npm - @mastra/github-signals - Versions diffs - 0.1.0 → 0.1.1-alpha.0 - Mend

@mastra/github-signals 0.1.0 → 0.1.1-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,16 @@
+# @mastra/github-signals
+## 0.1.1-alpha.0
+### Patch Changes
+- Gate GitHub signal notifications behind author permission checks to guard against prompt injection from random commenters. Only comments from users with write access (admin, maintain, write) trigger notifications. Bot comments are opt-in via an allowlist that defaults to CodeRabbit and Devin, with `ignoredBots` still available as an explicit blocklist. Unauthorized latest comments are excluded before notification classification so noisy bot edits do not render in notification metadata or mask the latest authorized comment. Scheduled polls now include comments and detect latest-comment timestamp changes so comment notifications are not lost behind stale or unchanged thread hashes. Comment activity notifications render the latest authorized comment author and excerpt as high-priority GitHub signal updates. ([#17590](https://github.com/mastra-ai/mastra/pull/17590))
+  New options on `GithubSignalsOptions`:
+  - `authorizedPermissions` — permission levels that authorize human commenters (default: `['admin', 'maintain', 'write']`)
+  - `authorizedBots` — bot logins authorized to trigger notifications (default: `['coderabbitai[bot]', 'devin-ai-integration[bot]']`)
+  - `ignoredBots` — bot logins whose comments should NOT trigger notifications, even if authorized
+  - `permissionResolver` — injectable resolver for looking up collaborator permissions (default: `gh api`)
+- Updated dependencies [[`2bccba4`](https://github.com/mastra-ai/mastra/commit/2bccba4c03cadc815c2d54cbf4dd43a922140a8d), [`2bccba4`](https://github.com/mastra-ai/mastra/commit/2bccba4c03cadc815c2d54cbf4dd43a922140a8d), [`f2ab060`](https://github.com/mastra-ai/mastra/commit/f2ab060162bea81505fda553e2cee29c1979fd04), [`5d302c8`](https://github.com/mastra-ai/mastra/commit/5d302c8eda1a6ac74eab5e442c4f64db6cc97a06)]:
+  - @mastra/core@1.42.0-alpha.1

package/dist/index.cjs CHANGED Viewed

@@ -26,6 +26,10 @@ var GITHUB_SUBSCRIBE_PR_TAG = "github-subscribe-pr";
 var GITHUB_UNSUBSCRIBE_PR_TAG = "github-unsubscribe-pr";
 var GITHUB_SYNC_STATUS_TAG = "github-sync-status";
 var GITHUB_SIGNALS_METADATA_KEY = "githubSignals";
+var DEFAULT_AUTHORIZED_PERMISSIONS = ["admin", "maintain", "write"];
+var DEFAULT_AUTHORIZED_BOTS = ["coderabbitai[bot]", "devin-ai-integration[bot]"];
+var PERMISSION_CACHE_TTL_MS = 5 * 60 * 1e3;
+var AUTHOR_GATED_NOTIFICATION_KINDS = /* @__PURE__ */ new Set(["pull-request-activity", "pull-request-review-activity"]);
 var createGithubTool = tools.createTool;
 function isPlainObject(value) {
   return typeof value === "object" && value !== null && !Array.isArray(value);
@@ -146,6 +150,36 @@ function getPrLabel(subscription, snapshot) {
 function getMergedNotificationSummary(label) {
   return `${label} was merged. This thread has been automatically unsubscribed from this PR. Resubscribe if you still need updates.`;
 }
+function getCommentExcerpt(body) {
+  const excerpt = body.replace(/\s+/g, " ").trim();
+  return excerpt.length > 240 ? `${excerpt.slice(0, 237)}...` : excerpt;
+}
+function getCommentNotificationSummary(pr, snapshot) {
+  if (!snapshot.latestCommentAuthor || !snapshot.latestCommentBody) return void 0;
+  return `${snapshot.latestCommentAuthor} commented on ${pr}: ${getCommentExcerpt(snapshot.latestCommentBody)}`;
+}
+var githubActivityNotificationPriority = {
+  high: 0,
+  medium: 1
+};
+function getGithubActivityNotificationRank(notification) {
+  return notification.kind === "pull-request-activity" ? 0 : 1;
+}
+function compareGithubActivityNotifications(a, b) {
+  if (!a && !b) return 0;
+  if (!a) return 1;
+  if (!b) return -1;
+  const priorityComparison = githubActivityNotificationPriority[a.priority] - githubActivityNotificationPriority[b.priority];
+  if (priorityComparison !== 0) return priorityComparison;
+  return getGithubActivityNotificationRank(a) - getGithubActivityNotificationRank(b);
+}
+function classifyGithubCommentActivityNotification(input) {
