elias/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-06-16 08:26:52 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: enforce policy.review.required gate in applyPublish

Browse Source 
applyPublish was forcing review='approved' for any state that wasn't
'changes-requested', bypassing policy.review.required entirely. Add a
guard that throws before buildIssueStateFromAction when review approval
is required but not yet granted.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Victor Casado 2026-06-11 15:00:34 -04:00
parent 273b82c8ba
commit 573ebe0918
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
scripts/lib/github-coordination/actions.js
View File

@ -183,6 +183,10 @@ function applyPublish(repo, issueNumber, options = {}, context = {}) {
throw new Error(`Issue #${issueNumber} is not ready to publish: ${validation.validations.map(entry => `${entry.check}=${entry.ok}`).join(', ')}`); throw new Error(`Issue #${issueNumber} is not ready to publish: ${validation.validations.map(entry => `${entry.check}=${entry.ok}`).join(', ')}`);
} }
if (policy.review && policy.review.required && state.review !== 'approved') {
throw new Error(`Issue #${issueNumber} cannot be published: review approval required (current: ${state.review})`);
}
const nextState = buildIssueStateFromAction(issue, state, 'publish', { const nextState = buildIssueStateFromAction(issue, state, 'publish', {
status: 'published', status: 'published',
validation: 'passed', validation: 'passed',