ci: exempt private org members from PR contribution check

[mmabrouk]

Summary

Follow-up to #4579. While testing that bot in dry-run against real PRs, it flagged a PR by ashrafchowdury (a core team member) as external and would have closed it.

Root cause: author_association only reports MEMBER for public org members. Arda, Ashraf, and other teammates have private org membership, which this workflow's GITHUB_TOKEN cannot see, so it received CONTRIBUTOR and treated them as external.

Fix: add an explicit allowlist of internal GitHub handles, checked alongside author_association. Public members stay auto-covered by the association; private-member teammates are covered by the allowlist. A comment explains why the list exists and when to add to it.

The workflow is currently disabled on main (I disabled it after finding this). Re-enable it once this merges.

Testing

Verified locally

• YAML parses.
• git diff origin/main shows only the allowlist delta.
• The four dry-run cases from ci: auto-close incomplete external PRs #4579 are unaffected (template + demo detection unchanged). I will re-run the dispatch matrix after this merges, including a member PR with force_external=false to confirm the exemption now skips it.

Added or updated tests

N/A. CI workflow.

QA follow-up

After merge: re-enable the workflow, then dispatch 13 - check PR contribution (dry_run=true) against a member's PR to confirm internal, skipping, and against an external non-compliant PR to confirm it still flags.

Demo

N/A. Touches only .github/**.

Checklist

• I have included a video or screen recording for UI changes, or marked Demo as N/A
• Relevant tests pass locally
• Relevant linting and formatting pass locally
• I have signed the CLA, or I will sign it when the bot prompts me

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
agenta-documentation	Ready	Preview, Comment	Jun 8, 2026 11:15am

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 2924a24e-78d2-4ebc-95d2-6596bb940e5e

📥 Commits

Reviewing files that changed from the base of the PR and between a81e5c9 and 5712d01.

📒 Files selected for processing (1)

• .github/workflows/13-check-pr-contribution.yml

---

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Enhanced internal contributor detection in the PR contribution-check workflow by combining an explicit allowlist of internal GitHub logins with GitHub's author association metadata.

Walkthrough

The PR enhances the contribution-check workflow's internal contributor detection. A new lowercase allowlist of internal GitHub logins is introduced and combined with author_association checks into a computed isInternal flag. The early-return logic for exempting internal and bot authors now uses this broadened detection method, addressing cases where GitHub's metadata may be incomplete.

Changes

Internal Contributor Detection

Layer / File(s)	Summary
Internal contributor allowlist and detection logic .github/workflows/13-check-pr-contribution.yml	An ALLOWLIST constant of lowercase internal GitHub logins is added (lines 54–66); a new isInternal computed value checks both INTERNAL author association and the allowlist (lines 116–122); the early-return logic for internal/bot authors uses the broadened detection (lines 123–125).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• Agenta-AI/agenta#4579: Also modifies the PR contribution-check workflow's author-exemption logic, with overlapping author-association and internal-contributor handling.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding an exemption for private org members from the PR contribution check by introducing an internal GitHub handles allowlist.
Description check	✅ Passed	The description is clearly related to the changeset, explaining the root cause, the fix, testing performed, and post-merge actions for the PR contribution workflow update.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci/pr-contribution-allowlist

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}