+  if (isBotOnlyActivity(input.snapshot)) return void 0;
+  const pr = `${input.subscription.owner}/${input.subscription.repo}#${input.subscription.number}`;
+  const summary = getCommentNotificationSummary(pr, input.snapshot);
+  if (!summary) return void 0;
+  return { kind: "pull-request-activity", priority: "high", summary };
+}
 function getCheckUpdatedTime(check) {
   const value = check.updatedAt ? Date.parse(check.updatedAt) : Number.NaN;
   return Number.isFinite(value) ? value : 0;
@@ -269,10 +303,11 @@ function classifyGithubActivityNotification(input) {
   }
   if (input.snapshot.ciState === "pending" && input.subscription.lastObservedCiState === "pending") return void 0;
   if (isBotOnlyActivity(input.snapshot)) return void 0;
+  const commentSummary = getCommentNotificationSummary(pr, input.snapshot);
   return {
     kind: "pull-request-activity",
-    priority: "medium",
-    summary: `${pr} has new activity${input.snapshot.title ? `: ${input.snapshot.title}` : ""}`
+    priority: commentSummary ? "high" : "medium",
+    summary: commentSummary ?? `${pr} has new activity${input.snapshot.title ? `: ${input.snapshot.title}` : ""}`
   };
 }
 function classifyGithubBaselineNotification(input) {
@@ -397,13 +432,15 @@ var GitcrawlSyncClient = class {
             join threads t on t.id=rt.thread_id
             join repositories r on r.id=t.repo_id
            where r.owner=${owner} and r.name=${repo} and t.number=${number} and rt.is_resolved=0`);
-      const [latestComment] = await queryGitcrawlDb(`select c.author_login, c.author_type, c.is_bot
+      const latestComments = await queryGitcrawlDb(`select c.author_login, c.author_type, c.is_bot, c.body, json_extract(c.raw_json, '$.html_url') as html_url,
+                 coalesce(c.updated_at_gh, c.created_at_gh) as updated_at
             from comments c
             join threads t on t.id=c.thread_id
             join repositories r on r.id=t.repo_id
            where r.owner=${owner} and r.name=${repo} and t.number=${number}
            order by coalesce(c.updated_at_gh, c.created_at_gh) desc
-           limit 1`);
+           limit 20`);
+      const latestComment = latestComments[0];
       const checks = normalizeGithubChecksForSnapshot({
         checkRows: checkRows.map((row) => ({
           source: "check",
@@ -465,7 +502,18 @@ var GitcrawlSyncClient = class {
         latestReviewThreadAt: readString(reviewState?.latest_review_thread_at),
         latestCommentAuthor: readString(latestComment?.author_login),
         latestCommentAuthorType: readString(latestComment?.author_type),
-        latestCommentIsBot: latestComment?.is_bot === 1
+        latestCommentIsBot: latestComment?.is_bot === 1,
+        latestCommentBody: readString(latestComment?.body),
+        latestCommentUrl: readString(latestComment?.html_url),
+        latestCommentUpdatedAt: readString(latestComment?.updated_at),
+        latestComments: latestComments.map((comment) => ({
+          author: readString(comment.author_login),
+          authorType: readString(comment.author_type),
+          isBot: comment.is_bot === 1,
+          body: readString(comment.body),
+          url: readString(comment.html_url),
+          updatedAt: readString(comment.updated_at)
+        }))
       };
     } catch {
       return void 0;
@@ -520,9 +568,11 @@ var GithubSignals = class extends signals.SignalProvider {
   #syncClient;
   #repositoryResolver;
   #polling = /* @__PURE__ */ new Map();
+  #permissionCache = /* @__PURE__ */ new Map();
   #agent;
   #agentOptions = {};
   #subscriptionsChangedHandler;
+  #pollingChangedHandler;
   constructor(options = {}) {
     super();
     this.#options = options;
@@ -557,6 +607,9 @@ var GithubSignals = class extends signals.SignalProvider {
   onSubscriptionsChanged(handler) {
     this.#subscriptionsChangedHandler = handler;
   }
+  onPollingChanged(handler) {
+    this.#pollingChangedHandler = handler;
+  }
   __registerMastra(mastra) {
     super.__registerMastra(mastra);
     this.#ghMastra = mastra;
@@ -595,15 +648,13 @@ var GithubSignals = class extends signals.SignalProvider {
       this.#polling.delete(pollingKey);
