npm - @sentry/junior-github - Versions diffs - 0.53.0 → 0.55.0 - Mend

@sentry/junior-github 0.53.0 → 0.55.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +19 -0
package/SETUP.md +1 -0
package/index.d.ts +9 -0
package/index.js +150 -0
package/package.json +18 -2
package/plugin.yaml +0 -10
package/skills/github-code/SKILL.md +5 -15

package/README.md CHANGED Viewed

@@ -8,4 +8,23 @@ Install it alongside `@sentry/junior`:
 pnpm add @sentry/junior @sentry/junior-github
 ```
+Register the trusted plugin from app code:
+```ts
+import { createApp } from "@sentry/junior";
+import { githubPlugin } from "@sentry/junior-github";
+const app = await createApp({
+  plugins: [
+    githubPlugin({
+      botNameEnv: "GITHUB_APP_BOT_NAME",
+      botEmailEnv: "GITHUB_APP_BOT_EMAIL",
+    }),
+  ],
+});
+```
+Also list `@sentry/junior-github` in `juniorNitro({ plugins: { packages: [...] } })`
+so Nitro bundles the manifest and bundled GitHub skill.
 Full setup guide: https://junior.sentry.dev/extend/github-plugin/

package/SETUP.md CHANGED Viewed

@@ -14,6 +14,7 @@ In GitHub:
 - Contents: Read and write
 - Pull requests: Read and write
 - Actions: Read and write
+- Workflows: Write
 - Metadata: Read
 4. Create the app and generate a private key.

package/index.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import type { JuniorPlugin } from "@sentry/junior-plugin-api";
+export interface GitHubPluginOptions {
+  botEmailEnv?: string;
+  botNameEnv?: string;
+}
+/** Register trusted GitHub runtime hooks for commit attribution and package loading. */
+export function githubPlugin(options?: GitHubPluginOptions): JuniorPlugin;

package/index.js ADDED Viewed

@@ -0,0 +1,150 @@
+import { defineJuniorPlugin } from "@sentry/junior-plugin-api";
+function readEnv(name) {
+  const value = process.env[name];
+  return typeof value === "string" && value ? value : undefined;
+}
+function cleanIdentityPart(value) {
+  return String(value ?? "")
+    .replaceAll("\n", " ")
+    .replaceAll("\r", " ")
+    .replace(/[<>]/g, "")
+    .trim();
+}
+function requesterName(requester) {
+  return (
+    cleanIdentityPart(requester?.fullName) ||
+    cleanIdentityPart(requester?.userName) ||
+    cleanIdentityPart(requester?.userId) ||
+    undefined
+  );
+}
+function requesterEmail(requester) {
+  const email = cleanIdentityPart(requester?.email);
+  return email && !/\s/.test(email) ? email : "noreply";
+}
+function isGitCommitCommand(command) {
+  return /(?:^|[\s;|&])git(?:\s+(?:-C\s+\S+|-c\s+\S+|--git-dir(?:=\S+|\s+\S+)|--work-tree(?:=\S+|\s+\S+)|--namespace(?:=\S+|\s+\S+)))*\s+commit(?:\s|$)/.test(
+    command,
+  );
+}
+function prepareCommitMsgHook() {
+  return `#!/usr/bin/env bash
+set -eu
+message_file="\${1:-}"
+if [ -z "$message_file" ]; then
+  exit 1
+fi
+if [ -z "\${JUNIOR_GIT_AUTHOR_NAME:-}" ] || [ -z "\${JUNIOR_GIT_AUTHOR_EMAIL:-}" ]; then
+  echo "Junior GitHub plugin internal error: bot commit attribution was not injected by the host runtime. Do not set Git author env vars manually; report this configuration error." >&2
+  exit 1
+fi
+if [ "\${GIT_AUTHOR_NAME:-}" != "$JUNIOR_GIT_AUTHOR_NAME" ] || [ "\${GIT_AUTHOR_EMAIL:-}" != "$JUNIOR_GIT_AUTHOR_EMAIL" ]; then
+  echo "Junior GitHub plugin internal error: Git author was not set to the configured bot identity. Do not override Git author manually; report this configuration error." >&2
+  exit 1
+fi
+if [ -z "\${JUNIOR_GIT_COAUTHOR_NAME:-}" ] || [ -z "\${JUNIOR_GIT_COAUTHOR_EMAIL:-}" ]; then
+  echo "Junior GitHub plugin internal error: requester coauthor identity was not injected by the host runtime. Do not set coauthor env vars manually; report this configuration error." >&2
+  exit 1
+fi
+trailer="Co-authored-by: $JUNIOR_GIT_COAUTHOR_NAME <$JUNIOR_GIT_COAUTHOR_EMAIL>"
+if grep -Fqx "$trailer" "$message_file"; then
+  exit 0
+fi
+printf '\\n%s\\n' "$trailer" >> "$message_file"
+`;
+}
+async function configureGit(ctx, key, value) {
+  const result = await ctx.sandbox.run({
+    cmd: "git",
+    args: ["config", "--global", key, value],
+  });
+  if (result.exitCode !== 0) {
+    throw new Error(
+      `Failed to configure git ${key}: ${result.stderr || result.stdout}`,
+    );
+  }
+}
+/** Register trusted GitHub runtime hooks for commit attribution and package loading. */
+export function githubPlugin(options = {}) {
+  const botNameEnv = options.botNameEnv ?? "GITHUB_APP_BOT_NAME";
+  const botEmailEnv = options.botEmailEnv ?? "GITHUB_APP_BOT_EMAIL";
+  return defineJuniorPlugin({
+    name: "github",
+    pluginConfig: {
+      packages: ["@sentry/junior-github"],
+    },
+    hooks: {
+      async sandboxPrepare(ctx) {
+        const hooksPath = `${ctx.sandbox.juniorRoot}/git-hooks`;
+        await ctx.sandbox.writeFile({
+          path: `${hooksPath}/prepare-commit-msg`,
