot] actors. Fixes anthropics#1018 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #1018
checkWritePermissionscallsoctokit.repos.getCollaboratorPermissionLevel()withgithub.actoras the username. When the actor is a non-user entity likeCopilot(from a Copilot-initiatedpull_request_review), this API returns a 404 becauseCopilotis not a regular GitHub user.The existing bot bypass only checks for actors ending in
[bot], butCopilotdoes not follow that naming convention.Changes
src/github/validation/permissions.ts: Added 404 error handling in thecatchblock. When the collaborator permissions API returns a 404 (indicating the actor is not a GitHub user), the function now logs an informational message and returnstrueinstead of throwing. Non-404 errors continue to throw as before.test/permissions.test.ts: Added 4 new test cases:Copilotactor returnstruetrueError) still throwWhy this approach
Rather than maintaining a hardcoded list of non-user actor names (which would need updating as GitHub adds new system actors), this fix catches the 404 response that GitHub already returns when an actor is not a user. This is robust against future non-user actors being added by GitHub.
This is consistent with how other parts of the codebase handle 404s from GitHub APIs (e.g.,
branch-cleanup.ts,update-claude-comment.ts).Test plan
pull_request_reviewworkflow