     }
     if (this.#polling.has(key)) return true;
-    let scheduledPollCount = options.pollImmediately ? 1 : 0;
     const runPoll = (pollOptions = {}) => {
       void this.#pollThread(input, pollOptions).catch((error) => {
         console.warn("GitHub PR polling failed:", error);
       });
     };
     const timer = setInterval(() => {
-      scheduledPollCount += 1;
-      runPoll({ includeComments: scheduledPollCount % 2 === 1 });
+      runPoll({ includeComments: true });
     }, this.#options.pollIntervalMs ?? 3e5);
     if (options.pollImmediately) runPoll({ includeComments: true });
     timer.unref?.();
@@ -620,6 +671,9 @@ var GithubSignals = class extends signals.SignalProvider {
   isPollingThread(input) {
     return this.#polling.has(this.#pollingKey(input));
   }
+  isPollingThreadRunning(input) {
+    return this.#polling.get(this.#pollingKey(input))?.running ?? false;
+  }
   getPollIntervalMs() {
     return this.#options.pollIntervalMs ?? 3e5;
   }
@@ -805,6 +859,9 @@ var GithubSignals = class extends signals.SignalProvider {
   #notifySubscriptionsChanged(input) {
     this.#subscriptionsChangedHandler?.(input);
   }
+  #notifyPollingChanged(input) {
+    this.#pollingChangedHandler?.(input);
+  }
   async #pollThread(input, options = {}) {
     const key = this.#pollingKey(input);
     const state = this.#polling.get(key);
@@ -812,6 +869,7 @@ var GithubSignals = class extends signals.SignalProvider {
       return 0;
     }
     if (state) state.running = true;
+    this.#notifyPollingChanged({ threadId: input.threadId, resourceId: input.resourceId, running: true });
     try {
       const { threadStore, loadedThread } = await this.#loadThread(input);
       const githubMetadata = getGithubMetadata(loadedThread.metadata);
@@ -830,7 +888,9 @@ var GithubSignals = class extends signals.SignalProvider {
           includeComments: options.includeComments
         };
         const syncResult = await this.#syncClient.syncPullRequest(syncInput);
-        const snapshot = syncResult.ok ? await this.#syncClient.getPullRequestSnapshot?.(syncInput) : void 0;
+        let snapshot = syncResult.ok ? await this.#syncClient.getPullRequestSnapshot?.(syncInput) : void 0;
+        if (snapshot)
+          snapshot = await this.#filterUnauthorizedLatestComment(subscription.owner, subscription.repo, snapshot);
         const nextSubscription = {
           ...subscription,
           updatedAt: now,
@@ -843,25 +903,28 @@ var GithubSignals = class extends signals.SignalProvider {
         const previousContentHash = subscription.lastObservedContentHash;
         const previousThreadContentHash = subscription.lastObservedThreadContentHash;
         const previousHeadSha = subscription.lastObservedHeadSha;
+        const latestCommentChanged = !!previousGithubUpdatedAt && !!snapshot?.latestCommentUpdatedAt && Date.parse(snapshot.latestCommentUpdatedAt) > Date.parse(previousGithubUpdatedAt);
         if (snapshot) applySnapshotCursor(nextSubscription, snapshot);
         const isFirstObservation = syncResult.ok && snapshot && !previousGithubUpdatedAt && !previousContentHash;
         const legacyAggregateChanged = previousContentHash && snapshot?.contentHash && previousContentHash !== snapshot.contentHash && !previousThreadContentHash && !previousHeadSha;
-        const changed = isFirstObservation || syncResult.ok && snapshot && (legacyAggregateChanged || previousThreadContentHash && snapshot.threadContentHash && previousThreadContentHash !== snapshot.threadContentHash || previousHeadSha && snapshot.headSha && previousHeadSha !== snapshot.headSha || subscription.lastObservedState && snapshot.state && subscription.lastObservedState !== snapshot.state || subscription.lastObservedMergeableState && snapshot.mergeableState && subscription.lastObservedMergeableState !== snapshot.mergeableState || subscription.lastObservedCiState && snapshot.ciState && subscription.lastObservedCiState !== snapshot.ciState || subscription.lastObservedReviewStateHash && snapshot.reviewStateHash && subscription.lastObservedReviewStateHash !== snapshot.reviewStateHash);