+          mode: 0o755,
+          content: prepareCommitMsgHook(),
+        });
+        await Promise.all([
+          configureGit(ctx, "core.hooksPath", hooksPath),
+          configureGit(ctx, "commit.gpgsign", "false"),
+          configureGit(ctx, "credential.helper", ""),
+          configureGit(ctx, "http.emptyAuth", "true"),
+        ]);
+      },
+      beforeToolExecute(ctx) {
+        if (ctx.tool.name !== "bash") {
+          return;
+        }
+        const command =
+          typeof ctx.tool.input === "object" &&
+          ctx.tool.input &&
+          "command" in ctx.tool.input
+            ? String(ctx.tool.input.command ?? "")
+            : "";
+        const botName = readEnv(botNameEnv);
+        const botEmail = readEnv(botEmailEnv);
+        if ((!botName || !botEmail) && isGitCommitCommand(command)) {
+          ctx.decision.deny(
+            `Junior GitHub plugin is misconfigured: host env vars ${botNameEnv} and ${botEmailEnv} are missing. This is an internal deployment configuration error; do not set them in the sandbox.`,
+          );
+          return;
+        }
+        if (!botName || !botEmail) {
+          return;
+        }
+        const coauthorName = requesterName(ctx.requester);
+        if (!coauthorName && isGitCommitCommand(command)) {
+          ctx.decision.deny(
+            "Junior GitHub plugin could not determine requester identity for commit attribution. This is an internal request-context error; do not set coauthor env vars manually.",
+          );
+          return;
+        }
+        ctx.env.set("GIT_AUTHOR_NAME", botName);
+        ctx.env.set("GIT_AUTHOR_EMAIL", botEmail);
+        ctx.env.set("GIT_COMMITTER_NAME", botName);
+        ctx.env.set("GIT_COMMITTER_EMAIL", botEmail);
+        ctx.env.set("JUNIOR_GIT_AUTHOR_NAME", botName);
+        ctx.env.set("JUNIOR_GIT_AUTHOR_EMAIL", botEmail);
+        if (coauthorName) {
+          ctx.env.set("JUNIOR_GIT_COAUTHOR_NAME", coauthorName);
+          ctx.env.set(
+            "JUNIOR_GIT_COAUTHOR_EMAIL",
+            requesterEmail(ctx.requester),
+          );
+        }
+      },
+    },
+  });
+}

package/package.json CHANGED Viewed

@@ -1,14 +1,30 @@
 {
   "name": "@sentry/junior-github",
-  "version": "0.53.0",
+  "version": "0.55.0",
   "private": false,
   "publishConfig": {
     "access": "public"
   },
   "type": "module",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/getsentry/junior.git",
+    "directory": "packages/junior-github"
+  },
+  "exports": {
+    ".": {
+      "types": "./index.d.ts",
+      "default": "./index.js"
+    }
+  },
   "files": [
+    "index.d.ts",
+    "index.js",
     "plugin.yaml",
     "skills",
     "SETUP.md"
-  ]
+  ],
+  "dependencies": {
+    "@sentry/junior-plugin-api": "0.55.0"
+  }
 }

package/plugin.yaml CHANGED Viewed

@@ -1,16 +1,6 @@
 name: github
 description: GitHub issue, pull request, and repository workflows via GitHub App
-capabilities:
-  - actions.read
-  - actions.write
-  - issues.read
-  - issues.write
-  - contents.read
-  - contents.write
-  - pull-requests.read
-  - pull-requests.write
 config-keys:
   - org
   - repo

package/skills/github-code/SKILL.md CHANGED Viewed

@@ -10,10 +10,10 @@ Use `gh` and `git` for repository checkout, source investigation, code changes,
 ## References
-| Need | Load |
-| ---- | ---- |
-| Command syntax, permissions, config | [references/api-surface.md](references/api-surface.md) |
-| Failed commands, auth errors | [references/troubleshooting-workarounds.md](references/troubleshooting-workarounds.md) |
+| Need                                | Load                                                                                   |
+| ----------------------------------- | -------------------------------------------------------------------------------------- |
+| Command syntax, permissions, config | [references/api-surface.md](references/api-surface.md)                                 |
+| Failed commands, auth errors        | [references/troubleshooting-workarounds.md](references/troubleshooting-workarounds.md) |
 ## Core rules
@@ -102,17 +102,7 @@ Types: `feat`, `fix`, `ref`, `docs`, `test`, `build`, `ci`, `chore`. Imperative
 Body only when it helps reviewers understand _why_.
-Footer order: `Fixes`/`Refs` lines, then `Co-authored-by` trailers.
-#### On-behalf-of commits
-If the commit is authored by a bot and a human requested the work, add a trailer:
-```
-Co-authored-by: Full Name <email>
-```
-Resolve name and email from evidence — requester context, Slack profile (`slackUserLookup`), GitHub profile, or repo commit history. If email cannot be confirmed, use `Full Name <noreply>` and note the gap in the PR body.
+Footer order: `Fixes`/`Refs` lines.
 ### 6. Create or update PR