feat(api): unfiltered per-PR audit-events query#4041
Conversation
|
Superagent didn't find any vulnerabilities or security issues in this PR. |
Deploying with
|
| Status | Name | Latest Commit | Preview URL | Updated (UTC) |
|---|---|---|---|---|
| ✅ Deployment successful! View logs |
gittensory-ui | 08c4297 | Commit Preview URL Branch Preview URL |
Jul 07 2026, 01:54 PM |
|
Warning 🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨 ⏸️ Gittensory review result - manual review recommendedReview updated: 2026-07-07 13:58:27 UTC
⏸️ Suggested Action - Manual Review
Review context
Contributor next steps
Signal definitions
🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed 💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →. Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #4041 +/- ##
=======================================
Coverage 93.56% 93.56%
=======================================
Files 378 378
Lines 35448 35469 +21
Branches 13000 13006 +6
=======================================
+ Hits 33167 33188 +21
Misses 1618 1618
Partials 663 663
🚀 New features to boost your workflow:
|
The maintainer audit-feed only ever exposed the agent.action.%/agent.pending_action.%
event-type subset, repo-scoped. Debugging what actually happened to a single PR meant
manually correlating that narrow feed against logs, since ~140 other recorded event
types (label decisions, visibility skips, notification failures, etc.) were invisible
through this endpoint.
Adds `?pull=N` to GET /v1/repos/{owner}/{repo}/agent/audit-feed: an unfiltered sibling
query (listAuditEventsForTarget) scoped to one PR's exact targetKey, no eventType
restriction. Same maintainer gate and detail sanitization as the existing feed.
Also records a github_app.type_label_decision audit event (applied/error/denied) at
the same three sites that already log the label decision, so it shows up in this feed.
The three new recordAuditEvent calls added alongside the existing type_label console logs were unguarded, unlike every other audit write in this codebase. A failing audit write (D1 blip) would propagate and abort maybePublishPrPublicSurface mid-flight, which REGRESSION (#orb-ci-stuck-repeat, fail-open) tests specifically guard against — caught by that existing test once it exercised the new code path.
Codecov flagged uncovered lines/branches: a null detail on the ?pull= branch, and two type_label_decision outcomes (completed/denied) whose new fail-open .catch() handler was never exercised, plus an unreachable applyLabels-empty fallback marked v8-ignore with an explanation.
d46ed50 to
08c4297
Compare
Summary
Closes #4006.
GET /v1/repos/{owner}/{repo}/agent/audit-feed) only ever exposed theagent.action.%/agent.pending_action.%event-type subset, repo-scoped. Debugging what actually happened to a single PR meant manually correlating that narrow feed against raw logs, since ~140 other recorded event types (label decisions, visibility skips, notification failures, etc.) were invisible through this endpoint.?pull=N: an unfiltered sibling query (listAuditEventsForTarget,src/db/repositories.ts) scoped to one PR's exacttargetKey, with noeventTyperestriction. Same maintainer gate and detail sanitization as the existing feed.github_app.type_label_decisionaudit event (applied/error/denied outcomes) at the same three sites insrc/queue/processors.tsthat already log the label decision to console, so it's now visible through this feed too.src/openapi/spec.ts) to document the new query param and the?pull=response shape.Test plan
npm run typecheck— cleannpm run ui:openapi/ui:openapi:check— regenerated, cleannpx vitest run test/unit/routes-agent-approval.test.ts test/unit/skipped-pr-audit.test.ts— 27/27 passed, including 5 new tests covering the?pull=branch (event-type-unfiltered listing, since/limit, invalid input, auth, detail redaction)