+        const changed = isFirstObservation || syncResult.ok && snapshot && (legacyAggregateChanged || latestCommentChanged || previousThreadContentHash && snapshot.threadContentHash && previousThreadContentHash !== snapshot.threadContentHash || previousHeadSha && snapshot.headSha && previousHeadSha !== snapshot.headSha || subscription.lastObservedState && snapshot.state && subscription.lastObservedState !== snapshot.state || subscription.lastObservedMergeableState && snapshot.mergeableState && subscription.lastObservedMergeableState !== snapshot.mergeableState || subscription.lastObservedCiState && snapshot.ciState && subscription.lastObservedCiState !== snapshot.ciState || subscription.lastObservedReviewStateHash && snapshot.reviewStateHash && subscription.lastObservedReviewStateHash !== snapshot.reviewStateHash);
         let shouldKeepSubscription = true;
-        if (changed) {
-          const notification = await this.#sendActivityNotification({
+        if (changed && snapshot) {
+          const notifications = await this.#sendActivityNotifications({
             polling: input,
             subscription,
             snapshot,
             previousGithubUpdatedAt,
-            previousContentHash
+            previousContentHash,
+            latestCommentChanged
           });
-          if (notification) {
+          const primaryNotification = notifications[0];
+          if (primaryNotification) {
             nextSubscription.lastNotificationAt = now;
-            nextSubscription.lastNotificationKind = notification.kind;
-            nextSubscription.lastNotificationPriority = notification.priority;
-            nextSubscription.lastNotificationSummary = notification.summary;
-            shouldKeepSubscription = notification.kind !== "pull-request-merged";
+            nextSubscription.lastNotificationKind = primaryNotification.kind;
+            nextSubscription.lastNotificationPriority = primaryNotification.priority;
+            nextSubscription.lastNotificationSummary = primaryNotification.summary;
+            shouldKeepSubscription = notifications.every((notification) => notification.kind !== "pull-request-merged");
           }
         }
         if (shouldKeepSubscription) subscriptions.push(nextSubscription);
@@ -884,17 +947,20 @@ var GithubSignals = class extends signals.SignalProvider {
     } finally {
       const latestState = this.#polling.get(key);
       if (latestState) latestState.running = false;
+      this.#notifyPollingChanged({ threadId: input.threadId, resourceId: input.resourceId, running: false });
     }
   }
-  async #sendGithubNotification(input) {
+  #createGithubNotificationInput(input) {
     const failingChecks = getFailingChecks(input.snapshot);
     const pendingChecks = getPendingChecks(input.snapshot);
+    const latestCommentExcerpt = input.snapshot.latestCommentBody ? getCommentExcerpt(input.snapshot.latestCommentBody) : void 0;
+    const latestCommentDedupeSuffix = input.notification.kind === "pull-request-activity" && input.snapshot.latestCommentUrl ? `comment:${input.snapshot.latestCommentUrl}:${input.snapshot.latestCommentUpdatedAt ?? ""}` : input.dedupeSuffix;
     const notificationInput = {
       source: "github",
       kind: input.notification.kind,
       priority: input.notification.priority,
       summary: input.notification.summary,
-      dedupeKey: `github:${input.subscription.owner}/${input.subscription.repo}#${input.subscription.number}:${input.dedupeSuffix}`,
+      dedupeKey: `github:${input.subscription.owner}/${input.subscription.repo}#${input.subscription.number}:${latestCommentDedupeSuffix}`,
       coalesceKey: `github:${input.subscription.owner}/${input.subscription.repo}#${input.subscription.number}:${input.notification.kind}`,
       attributes: {
         owner: input.subscription.owner,
@@ -908,6 +974,10 @@ var GithubSignals = class extends signals.SignalProvider {
         ...input.snapshot.mergeableState ? { mergeableState: input.snapshot.mergeableState } : {},
         ...input.snapshot.ciState ? { ciState: input.snapshot.ciState } : {},
         ...input.snapshot.unresolvedReviewThreads !== void 0 ? { unresolvedReviewThreads: input.snapshot.unresolvedReviewThreads } : {},
