Skip to content

feat: opt-in PR-comment mode#1

Merged
RunTimeAdmin merged 1 commit into
mainfrom
feat/pr-comment
Jul 10, 2026
Merged

feat: opt-in PR-comment mode#1
RunTimeAdmin merged 1 commit into
mainfrom
feat/pr-comment

Conversation

@RunTimeAdmin

Copy link
Copy Markdown
Owner

Adds a comment: true input that posts/updates a sticky findings comment on the PR. Stdlib-only (urllib), token from env, best-effort. This PR's own CI runs the new pr-comment job, so a comment from the action should appear below.

Adds `comment: true` — posts/updates a single sticky comment on the PR with
the findings table, alongside the job summary. Uses stdlib urllib (keeps the
zero-deps promise), reads the token from env (not argv), and is best-effort
(a comment failure logs a warning, never fails the build). Needs
`permissions: pull-requests: write`; fork PRs get a read-only token.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@cursor

cursor Bot commented Jul 10, 2026

Copy link
Copy Markdown

Bugbot is not enabled for your account, so this pull request was not reviewed.

Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs.

@github-actions

Copy link
Copy Markdown

🛡️ MCPShield MCP config scan

Server Risk Score Signals
shell-exec
examples/sample-mcp.json
🟠 HIGH 70.0 Shell/command execution capability; Access to sensitive path: /etc; Sensitive env vars: AWS_SECRET_ACCESS_KEY
filesystem-home
examples/sample-mcp.json
🟡 MEDIUM 35.0 Filesystem access; Access to sensitive path: /home
notes
examples/sample-mcp.json
🟢 LOW 0.0 none

@RunTimeAdmin
RunTimeAdmin merged commit cd2d99e into main Jul 10, 2026
6 checks passed
@RunTimeAdmin
RunTimeAdmin deleted the feat/pr-comment branch July 10, 2026 01:44
RunTimeAdmin pushed a commit that referenced this pull request Jul 10, 2026
The pr-comment job existed only to verify PR-comment mode end-to-end, which it
did on #1. Keeping it meant every PR to this repo got a "HIGH risk" comment
about the intentionally-risky sample config — noise on unrelated PRs. The test
job already dogfoods the action (self-test + ./ run + output assertions), so
this job was pure duplication carrying an unnecessary pull-requests: write
permission.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants