@mastra/github-signals 0.1.1-alpha.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +15 -0
- package/dist/index.cjs +12 -6
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +12 -6
- package/dist/index.js.map +1 -1
- package/package.json +4 -4
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,20 @@
|
|
|
1
1
|
# @mastra/github-signals
|
|
2
2
|
|
|
3
|
+
## 0.1.1
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- Gate GitHub signal notifications behind author permission checks to guard against prompt injection from random commenters. Only comments from users with write access (admin, maintain, write) trigger notifications. Bot comments are opt-in via an allowlist that defaults to CodeRabbit and Devin, with `ignoredBots` still available as an explicit blocklist. Unauthorized latest comments are excluded before notification classification so noisy bot edits do not render in notification metadata or mask the latest authorized comment. Scheduled polls now include comments and detect latest-comment timestamp changes so comment notifications are not lost behind stale or unchanged thread hashes. Comment activity notifications render the latest authorized comment author and excerpt as high-priority GitHub signal updates. ([#17590](https://github.com/mastra-ai/mastra/pull/17590))
|
|
8
|
+
|
|
9
|
+
New options on `GithubSignalsOptions`:
|
|
10
|
+
- `authorizedPermissions` — permission levels that authorize human commenters (default: `['admin', 'maintain', 'write']`)
|
|
11
|
+
- `authorizedBots` — bot logins authorized to trigger notifications (default: `['coderabbitai[bot]', 'devin-ai-integration[bot]']`)
|
|
12
|
+
- `ignoredBots` — bot logins whose comments should NOT trigger notifications, even if authorized
|
|
13
|
+
- `permissionResolver` — injectable resolver for looking up collaborator permissions (default: `gh api`)
|
|
14
|
+
|
|
15
|
+
- Updated dependencies [[`d468acb`](https://github.com/mastra-ai/mastra/commit/d468acb07aec1bb19a2cb0ada8042b05b46746b2), [`575f815`](https://github.com/mastra-ai/mastra/commit/575f815c5c3567b71c0b83cbb7fa98c8253a9d9c), [`34839c1`](https://github.com/mastra-ai/mastra/commit/34839c1910b6964bf59ed0cee58844efebbb684e), [`053735a`](https://github.com/mastra-ai/mastra/commit/053735a75c2c18e23ce34d9468007efa4a45f4c4), [`306909a`](https://github.com/mastra-ai/mastra/commit/306909a693de77d709b38706e2673c9547d24a28), [`5191af8`](https://github.com/mastra-ai/mastra/commit/5191af80c799eea25357c545fc05d91b3883531d), [`43bd3d4`](https://github.com/mastra-ai/mastra/commit/43bd3d421987463fdf35386a45199c49499ed069), [`e6fa79e`](https://github.com/mastra-ai/mastra/commit/e6fa79ec72a2ddffdd25e85270398951e9d552a4), [`904bcdf`](https://github.com/mastra-ai/mastra/commit/904bcdf7b8004aa7be823f9f70ca63580e47e470), [`7f5ee1d`](https://github.com/mastra-ai/mastra/commit/7f5ee1dca46daee8d2817f2ebe49e6335da81956), [`1e9aab5`](https://github.com/mastra-ai/mastra/commit/1e9aab50ff11e6e88fde4d7cbf512c44a9fe8d61), [`2bccba4`](https://github.com/mastra-ai/mastra/commit/2bccba4c03cadc815c2d54cbf4dd43a922140a8d), [`bf8eb6d`](https://github.com/mastra-ai/mastra/commit/bf8eb6d0ec213a403eb9265a594ad283c44ab3dc), [`e9be4e7`](https://github.com/mastra-ai/mastra/commit/e9be4e747ec3d8b65548bff92f9377db06105376), [`493a328`](https://github.com/mastra-ai/mastra/commit/493a328f4346a1deeb9f1e2e44c8f2a3a4d7591b), [`d53cfc2`](https://github.com/mastra-ai/mastra/commit/d53cfc2c7f8d78343a4aa84ec4e129ba25f3325e), [`65799d4`](https://github.com/mastra-ai/mastra/commit/65799d4d549e5ebb9c848fbe3f51ac090f64becf), [`c268c89`](https://github.com/mastra-ai/mastra/commit/c268c89f4c63a93ee474d3cffdf3ea60bf00d4f2), [`34839c1`](https://github.com/mastra-ai/mastra/commit/34839c1910b6964bf59ed0cee58844efebbb684e), [`014e00f`](https://github.com/mastra-ai/mastra/commit/014e00f2b3a597a016b72f9901c6ab27d491f822), [`029a414`](https://github.com/mastra-ai/mastra/commit/029a4141719793bd3e898a39eb5a0466a55f5f3a), [`d468acb`](https://github.com/mastra-ai/mastra/commit/d468acb07aec1bb19a2cb0ada8042b05b46746b2), [`b147b29`](https://github.com/mastra-ai/mastra/commit/b147b2907f0cd1aa812efe6d6e3f58d22e66fc88), [`d371ac1`](https://github.com/mastra-ai/mastra/commit/d371ac1d9820afaaf7cfdbc380a475946a994d8f), [`2bccba4`](https://github.com/mastra-ai/mastra/commit/2bccba4c03cadc815c2d54cbf4dd43a922140a8d), [`0c72f03`](https://github.com/mastra-ai/mastra/commit/0c72f032abb13254df5a7856d64be2f207b8006d), [`cf182b7`](https://github.com/mastra-ai/mastra/commit/cf182b7fb495767946d9840ef29f19cfa906f31f), [`3b45ea9`](https://github.com/mastra-ai/mastra/commit/3b45ea95015557a6cb9d70dc5252af54ab1b78ac), [`a049c2a`](https://github.com/mastra-ai/mastra/commit/a049c2a9dfb41d0ee2e7a28874a88cd64fd5669f), [`f084be1`](https://github.com/mastra-ai/mastra/commit/f084be1fcbe33ad7480913e44d6130c421c0976f), [`b147b29`](https://github.com/mastra-ai/mastra/commit/b147b2907f0cd1aa812efe6d6e3f58d22e66fc88), [`2a96528`](https://github.com/mastra-ai/mastra/commit/2a9652848dfa3c5a2426f952e9d93554c26fd90f), [`f2ab060`](https://github.com/mastra-ai/mastra/commit/f2ab060162bea81505fda553e2cee29c1979fd04), [`5d302c8`](https://github.com/mastra-ai/mastra/commit/5d302c8eda1a6ac74eab5e442c4f64db6cc97a06), [`34839c1`](https://github.com/mastra-ai/mastra/commit/34839c1910b6964bf59ed0cee58844efebbb684e), [`a952852`](https://github.com/mastra-ai/mastra/commit/a952852c971a21fb646cd907c75fcf4443cdc963), [`2656d9c`](https://github.com/mastra-ai/mastra/commit/2656d9c2976d4f3354253bfbbbf9b88a1b2bbf34), [`63e3fe1`](https://github.com/mastra-ai/mastra/commit/63e3fe13cc1ea96f91d7c68aea92f400faf9e4da), [`1d4ce8d`](https://github.com/mastra-ai/mastra/commit/1d4ce8daaa54511f325c1b609d31b8e54009d677), [`8c68372`](https://github.com/mastra-ai/mastra/commit/8c68372e85fe0b066ec12c58bd29ffb93e54c552)]:
|
|
16
|
+
- @mastra/core@1.42.0
|
|
17
|
+
|
|
3
18
|
## 0.1.1-alpha.0
|
|
4
19
|
|
|
5
20
|
### Patch Changes
|
package/dist/index.cjs
CHANGED
|
@@ -765,6 +765,10 @@ var GithubSignals = class extends signals.SignalProvider {
|
|
|
765
765
|
}
|
|
766
766
|
#createTools(args) {
|
|
767
767
|
const threadContext = this.#getThreadContext(args);
|
|
768
|
+
const getExecutionThreadContext = (context) => ({
|
|
769
|
+
threadId: context?.agent?.threadId ?? threadContext.threadId,
|
|
770
|
+
resourceId: context?.agent?.resourceId ?? threadContext.resourceId
|
|
771
|
+
});
|
|
768
772
|
return {
|
|
769
773
|
...args.tools,
|
|
770
774
|
github_subscribe_pr: createGithubTool({
|
|
@@ -775,14 +779,15 @@ var GithubSignals = class extends signals.SignalProvider {
|
|
|
775
779
|
owner: z__default.default.string().optional(),
|
|
776
780
|
repo: z__default.default.string().optional()
|
|
777
781
|
}),
|
|
778
|
-
execute: async (input) => {
|
|
782
|
+
execute: async (input, context) => {
|
|
783
|
+
const executionThreadContext = getExecutionThreadContext(context);
|
|
779
784
|
const result = await this.#subscribe({
|
|
780
785
|
id: `github-tool-subscribe-${crypto.randomUUID()}`,
|
|
781
786
|
owner: input.owner,
|
|
782
787
|
repo: input.repo,
|
|
783
788
|
number: input.number,
|
|
784
|
-
threadId:
|
|
785
|
-
resourceId:
|
|
789
|
+
threadId: executionThreadContext.threadId,
|
|
790
|
+
resourceId: executionThreadContext.resourceId
|
|
786
791
|
});
|
|
787
792
|
return {
|
|
788
793
|
subscribed: true,
|
|
@@ -802,14 +807,15 @@ var GithubSignals = class extends signals.SignalProvider {
|
|
|
802
807
|
owner: z__default.default.string().optional(),
|
|
803
808
|
repo: z__default.default.string().optional()
|
|
804
809
|
}),
|
|
805
|
-
execute: async (input) => {
|
|
810
|
+
execute: async (input, context) => {
|
|
811
|
+
const executionThreadContext = getExecutionThreadContext(context);
|
|
806
812
|
const result = await this.#unsubscribe({
|
|
807
813
|
id: `github-tool-unsubscribe-${crypto.randomUUID()}`,
|
|
808
814
|
owner: input.owner,
|
|
809
815
|
repo: input.repo,
|
|
810
816
|
number: input.number,
|
|
811
|
-
threadId:
|
|
812
|
-
resourceId:
|
|
817
|
+
threadId: executionThreadContext.threadId,
|
|
818
|
+
resourceId: executionThreadContext.resourceId
|
|
813
819
|
});
|
|
814
820
|
return {
|
|
815
821
|
unsubscribed: result.removed ?? false,
|