+        ...input.snapshot.latestCommentAuthor ? { latestCommentAuthor: input.snapshot.latestCommentAuthor } : {},
+        ...latestCommentExcerpt ? { latestCommentExcerpt } : {},
+        ...input.snapshot.latestCommentUrl ? { latestCommentUrl: input.snapshot.latestCommentUrl } : {},
+        ...input.snapshot.latestCommentUpdatedAt ? { latestCommentUpdatedAt: input.snapshot.latestCommentUpdatedAt } : {},
         ...failingChecks.length > 0 ? { failingChecks: failingChecks.map((check) => check.name).join(", ") } : {},
         ...pendingChecks.length > 0 ? { pendingChecks: pendingChecks.map((check) => check.name).join(", ") } : {}
       },
@@ -936,11 +1006,19 @@ var GithubSignals = class extends signals.SignalProvider {
           latestCommentAuthor: input.snapshot.latestCommentAuthor,
           latestCommentAuthorType: input.snapshot.latestCommentAuthorType,
           latestCommentIsBot: input.snapshot.latestCommentIsBot,
+          latestCommentBody: input.snapshot.latestCommentBody,
+          latestCommentExcerpt,
+          latestCommentUrl: input.snapshot.latestCommentUrl,
+          latestCommentUpdatedAt: input.snapshot.latestCommentUpdatedAt,
           failingChecks,
           pendingChecks
         }
       }
     };
+    return notificationInput;
+  }
+  async #sendGithubNotification(input) {
+    const notificationInput = this.#createGithubNotificationInput(input);
     const streamOptions = await this.#agentOptions.getNotificationStreamOptions?.(input.target);
     await input.agent?.sendNotificationSignal?.(
       notificationInput,
@@ -959,25 +1037,144 @@ var GithubSignals = class extends signals.SignalProvider {
       dedupeSuffix: `baseline:${input.subscription.lastSubscribeSignalId}`
     });
   }
-  async #sendActivityNotification(input) {
+  async #isAuthorizedAuthor(owner, repo, user, metadata = {}) {
+    if (!user) return false;
+    const normalizedUser = user.toLowerCase();
+    const isBot = metadata.isBot === true || metadata.authorType?.toLowerCase() === "bot" || normalizedUser.endsWith("[bot]");
+    if (isBot) {
+      const ignoredBots = this.#options.ignoredBots ?? [];
+      if (ignoredBots.some((bot) => bot.toLowerCase() === normalizedUser)) return false;
+      const authorizedBots = this.#options.authorizedBots ?? DEFAULT_AUTHORIZED_BOTS;
+      return authorizedBots.some((bot) => bot.toLowerCase() === normalizedUser);
+    }
+    const permission = await this.#loadAuthorPermission(owner, repo, user);
+    const authorizedPermissions = this.#options.authorizedPermissions ?? DEFAULT_AUTHORIZED_PERMISSIONS;
+    return !!permission && authorizedPermissions.includes(permission);
+  }
+  async #filterUnauthorizedLatestComment(owner, repo, snapshot) {
+    const comments = snapshot.latestComments?.length ? snapshot.latestComments : [
+      {
+        author: snapshot.latestCommentAuthor,
+        authorType: snapshot.latestCommentAuthorType,
+        isBot: snapshot.latestCommentIsBot,
+        body: snapshot.latestCommentBody,
+        url: snapshot.latestCommentUrl,
+        updatedAt: snapshot.latestCommentUpdatedAt
+      }
+    ];
+    if (!comments.some((comment) => comment.author)) return snapshot;
+    if (!comments.some((comment) => comment.body || comment.url || comment.updatedAt)) return snapshot;
+    for (const comment of comments) {
+      if (!await this.#isAuthorizedAuthor(owner, repo, comment.author, {
+        authorType: comment.authorType,
+        isBot: comment.isBot
+      })) {
+        continue;
+      }
+      return {
+        ...snapshot,
+        latestCommentAuthor: comment.author,
+        latestCommentAuthorType: comment.authorType,
+        latestCommentIsBot: comment.isBot,
+        latestCommentBody: comment.body,
+        latestCommentUrl: comment.url,
+        latestCommentUpdatedAt: comment.updatedAt
+      };
+    }
+    return {
+      ...snapshot,
+      latestCommentAuthor: void 0,
+      latestCommentAuthorType: void 0,
+      latestCommentIsBot: void 0,
+      latestCommentBody: void 0,
+      latestCommentUrl: void 0,
+      latestCommentUpdatedAt: void 0
+    };
+  }
+  async #loadAuthorPermission(owner, repo, user) {
+    const cacheKey = `${owner}/${repo}:${user.toLowerCase()}`;
+    const cached = this.#permissionCache.get(cacheKey);
+    if (cached && cached.expiresAt > Date.now()) return cached.permission;
+    if (cached) this.#permissionCache.delete(cacheKey);
+    try {
+      let permission;
+      if (this.#options.permissionResolver) {
+        permission = await this.#options.permissionResolver.getPermission(owner, repo, user);
+      } else {
+        const { stdout } = await execFileAsync("gh", [
+          "api",
+          `repos/${owner}/${repo}/collaborators/${user}/permission`,
+          "--jq",
+          ".permission"
+        ]);
+        const raw = stdout.trim();
+        permission = ["admin", "maintain", "write", "triage", "read", "none"].includes(
+          raw
+        ) ? raw : void 0;
+      }
+      if (permission) {
+        this.#permissionCache.set(cacheKey, { permission, expiresAt: Date.now() + PERMISSION_CACHE_TTL_MS });
+      }
+      return permission;
+    } catch {
+      this.#permissionCache.delete(cacheKey);
+      return void 0;
+    }
+  }
+  async #sendActivityNotifications(input) {
     const agent = this.#getNotificationAgent(input.polling);
-    if (!agent?.sendNotificationSignal) return void 0;
-    const notification = classifyGithubActivityNotification({
-      subscription: input.subscription,
-      snapshot: input.snapshot
-    });
-    if (!notification) return void 0;
-    await this.#sendGithubNotification({
-      agent,
-      subscription: input.subscription,
-      snapshot: input.snapshot,
-      notification,
-      target: { resourceId: input.polling.resourceId, threadId: input.polling.threadId },
-      dedupeSuffix: input.snapshot.contentHash ?? input.snapshot.githubUpdatedAt ?? String(Date.now()),
-      previousGithubUpdatedAt: input.previousGithubUpdatedAt,
-      previousContentHash: input.previousContentHash
-    });
-    return notification;
+    if (!agent?.sendNotificationSignal) return [];
+    const notifications = [
+      classifyGithubActivityNotification({
+        subscription: input.subscription,
+        snapshot: input.snapshot
+      })
+    ];
+    if (input.latestCommentChanged && notifications[0]?.kind !== "pull-request-activity") {
+      notifications.push(
+        classifyGithubCommentActivityNotification({
+          subscription: input.subscription,
+          snapshot: input.snapshot
+        })
+      );
+    }
+    const sent = [];
+    const notificationInputs = [];
+    for (const notification of notifications.sort(compareGithubActivityNotifications)) {
+      if (!notification) continue;
+      if (AUTHOR_GATED_NOTIFICATION_KINDS.has(notification.kind)) {
+        const authorized = await this.#isAuthorizedAuthor(
+          input.subscription.owner,
+          input.subscription.repo,
+          input.snapshot.latestCommentAuthor,
+          {
+            authorType: input.snapshot.latestCommentAuthorType,
+            isBot: input.snapshot.latestCommentIsBot
+          }
+        );
+        if (!authorized) continue;
+      }
+      notificationInputs.push(
+        this.#createGithubNotificationInput({
+          subscription: input.subscription,
+          snapshot: input.snapshot,
+          notification,
+          dedupeSuffix: input.snapshot.contentHash ?? input.snapshot.githubUpdatedAt ?? String(Date.now()),
+          previousGithubUpdatedAt: input.previousGithubUpdatedAt,
+          previousContentHash: input.previousContentHash
+        })
+      );
+      sent.push(notification);
+    }
+    if (notificationInputs.length > 0) {
+      const target = { resourceId: input.polling.resourceId, threadId: input.polling.threadId };
+      const streamOptions = await this.#agentOptions.getNotificationStreamOptions?.(target);
+      await agent.sendNotificationSignal(
+        notificationInputs,
+        streamOptions ? { ...target, ifIdle: { streamOptions } } : target
+      );
+    }
+    return sent;
   }
   async #subscribe(input) {
     const { owner, repo } = await this.#resolveRepository(input);